feat: add centralized environment configuration

- Add dns.nix: environment-specific DNS domain, name servers, forwarders
- Add time.nix: NTP servers (gateway), timezone, hardware clock
- Add proxy.nix: placeholder for future proxy settings (no proxy for now)
- Add smtp.nix: SMTP relay configuration for system emails
- Add default.nix: unified entry point for all network parameters

These files allow environment-specific settings to be managed in one place
and imported by host configurations.

nixos-infra/environments/dev/network/default.nix

@@ -0,0 +1,16 @@
+# Central network data source for the dev environment.
+#
+# Usage from a configuration.nix:
+#   network = import ../../network { };
+#   network.dns.domain  → "dev.lagraula.fr"
+#   network.time.timeZone → "Europe/Paris"
+#
+# Usage from a shell script (via `nix eval`):
+#   nix eval --json -f network/default.nix dns
+
+{
+  dns = import ./dns.nix;
+  time = import ./time.nix;
+  proxy = import ./proxy.nix;
+  smtp = import ./smtp.nix;
+}

nixos-infra/environments/dev/network/dns.nix

@@ -0,0 +1,23 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Environment-specific DNS domain
+  domain = "dev.lagraula.fr";
+
+  # Default DNS servers for this environment
+  # These are the IPs of the DNS servers (e.g., dns-dev01, dns-dev02)
+  # that will be deployed in this environment.
+  defaultNameServers = [ "10.40.128.10" "10.40.128.11" ];
+
+  # Forwarders for this environment (e.g., upstream DNS)
+  forwarders = [ "1.1.1.1" "8.8.8.8" ];
+
+  # Allow zone transfers only to secondary DNS servers in this environment
+  allowZoneTransfer = [ "10.40.128.11" ];
+
+  # Recursion policy for this environment
+  recursion = "AllowOnlyForPrivateNetworks";
+
+  # Email for Let's Encrypt (Caddy) — can be environment-specific
+  letsEncryptEmail = "xavier@lagraula.fr";
+}

nixos-infra/environments/dev/network/proxy.nix

@@ -0,0 +1,27 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Proxy configuration for this environment
+  # Currently no proxy is used — direct access for all hosts
+
+  # Workstations: no proxy
+  workstations = {
+    httpProxy = "";
+    httpsProxy = "";
+    noProxy = "";
+  };
+
+  # Servers: no proxy
+  servers = {
+    httpProxy = "";
+    httpsProxy = "";
+    noProxy = "";
+  };
+
+  # To enable a proxy later, uncomment and set the proxy URLs:
+  # workstations = {
+  #   httpProxy = "http://proxy.dev.lagraula.fr:3128";
+  #   httpsProxy = "http://proxy.dev.lagraula.fr:3128";
+  #   noProxy = "localhost,127.0.0.1,::1,10.0.0.0/8";
+  # };
+}

nixos-infra/environments/dev/network/smtp.nix

@@ -0,0 +1,22 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # SMTP relay configuration for this environment
+  # Used by services that need to send email (e.g., monitoring alerts)
+
+  # SMTP relay host — can be an internal relay or external service
+  relayHost = "smtp.lagraula.fr";
+  relayPort = 587;
+
+  # TLS settings
+  useTLS = true;
+  useSTARTTLS = true;
+
+  # Authentication — currently none (open relay for internal use)
+  # To add authentication later:
+  # username = "noreply@dev.lagraula.fr";
+  # passwordFile = config.age.secrets.smtp-password.path;
+
+  # Default "From" address for system emails
+  fromAddress = "noreply@dev.lagraula.fr";
+}

nixos-infra/environments/dev/network/time.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # NTP servers for this environment
+  # The gateway acts as the NTP server (IPv4 .1, IPv6 ::1)
+  ntpServers = [
+    "10.10.128.1"    # IPv4 gateway
+    "fd00::1"        # IPv6 gateway
+  ];
+
+  # Time zone for this environment
+  timeZone = "Europe/Paris";
+
+  # Hardware clock setting
+  hardwareClock = "UTC";
+}

nixos-infra/environments/stage/network/default.nix

@@ -0,0 +1,16 @@
+# Central network data source for the stage environment.
+#
+# Usage from a configuration.nix:
+#   network = import ../../network { };
+#   network.dns.domain  → "stage.lagraula.fr"
+#   network.time.timeZone → "Europe/Paris"
+#
+# Usage from a shell script (via `nix eval`):
+#   nix eval --json -f network/default.nix dns
+
+{
+  dns = import ./dns.nix;
+  time = import ./time.nix;
+  proxy = import ./proxy.nix;
+  smtp = import ./smtp.nix;
+}

nixos-infra/environments/stage/network/dns.nix

@@ -0,0 +1,23 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Environment-specific DNS domain
+  domain = "stage.lagraula.fr";
+
+  # Default DNS servers for this environment
+  # These are the IPs of the DNS servers (e.g., dns-stage01, dns-stage02)
+  # that will be deployed in this environment.
+  defaultNameServers = [ "10.40.128.10" "10.40.128.11" ];
+
+  # Forwarders for this environment (e.g., upstream DNS)
+  forwarders = [ "1.1.1.1" "8.8.8.8" ];
+
+  # Allow zone transfers only to secondary DNS servers in this environment
+  allowZoneTransfer = [ "10.40.128.11" ];
+
+  # Recursion policy for this environment
+  recursion = "AllowOnlyForPrivateNetworks";
+
+  # Email for Let's Encrypt (Caddy) — can be environment-specific
+  letsEncryptEmail = "xavier@lagraula.fr";
+}

nixos-infra/environments/stage/network/proxy.nix

@@ -0,0 +1,27 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Proxy configuration for this environment
+  # Currently no proxy is used — direct access for all hosts
+
+  # Workstations: no proxy
+  workstations = {
+    httpProxy = "";
+    httpsProxy = "";
+    noProxy = "";
+  };
+
+  # Servers: no proxy
+  servers = {
+    httpProxy = "";
+    httpsProxy = "";
+    noProxy = "";
+  };
+
+  # To enable a proxy later, uncomment and set the proxy URLs:
+  # workstations = {
+  #   httpProxy = "http://proxy.stage.lagraula.fr:3128";
+  #   httpsProxy = "http://proxy.stage.lagraula.fr:3128";
+  #   noProxy = "localhost,127.0.0.1,::1,10.0.0.0/8";
+  # };
+}

nixos-infra/environments/stage/network/smtp.nix

@@ -0,0 +1,22 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # SMTP relay configuration for this environment
+  # Used by services that need to send email (e.g., monitoring alerts)
+
+  # SMTP relay host — can be an internal relay or external service
+  relayHost = "smtp.lagraula.fr";
+  relayPort = 587;
+
+  # TLS settings
+  useTLS = true;
+  useSTARTTLS = true;
+
+  # Authentication — currently none (open relay for internal use)
+  # To add authentication later:
+  # username = "noreply@stage.lagraula.fr";
+  # passwordFile = config.age.secrets.smtp-password.path;
+
+  # Default "From" address for system emails
+  fromAddress = "noreply@stage.lagraula.fr";
+}

nixos-infra/environments/stage/network/time.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # NTP servers for this environment
+  # The gateway acts as the NTP server (IPv4 .1, IPv6 ::1)
+  ntpServers = [
+    "10.10.128.1"    # IPv4 gateway
+    "fd00::1"        # IPv6 gateway
+  ];
+
+  # Time zone for this environment
+  timeZone = "Europe/Paris";
+
+  # Hardware clock setting
+  hardwareClock = "UTC";
+}