Add more hosts to registry

Hostname resolution must work without uplink.
2020-01-20 13:49:27 +01:00 · 2020-01-20 13:49:27 +01:00 · bf82f00f27
parent b60c3cc13b
commit bf82f00f27
2 changed files with 73 additions and 19 deletions
--- a/host-registry.nix
+++ b/host-registry.nix
@ -9,12 +9,49 @@ rec {
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig";
    pulsebert.publicKey =
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
-    server7.publicKey =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
    storage-ng.publicKey =
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
+
+    server1 = {
+      ip4 = "172.20.72.1";
+      publicKey = ''
+        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD7M0j9goPMstNFj8dkNjMIgKFvbIGqpgeNKDjwTQdl5QJE+mE0k5/t8RlhN0MprZBr8px8PZw1dZlXAMLK4FQs=
+      '';
+    };
+
+    server3 = {
+      ip4 = "172.22.99.13";
+      ip6 = "2a02:8106:208:5201::13";
+      publicKey = ''
+        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHBQq8QxGUdvQTF6QPiRYHtD73ls4zoUcOtAPLVN/7dDZk7KZLQ+c373VB5jd9FfYKB2/w8lDCHXVi1sY26e+QE=
+      '';
+    };
+    server4 = {
+      ip4 = "172.22.99.15";
+      ip6 = "2a02:8106:208:5201::15";
+      publicKey = ''
+        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48=
+      '';
+    };
+    server5 = {
+      ip4 = "172.22.99.16";
+      ip6 = "2a02:8106:208:5201::16";
+      publicKey = ''
+        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE=
+      '';
+    };
+    server6 = {
+      ip4 = "172.22.99.17";
+      ip6 = "2a02:8106:208:5201::17";
+      publicKey = ''
+        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
+      '';
+    };
+    server7.publicKey =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
+
  };

-  hqPublic = builtins.attrNames hosts;
-  hqPrivate = builtins.attrNames hosts;
+  hqGlobal = builtins.attrNames hosts;
+  hqLocal = builtins.attrNames hosts;
 }
--- a/lib/default.nix
+++ b/lib/default.nix
@ -98,7 +98,7 @@ in {
      assertion = let
        check = hostName: hostName == config.networking.hostName;
        checkRegistry = list: builtins.any check list;
-      in cfg.isInHq -> checkRegistry hostRegistry.hqPrivate;
+      in cfg.isInHq -> checkRegistry hostRegistry.hqLocal;
      message = "${config.networking.hostName} is not registered in ${
          toString ../host-registry.nix
        }";
@ -111,6 +111,8 @@ in {
    users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);

    networking.hosts = let
+      getHost = hostName: builtins.getAttr hostName hostRegistry.hosts;
+
      mapHostsNamesToAttrs = f: list: builtins.listToAttrs (map f list);

      /* hqPublicHosts = mapHostsNamesToAttrs (hostName: {
@ -119,12 +121,25 @@ in {
         }) hostRegistry.hqPublic;
      */

-      hqPrivateHosts = mapHostsNamesToAttrs (hostName: {
-        name = toHqPrivateAddress hostName;
-        value = [ "${hostName}.hq" hostName ];
-      }) hostRegistry.hqPrivate;
+      hqLocalHosts = with builtins;
+        let
+          f = hostName:
+            let
+              host = getHost hostName;
+              ip6 = if hasAttr "ip6" host then
+                host.ip6
+              else
+                toHqPrivateAddress hostName;
+            in [{
+              name = ip6;
+              value = [ "${hostName}.hq" hostName ];
+            }] ++ lib.optional (hasAttr "ip4" host) {
+              name = host.ip4;
+              value = [ "${hostName}.hq" hostName ];
+            };
+        in listToAttrs (concatLists (map f (attrNames hostRegistry.hosts)));

-    in if cfg.mapHqHosts then hqPrivateHosts else { };
+    in if cfg.mapHqHosts then hqLocalHosts else { };

    networking.interfaces =
      /* (if cfg.hq.externalInterface == null then
@ -151,26 +166,28 @@ in {

    programs.ssh.knownHosts = with builtins;
      let
-        hostNames = hostRegistry.hqPrivate;
+        hostNames = hostRegistry.hqLocal;
        intersectKeys = intersectAttrs {
          publicKey = null;
          publicKeyFile = null;
        };
        list = map (name:
-          let sshAttrs = intersectKeys (getAttr name hostRegistry.hosts);
+          let
+            host = getAttr name hostRegistry.hosts;
+            sshAttrs = intersectKeys host;
          in if sshAttrs == { } then
            null
          else {
            inherit name;
-            value = {
+            value = let
+              ip6 = if hasAttr "ip6" host then
+                host.ip6
+              else
+                toHqPrivateAddress name;
+            in {
              publicKey = null;
              publicKeyFile = null;
-              hostNames = [
-                (toHqPrivateAddress name)
-                "${name}.hq.c3d2.de"
-                "${name}.hq"
-                name
-              ];
+              hostNames = [ ip6 "${name}.hq.c3d2.de" "${name}.hq" name ];
            } // sshAttrs;
          }) hostNames;
        keyedHosts = filter (x: x != null) list;