Fix eval, remove useless attr hosts in hostRegistry, hosts are now directly at hostRegistry

flake.lock

@@ -333,11 +333,11 @@
     },
     "nixos-modules": {
       "locked": {
-        "lastModified": 1671497882,
-        "narHash": "sha256-XVaCow2b+liXKO2mapUCHuyUAufViv3W1MCSndwg6H0=",
+        "lastModified": 1671513238,
+        "narHash": "sha256-NdSyyr1boQwt9RTOA+AxSUnxFZR0HiQ/0Wtg0zj79FY=",
         "owner": "SuperSandro2000",
         "repo": "nixos-modules",
-        "rev": "59917ca90d6375cc9916f1e5ed55af3d259b4d92",
+        "rev": "09848211f1b016b4e56a882f7c74573744b2e478",
         "type": "github"
       },
       "original": {
@@ -708,11 +708,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1671504518,
-        "narHash": "sha256-me6+d61Z0ze22kS7A/xLGuUzDA1VqM9/Dm/jBjl7z+w=",
+        "lastModified": 1671510376,
+        "narHash": "sha256-9sl5+ssJ/lWXzfk7LevGCRIDKmrhR5kRQ9cE3ohYY7k=",
         "ref": "refs/heads/master",
-        "rev": "465e824add3c204c24b01742b5487a424430c105",
-        "revCount": 1699,
+        "rev": "f02f15a568318bf9ed66176ef0efe564c0369f55",
+        "revCount": 1700,
         "type": "git",
         "url": "https://gitea.c3d2.de/zentralwerk/network.git"
       },

flake.nix

@@ -210,7 +210,7 @@
             ) result (builtins.attrNames hosts6."${ctx}")
           ) {} (builtins.attrNames hosts6)
         );
-      hostRegistry.hosts =
+      hostRegistry =
         builtins.foldl' (result: net:
           lib.recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net."${net}")
         ) {} [ "core" "cluster" "c3d2" "serv" "flpk" "pub" ];
@@ -219,23 +219,22 @@
       nixosSystem' =
         { nixpkgs ? inputs.nixos
         , modules
-        , extraArgs ? { }
-        , specialArgs ? { }
         , system ? "x86_64-linux"
       }@args:
 
-      { inherit args; } // nixpkgs.lib.nixosSystem {
-        inherit specialArgs system;
+      { inherit args; } // lib.nixosSystem {
+        inherit system;
 
         modules = [
-          ({ ... }: {
-            _module.args = extraArgs // {
+          ({ config, ... }: {
+            _module.args = {
               inherit hostRegistry inputs zentralwerk;
-
-              lib = lib.recursiveUpdate nixpkgs.lib nixos-modules.lib;
+              libz = nixos-modules.lib { inherit lib config; };
             };
 
-            nixpkgs.overlays = [ self.overlays ];
+            nixpkgs.overlays = [
+              self.overlays
+            ];
           })
 
           self.nixosModules.c3d2

hosts/auth/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, libz, ... }:
 
 {
   c3d2.deployment.server = "server10";
@@ -38,6 +38,7 @@
       };
       domain = "auth.c3d2.de";
       ldap = {
+        searchUserName = "search";
         suffix = "dc=c3d2,dc=de";
         tls = true;
       };
@@ -47,6 +48,6 @@
 
   sops = {
     defaultSopsFile = ./secrets.yaml;
-    secrets."portunus/seed" = lib.sops.permissionForUser "portunus";
+    secrets."portunus/seed" = libz.sops.permissionForUser "portunus";
   };
 }

hosts/c3d2-web/default.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, hostRegistry, pkgs, ... }:
 let
   webroot = "/var/www";
   geminiRoot = "/var/gemini";
@@ -54,8 +54,8 @@ in
           "/.well-known/webfinger".return = "301 https://c3d2.social$request_uri";
 
           # SpaceAPI
-          "/status.png".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/status.png";
-          "/spaceapi.json".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/spaceapi.json";
+          "/status.png".proxyPass = "http://[${hostRegistry.spaceapi.ip6}]:3000/status.png";
+          "/spaceapi.json".proxyPass = "http://[${hostRegistry.spaceapi.ip6}]:3000/spaceapi.json";
 
           # WKD: Web Key Directory for PGP Keys
           "/openpgp" = {

hosts/dacbert/default.nix

@@ -97,7 +97,7 @@ in
   #   fkms-3d.enable = true;
   # };
   fileSystems."/" = {
-    device = "${hostRegistry.hosts.nfsroot.ip4}:/var/lib/nfsroot/dacbert";
+    device = "${hostRegistry.nfsroot.ip4}:/var/lib/nfsroot/dacbert";
     fsType = "nfs";
     options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "rw" ];
   };

hosts/jabber/default.nix

@@ -1,4 +1,4 @@
-{ zentralwerk, config, pkgs, lib, ... }:
+{ zentralwerk, config, hostRegistry, pkgs, lib, ... }:
 
 let
   domain = "jabber.c3d2.de";
@@ -159,7 +159,7 @@ in
 
       firewall_scripts = { "${prosodyFirewall}" }
 
-      trusted_proxies = { "127.0.0.1", "::1", "${config.c3d2.hosts.public-access-proxy.ip4}", "${config.c3d2.hosts.public-access-proxy.ip4}", }
+      trusted_proxies = { "127.0.0.1", "::1", "${hostRegistry.public-access-proxy.ip4}", "${hostRegistry.public-access-proxy.ip4}", }
       http_default_host = "${domain}"
       http_host = "${domain}"
       http_external_url = "https://${domain}/"

hosts/public-access-proxy/default.nix

@@ -1,4 +1,4 @@
-{ zentralwerk, config, pkgs, lib, ... }:
+{ zentralwerk, config, hostRegistry, pkgs, lib, ... }:
 
 {
   imports = [
@@ -18,11 +18,11 @@
       matchArg = "-m end";
     } {
       hostNames = [ "auth.c3d2.de" ];
-      proxyTo.host = config.c3d2.hosts.auth.ip4;
+      proxyTo.host = hostRegistry.auth.ip4;
     } {
       hostNames = [ "jabber.c3d2.de" ];
       proxyTo = {
-        host = config.c3d2.hosts.jabber.ip4;
+        host = hostRegistry.jabber.ip4;
       };
       matchArg = "-m end";
     } {
@@ -32,13 +32,13 @@
     } {
       hostNames = [ "direkthilfe.c3d2.de" ];
       proxyTo = {
-        host = config.c3d2.hosts.direkthilfe.ip4;
+        host = hostRegistry.direkthilfe.ip4;
       };
       matchArg = "-m end";
     } {
       hostNames = [ "staging.dvb.solutions" ];
       proxyTo = {
-        host = config.c3d2.hosts.staging-data-hoarder.ip4;
+        host = hostRegistry.staging-data-hoarder.ip4;
       };
       matchArg = "-m end";
     } {
@@ -49,10 +49,10 @@
       matchArg = "-m end";
     } {
       hostNames = [ "bind.serv.zentralwerk.org" ];
-      proxyTo.host = config.c3d2.hosts.bind.ip4;
+      proxyTo.host = hostRegistry.bind.ip4;
     } {
       hostNames = [ "blogs.c3d2.de" ];
-      proxyTo.host = config.c3d2.hosts.blogs.ip4;
+      proxyTo.host = hostRegistry.blogs.ip4;
     } {
       hostNames = [
         "datenspuren.de" "www.datenspuren.de" "ds.c3d2.de" "datenspuren.c3d2.de"
@@ -69,73 +69,73 @@
         "hackmd.c3d2.de"
         "hedgedoc.c3d2.de"
       ];
-      proxyTo.host = config.c3d2.hosts.hedgedoc.ip4;
+      proxyTo.host = hostRegistry.hedgedoc.ip4;
     } {
       hostNames = [ "ftp.c3d2.de" ];
-      proxyTo.host = config.c3d2.hosts.ftp.ip4;
+      proxyTo.host = hostRegistry.ftp.ip4;
     } {
       hostNames = [ "gitea.c3d2.de" ];
-      proxyTo.host = config.c3d2.hosts.gitea.ip4;
+      proxyTo.host = hostRegistry.gitea.ip4;
     } {
       hostNames = [ "grafana.hq.c3d2.de" ];
-      proxyTo.host = config.c3d2.hosts.grafana.ip4;
+      proxyTo.host = hostRegistry.grafana.ip4;
     } {
       hostNames = [
         "hydra.hq.c3d2.de"
         "hydra-ca.hq.c3d2.de"
         "nix-serve.hq.c3d2.de"
       ];
-      proxyTo.host = config.c3d2.hosts.hydra.ip4;
+      proxyTo.host = hostRegistry.hydra.ip4;
     } {
       hostNames = [
         "zentralwerk.org"
         "www.zentralwerk.org"
       ];
-      proxyTo.host = config.c3d2.hosts.network-homepage.ip4;
+      proxyTo.host = hostRegistry.network-homepage.ip4;
     } {
       hostNames = [
         "kibana.hq.c3d2.de"
         "kibana-es.hq.c3d2.de"
       ];
-      proxyTo.host = config.c3d2.hosts.kibana.ip4;
+      proxyTo.host = hostRegistry.kibana.ip4;
     } {
       hostNames = [ "matemat.hq.c3d2.de" ];
-      proxyTo.host = config.c3d2.hosts.matemat.ip4;
+      proxyTo.host = hostRegistry.matemat.ip4;
     } {
       hostNames = [ "mobilizon.c3d2.de" ];
-      proxyTo.host = config.c3d2.hosts.mobilizon.ip4;
+      proxyTo.host = hostRegistry.mobilizon.ip4;
     } {
       hostNames = [ "drkkr.hq.c3d2.de" ];
-      proxyTo.host = config.c3d2.hosts.pulsebert.ip4;
+      proxyTo.host = hostRegistry.pulsebert.ip4;
     } {
       hostNames = [ "scrape.hq.c3d2.de" ];
-      proxyTo.host = config.c3d2.hosts.scrape.ip4;
+      proxyTo.host = hostRegistry.scrape.ip4;
     } {
       hostNames = [
         "adsb.hq.c3d2.de"
         "sdr.hq.c3d2.de"
       ];
-      proxyTo.host = config.c3d2.hosts.sdrweb.ip4;
+      proxyTo.host = hostRegistry.sdrweb.ip4;
     } {
       hostNames = [
         "stream.hq.c3d2.de" "torrents.hq.c3d2.de"
       ];
-      proxyTo.host = config.c3d2.hosts.stream.ip4;
+      proxyTo.host = hostRegistry.stream.ip4;
     } {
       hostNames = [ "ticker.c3d2.de" ];
-      proxyTo.host = config.c3d2.hosts.ticker.ip4;
+      proxyTo.host = hostRegistry.ticker.ip4;
     } {
       hostNames = [ "wiki.c3d2.de" ];
-      proxyTo.host = config.c3d2.hosts.mediawiki.ip4;
+      proxyTo.host = hostRegistry.mediawiki.ip4;
     } {
       hostNames = [ "zengel.datenspuren.de" ];
-      proxyTo.host = config.c3d2.hosts.zengel.ip4;
+      proxyTo.host = hostRegistry.zengel.ip4;
     } {
       hostNames = [ "owncast.c3d2.de" ];
-      proxyTo.host = config.c3d2.hosts.owncast.ip4;
+      proxyTo.host = hostRegistry.owncast.ip4;
     } {
       hostNames = [ "c3d2.social" ];
-      proxyTo.host = config.c3d2.hosts.mastodon.ip4;
+      proxyTo.host = hostRegistry.mastodon.ip4;
     } {
       hostNames = [ "relay.fedi.buzz" ];
       proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.buzzrelay;

hosts/radiobert/default.nix

@@ -1,4 +1,4 @@
-{ zentralwerk, config, lib, pkgs, ... }:
+{ zentralwerk, config, hostRegistry, lib, pkgs, ... }:
 
 {
   imports = [
@@ -99,7 +99,7 @@
     hostName = "radiobert"; # Define your hostname.
     useDHCP = false;
     interfaces.eth0.ipv4.addresses = [{
-      address = config.c3d2.hosts."${config.networking.hostName}".ip4;
+      address = hostRegistry."${config.networking.hostName}".ip4;
       prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
     }];
     defaultGateway = "172.20.73.1";

hosts/riscbert/default.nix

@@ -39,7 +39,7 @@
     options = [ "bind" ];
   };
   fileSystems."/" = {
-    device = "${hostRegistry.hosts.nfsroot.ip4}:/var/lib/nfsroot/riscbert";
+    device = "${hostRegistry.nfsroot.ip4}:/var/lib/nfsroot/riscbert";
     fsType = "nfs";
     options = [ "nfsvers=4" "proto=tcp" "nolock" "hard" "async" "rw" ];
   };

hosts/rpi-netboot/default.nix

@@ -40,7 +40,7 @@
     };
      # mount the server's /nix/store
     "/nix/store" = {
-      device = "${hostRegistry.hosts.nfsroot.ip4}:/nix/store";
+      device = "${hostRegistry.nfsroot.ip4}:/nix/store";
       fsType = "nfs";
       options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "ro" ];
       neededForBoot = true;

hosts/sdrweb/default.nix

@@ -1,8 +1,6 @@
-{ config, pkgs, ... }:
+{ config, hostRegistry, pkgs, ... }:
 {
   deployment = {
-    # needs to keep just its ssh key for sops-nix
-    persistedShares = [ "/home" "/etc" "/var" ];
     mem = 4096;
     vcpu = 16;
     needForSpeed = true;
@@ -40,7 +38,7 @@
           charset utf-8;
         '';
       locations."/data.json" = {
-        proxyPass = "http://${config.c3d2.hosts.radiobert.ip4}:8080/data.json";
+        proxyPass = "http://${hostRegistry.radiobert.ip4}:8080/data.json";
       };
     };
   };

hosts/stream/default.nix

@@ -1,4 +1,4 @@
-{ zentralwerk, config, lib, pkgs, ... }:
+{ zentralwerk, config, hostRegistry, lib, pkgs, ... }:
 let
   authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
 in
@@ -23,7 +23,7 @@ in
       # try harder disabling global ipv6
       networkConfig.LinkLocalAddressing = "no";
       addresses = [ {
-        addressConfig.Address = "${config.c3d2.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";
+        addressConfig.Address = "${hostRegistry.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";
       } ];
       gateway = lib.mkForce [];
       routes = [ {

modules/c3d2.nix

@@ -238,7 +238,7 @@ in
           }];
         };
 
-        nameservers = with hostRegistry.hosts.dnscache; [
+        nameservers = with hostRegistry.dnscache; [
           ip4
           ip6
           "9.9.9.9"

modules/cluster/default.nix

@@ -34,7 +34,7 @@ in {
     nodes = builtins.listToAttrs (
       map (name: {
         inherit name;
-        value.address = hostRegistry.hosts.${name}.ip4;
+        value.address = hostRegistry.${name}.ip4;
       }) servers
     );
     nomad = {

packages.nix

@@ -3,7 +3,7 @@
 let
   getHostAddr = name:
     let
-      hostConf = hostRegistry.hosts."${name}";
+      hostConf = hostRegistry."${name}";
     in
       hostConf.ip4 or (hostConf.ip6 or (throw "Host ${name} has no ip4 or ip6 address"));