c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Add more hosts to registry 

Hostname resolution must work without uplink.
This commit is contained in:
Ehmry - 2020-01-20 13:49:27 +01:00
parent b60c3cc13b
commit bf82f00f27
2 changed files with 73 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
host-registry.nix
View File

@ -9,12 +9,49 @@ rec {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig";
pulsebert.publicKey = pulsebert.publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
server7.publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
storage-ng.publicKey = storage-ng.publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
server1 = {
ip4 = "172.20.72.1";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD7M0j9goPMstNFj8dkNjMIgKFvbIGqpgeNKDjwTQdl5QJE+mE0k5/t8RlhN0MprZBr8px8PZw1dZlXAMLK4FQs=
'';
};
server3 = {
ip4 = "172.22.99.13";
ip6 = "2a02:8106:208:5201::13";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHBQq8QxGUdvQTF6QPiRYHtD73ls4zoUcOtAPLVN/7dDZk7KZLQ+c373VB5jd9FfYKB2/w8lDCHXVi1sY26e+QE=
'';
};
server4 = {
ip4 = "172.22.99.15";
ip6 = "2a02:8106:208:5201::15";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48=
'';
};
server5 = {
ip4 = "172.22.99.16";
ip6 = "2a02:8106:208:5201::16";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE=
'';
};
server6 = {
ip4 = "172.22.99.17";
ip6 = "2a02:8106:208:5201::17";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
'';
};
server7.publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
}; };
hqPublic = builtins.attrNames hosts; hqGlobal = builtins.attrNames hosts;
hqPrivate = builtins.attrNames hosts; hqLocal = builtins.attrNames hosts;
} }

47
lib/default.nix
View File

@ -98,7 +98,7 @@ in {
assertion = let assertion = let
check = hostName: hostName == config.networking.hostName; check = hostName: hostName == config.networking.hostName;
checkRegistry = list: builtins.any check list; checkRegistry = list: builtins.any check list;
in cfg.isInHq -> checkRegistry hostRegistry.hqPrivate; in cfg.isInHq -> checkRegistry hostRegistry.hqLocal;
message = "${config.networking.hostName} is not registered in ${ message = "${config.networking.hostName} is not registered in ${
toString ../host-registry.nix toString ../host-registry.nix
}"; }";
@ -111,6 +111,8 @@ in {
users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd); users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);
networking.hosts = let networking.hosts = let
getHost = hostName: builtins.getAttr hostName hostRegistry.hosts;
mapHostsNamesToAttrs = f: list: builtins.listToAttrs (map f list); mapHostsNamesToAttrs = f: list: builtins.listToAttrs (map f list);
/* hqPublicHosts = mapHostsNamesToAttrs (hostName: { /* hqPublicHosts = mapHostsNamesToAttrs (hostName: {
@ -119,12 +121,25 @@ in {
}) hostRegistry.hqPublic; }) hostRegistry.hqPublic;
*/ */
hqPrivateHosts = mapHostsNamesToAttrs (hostName: { hqLocalHosts = with builtins;
name = toHqPrivateAddress hostName; let
value = [ "${hostName}.hq" hostName ]; f = hostName:
}) hostRegistry.hqPrivate; let
host = getHost hostName;
ip6 = if hasAttr "ip6" host then
host.ip6
else
toHqPrivateAddress hostName;
in [{
name = ip6;
value = [ "${hostName}.hq" hostName ];
}] ++ lib.optional (hasAttr "ip4" host) {
name = host.ip4;
value = [ "${hostName}.hq" hostName ];
};
in listToAttrs (concatLists (map f (attrNames hostRegistry.hosts)));
in if cfg.mapHqHosts then hqPrivateHosts else { }; in if cfg.mapHqHosts then hqLocalHosts else { };
networking.interfaces = networking.interfaces =
/* (if cfg.hq.externalInterface == null then /* (if cfg.hq.externalInterface == null then
@ -151,26 +166,28 @@ in {
programs.ssh.knownHosts = with builtins; programs.ssh.knownHosts = with builtins;
let let
hostNames = hostRegistry.hqPrivate; hostNames = hostRegistry.hqLocal;
intersectKeys = intersectAttrs { intersectKeys = intersectAttrs {
publicKey = null; publicKey = null;
publicKeyFile = null; publicKeyFile = null;
}; };
list = map (name: list = map (name:
let sshAttrs = intersectKeys (getAttr name hostRegistry.hosts); let
host = getAttr name hostRegistry.hosts;
sshAttrs = intersectKeys host;
in if sshAttrs == { } then in if sshAttrs == { } then
null null
else { else {
inherit name; inherit name;
value = { value = let
ip6 = if hasAttr "ip6" host then
host.ip6
else
toHqPrivateAddress name;
in {
publicKey = null; publicKey = null;
publicKeyFile = null; publicKeyFile = null;
hostNames = [ hostNames = [ ip6 "${name}.hq.c3d2.de" "${name}.hq" name ];
(toHqPrivateAddress name)
"${name}.hq.c3d2.de"
"${name}.hq"
name
];
} // sshAttrs; } // sshAttrs;
}) hostNames; }) hostNames;
keyedHosts = filter (x: x != null) list; keyedHosts = filter (x: x != null) list;