# ns1 Recreation Plan

## Overview

Recreate ns1 using the OpenTofu workflow after the existing VM entered emergency mode due to incorrect hardware-configuration.nix (hardcoded UUIDs that don't match actual disk layout).

## Current ns1 Configuration to Preserve

- **IP:** 10.69.13.5/24
- **Gateway:** 10.69.13.1
- **Role:** Primary DNS (authoritative + resolver)
- **Services:**
  - `../../services/ns/master-authorative.nix`
  - `../../services/ns/resolver.nix`
- **Metadata:**
  - `homelab.host.role = "dns"`
  - `homelab.host.labels.dns_role = "primary"`
- **Vault:** enabled
- **Deploy:** enabled

## Execution Steps

### Phase 1: Remove Old Configuration

```bash
nix develop -c create-host --remove --hostname ns1 --force
```

This removes:
- `hosts/ns1/` directory
- Entry from `flake.nix`
- Any terraform entries (none exist currently)

### Phase 2: Create New Configuration

```bash
nix develop -c create-host --hostname ns1 --ip 10.69.13.5/24
```

This creates:
- `hosts/ns1/` with template2-based configuration
- Entry in `flake.nix`
- Entry in `terraform/vms.tf`
- Vault wrapped token for bootstrap

### Phase 3: Customize Configuration

After create-host, manually update `hosts/ns1/configuration.nix` to add:

1. DNS service imports:
   ```nix
   ../../services/ns/master-authorative.nix
   ../../services/ns/resolver.nix
   ```

2. Host metadata:
   ```nix
   homelab.host = {
     tier = "prod";
     role = "dns";
     labels.dns_role = "primary";
   };
   ```

3. Disable resolved (conflicts with Unbound):
   ```nix
   services.resolved.enable = false;
   ```

### Phase 4: Commit Changes

```bash
git add -A
git commit -m "ns1: recreate with OpenTofu workflow

Old VM had incorrect hardware-configuration.nix with hardcoded UUIDs
that didn't match actual disk layout, causing boot failure.

Recreated using template2-based configuration for OpenTofu provisioning."
```

### Phase 5: Infrastructure

1. Delete old ns1 VM in Proxmox (it's broken anyway)
2. Run `nix develop -c tofu -chdir=terraform apply`
3. Wait for bootstrap to complete
4. Verify ns1 is functional:
   - DNS resolution working
   - Zone transfer to ns2 working
   - All exporters responding

### Phase 6: Finalize

- Push to master
- Move this plan to `docs/plans/completed/`

## Rollback

If the new VM fails:
1. ns2 is still operational as secondary DNS
2. Can recreate with different settings if needed

## Notes

- ns2 will continue serving DNS during the migration
- Zone data is generated from flake, so no data loss
- The old VM's disk can be kept briefly in Proxmox as backup if desired