diff --git a/flake.lock b/flake.lock index e268ff0f..79297aa4 100644 --- a/flake.lock +++ b/flake.lock @@ -333,11 +333,11 @@ }, "nixos-modules": { "locked": { - "lastModified": 1671497882, - "narHash": "sha256-XVaCow2b+liXKO2mapUCHuyUAufViv3W1MCSndwg6H0=", + "lastModified": 1671513238, + "narHash": "sha256-NdSyyr1boQwt9RTOA+AxSUnxFZR0HiQ/0Wtg0zj79FY=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "59917ca90d6375cc9916f1e5ed55af3d259b4d92", + "rev": "09848211f1b016b4e56a882f7c74573744b2e478", "type": "github" }, "original": { @@ -708,11 +708,11 @@ ] }, "locked": { - "lastModified": 1671504518, - "narHash": "sha256-me6+d61Z0ze22kS7A/xLGuUzDA1VqM9/Dm/jBjl7z+w=", + "lastModified": 1671510376, + "narHash": "sha256-9sl5+ssJ/lWXzfk7LevGCRIDKmrhR5kRQ9cE3ohYY7k=", "ref": "refs/heads/master", - "rev": "465e824add3c204c24b01742b5487a424430c105", - "revCount": 1699, + "rev": "f02f15a568318bf9ed66176ef0efe564c0369f55", + "revCount": 1700, "type": "git", "url": "https://gitea.c3d2.de/zentralwerk/network.git" }, diff --git a/flake.nix b/flake.nix index ac75829e..4c6ef92d 100644 --- a/flake.nix +++ b/flake.nix @@ -210,7 +210,7 @@ ) result (builtins.attrNames hosts6."${ctx}") ) {} (builtins.attrNames hosts6) ); - hostRegistry.hosts = + hostRegistry = builtins.foldl' (result: net: lib.recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net."${net}") ) {} [ "core" "cluster" "c3d2" "serv" "flpk" "pub" ]; @@ -219,23 +219,22 @@ nixosSystem' = { nixpkgs ? inputs.nixos , modules - , extraArgs ? { } - , specialArgs ? { } , system ? "x86_64-linux" }@args: - { inherit args; } // nixpkgs.lib.nixosSystem { - inherit specialArgs system; + { inherit args; } // lib.nixosSystem { + inherit system; modules = [ - ({ ... }: { - _module.args = extraArgs // { + ({ config, ... }: { + _module.args = { inherit hostRegistry inputs zentralwerk; - - lib = lib.recursiveUpdate nixpkgs.lib nixos-modules.lib; + libz = nixos-modules.lib { inherit lib config; }; }; - nixpkgs.overlays = [ self.overlays ]; + nixpkgs.overlays = [ + self.overlays + ]; }) self.nixosModules.c3d2 diff --git a/hosts/auth/default.nix b/hosts/auth/default.nix index 56926911..02f43ffc 100644 --- a/hosts/auth/default.nix +++ b/hosts/auth/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, libz, ... }: { c3d2.deployment.server = "server10"; @@ -38,6 +38,7 @@ }; domain = "auth.c3d2.de"; ldap = { + searchUserName = "search"; suffix = "dc=c3d2,dc=de"; tls = true; }; @@ -47,6 +48,6 @@ sops = { defaultSopsFile = ./secrets.yaml; - secrets."portunus/seed" = lib.sops.permissionForUser "portunus"; + secrets."portunus/seed" = libz.sops.permissionForUser "portunus"; }; } diff --git a/hosts/c3d2-web/default.nix b/hosts/c3d2-web/default.nix index 4739845c..583cfc0d 100644 --- a/hosts/c3d2-web/default.nix +++ b/hosts/c3d2-web/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, hostRegistry, pkgs, ... }: let webroot = "/var/www"; geminiRoot = "/var/gemini"; @@ -54,8 +54,8 @@ in "/.well-known/webfinger".return = "301 https://c3d2.social$request_uri"; # SpaceAPI - "/status.png".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/status.png"; - "/spaceapi.json".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/spaceapi.json"; + "/status.png".proxyPass = "http://[${hostRegistry.spaceapi.ip6}]:3000/status.png"; + "/spaceapi.json".proxyPass = "http://[${hostRegistry.spaceapi.ip6}]:3000/spaceapi.json"; # WKD: Web Key Directory for PGP Keys "/openpgp" = { diff --git a/hosts/dacbert/default.nix b/hosts/dacbert/default.nix index 87669624..f9ff48ee 100644 --- a/hosts/dacbert/default.nix +++ b/hosts/dacbert/default.nix @@ -97,7 +97,7 @@ in # fkms-3d.enable = true; # }; fileSystems."/" = { - device = "${hostRegistry.hosts.nfsroot.ip4}:/var/lib/nfsroot/dacbert"; + device = "${hostRegistry.nfsroot.ip4}:/var/lib/nfsroot/dacbert"; fsType = "nfs"; options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "rw" ]; }; diff --git a/hosts/jabber/default.nix b/hosts/jabber/default.nix index 2c520392..021644d9 100644 --- a/hosts/jabber/default.nix +++ b/hosts/jabber/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, pkgs, lib, ... }: +{ zentralwerk, config, hostRegistry, pkgs, lib, ... }: let domain = "jabber.c3d2.de"; @@ -159,7 +159,7 @@ in firewall_scripts = { "${prosodyFirewall}" } - trusted_proxies = { "127.0.0.1", "::1", "${config.c3d2.hosts.public-access-proxy.ip4}", "${config.c3d2.hosts.public-access-proxy.ip4}", } + trusted_proxies = { "127.0.0.1", "::1", "${hostRegistry.public-access-proxy.ip4}", "${hostRegistry.public-access-proxy.ip4}", } http_default_host = "${domain}" http_host = "${domain}" http_external_url = "https://${domain}/" diff --git a/hosts/public-access-proxy/default.nix b/hosts/public-access-proxy/default.nix index 75eaa08a..f7fc9700 100644 --- a/hosts/public-access-proxy/default.nix +++ b/hosts/public-access-proxy/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, pkgs, lib, ... }: +{ zentralwerk, config, hostRegistry, pkgs, lib, ... }: { imports = [ @@ -18,11 +18,11 @@ matchArg = "-m end"; } { hostNames = [ "auth.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.auth.ip4; + proxyTo.host = hostRegistry.auth.ip4; } { hostNames = [ "jabber.c3d2.de" ]; proxyTo = { - host = config.c3d2.hosts.jabber.ip4; + host = hostRegistry.jabber.ip4; }; matchArg = "-m end"; } { @@ -32,13 +32,13 @@ } { hostNames = [ "direkthilfe.c3d2.de" ]; proxyTo = { - host = config.c3d2.hosts.direkthilfe.ip4; + host = hostRegistry.direkthilfe.ip4; }; matchArg = "-m end"; } { hostNames = [ "staging.dvb.solutions" ]; proxyTo = { - host = config.c3d2.hosts.staging-data-hoarder.ip4; + host = hostRegistry.staging-data-hoarder.ip4; }; matchArg = "-m end"; } { @@ -49,10 +49,10 @@ matchArg = "-m end"; } { hostNames = [ "bind.serv.zentralwerk.org" ]; - proxyTo.host = config.c3d2.hosts.bind.ip4; + proxyTo.host = hostRegistry.bind.ip4; } { hostNames = [ "blogs.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.blogs.ip4; + proxyTo.host = hostRegistry.blogs.ip4; } { hostNames = [ "datenspuren.de" "www.datenspuren.de" "ds.c3d2.de" "datenspuren.c3d2.de" @@ -69,73 +69,73 @@ "hackmd.c3d2.de" "hedgedoc.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.hedgedoc.ip4; + proxyTo.host = hostRegistry.hedgedoc.ip4; } { hostNames = [ "ftp.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.ftp.ip4; + proxyTo.host = hostRegistry.ftp.ip4; } { hostNames = [ "gitea.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.gitea.ip4; + proxyTo.host = hostRegistry.gitea.ip4; } { hostNames = [ "grafana.hq.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.grafana.ip4; + proxyTo.host = hostRegistry.grafana.ip4; } { hostNames = [ "hydra.hq.c3d2.de" "hydra-ca.hq.c3d2.de" "nix-serve.hq.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.hydra.ip4; + proxyTo.host = hostRegistry.hydra.ip4; } { hostNames = [ "zentralwerk.org" "www.zentralwerk.org" ]; - proxyTo.host = config.c3d2.hosts.network-homepage.ip4; + proxyTo.host = hostRegistry.network-homepage.ip4; } { hostNames = [ "kibana.hq.c3d2.de" "kibana-es.hq.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.kibana.ip4; + proxyTo.host = hostRegistry.kibana.ip4; } { hostNames = [ "matemat.hq.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.matemat.ip4; + proxyTo.host = hostRegistry.matemat.ip4; } { hostNames = [ "mobilizon.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.mobilizon.ip4; + proxyTo.host = hostRegistry.mobilizon.ip4; } { hostNames = [ "drkkr.hq.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.pulsebert.ip4; + proxyTo.host = hostRegistry.pulsebert.ip4; } { hostNames = [ "scrape.hq.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.scrape.ip4; + proxyTo.host = hostRegistry.scrape.ip4; } { hostNames = [ "adsb.hq.c3d2.de" "sdr.hq.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.sdrweb.ip4; + proxyTo.host = hostRegistry.sdrweb.ip4; } { hostNames = [ "stream.hq.c3d2.de" "torrents.hq.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.stream.ip4; + proxyTo.host = hostRegistry.stream.ip4; } { hostNames = [ "ticker.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.ticker.ip4; + proxyTo.host = hostRegistry.ticker.ip4; } { hostNames = [ "wiki.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.mediawiki.ip4; + proxyTo.host = hostRegistry.mediawiki.ip4; } { hostNames = [ "zengel.datenspuren.de" ]; - proxyTo.host = config.c3d2.hosts.zengel.ip4; + proxyTo.host = hostRegistry.zengel.ip4; } { hostNames = [ "owncast.c3d2.de" ]; - proxyTo.host = config.c3d2.hosts.owncast.ip4; + proxyTo.host = hostRegistry.owncast.ip4; } { hostNames = [ "c3d2.social" ]; - proxyTo.host = config.c3d2.hosts.mastodon.ip4; + proxyTo.host = hostRegistry.mastodon.ip4; } { hostNames = [ "relay.fedi.buzz" ]; proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.buzzrelay; diff --git a/hosts/radiobert/default.nix b/hosts/radiobert/default.nix index f55406bb..21b514fb 100644 --- a/hosts/radiobert/default.nix +++ b/hosts/radiobert/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, lib, pkgs, ... }: +{ zentralwerk, config, hostRegistry, lib, pkgs, ... }: { imports = [ @@ -99,7 +99,7 @@ hostName = "radiobert"; # Define your hostname. useDHCP = false; interfaces.eth0.ipv4.addresses = [{ - address = config.c3d2.hosts."${config.networking.hostName}".ip4; + address = hostRegistry."${config.networking.hostName}".ip4; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }]; defaultGateway = "172.20.73.1"; diff --git a/hosts/riscbert/default.nix b/hosts/riscbert/default.nix index 906cd5b8..2a351f88 100644 --- a/hosts/riscbert/default.nix +++ b/hosts/riscbert/default.nix @@ -39,7 +39,7 @@ options = [ "bind" ]; }; fileSystems."/" = { - device = "${hostRegistry.hosts.nfsroot.ip4}:/var/lib/nfsroot/riscbert"; + device = "${hostRegistry.nfsroot.ip4}:/var/lib/nfsroot/riscbert"; fsType = "nfs"; options = [ "nfsvers=4" "proto=tcp" "nolock" "hard" "async" "rw" ]; }; diff --git a/hosts/rpi-netboot/default.nix b/hosts/rpi-netboot/default.nix index be934f20..034309e7 100644 --- a/hosts/rpi-netboot/default.nix +++ b/hosts/rpi-netboot/default.nix @@ -40,7 +40,7 @@ }; # mount the server's /nix/store "/nix/store" = { - device = "${hostRegistry.hosts.nfsroot.ip4}:/nix/store"; + device = "${hostRegistry.nfsroot.ip4}:/nix/store"; fsType = "nfs"; options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "ro" ]; neededForBoot = true; diff --git a/hosts/sdrweb/default.nix b/hosts/sdrweb/default.nix index 263123c5..f30488b1 100644 --- a/hosts/sdrweb/default.nix +++ b/hosts/sdrweb/default.nix @@ -1,8 +1,6 @@ -{ config, pkgs, ... }: +{ config, hostRegistry, pkgs, ... }: { deployment = { - # needs to keep just its ssh key for sops-nix - persistedShares = [ "/home" "/etc" "/var" ]; mem = 4096; vcpu = 16; needForSpeed = true; @@ -40,7 +38,7 @@ charset utf-8; ''; locations."/data.json" = { - proxyPass = "http://${config.c3d2.hosts.radiobert.ip4}:8080/data.json"; + proxyPass = "http://${hostRegistry.radiobert.ip4}:8080/data.json"; }; }; }; diff --git a/hosts/stream/default.nix b/hosts/stream/default.nix index b9a14589..ae576121 100644 --- a/hosts/stream/default.nix +++ b/hosts/stream/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, lib, pkgs, ... }: +{ zentralwerk, config, hostRegistry, lib, pkgs, ... }: let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY"; in @@ -23,7 +23,7 @@ in # try harder disabling global ipv6 networkConfig.LinkLocalAddressing = "no"; addresses = [ { - addressConfig.Address = "${config.c3d2.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}"; + addressConfig.Address = "${hostRegistry.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}"; } ]; gateway = lib.mkForce []; routes = [ { diff --git a/modules/c3d2.nix b/modules/c3d2.nix index 15035372..81e5dab1 100644 --- a/modules/c3d2.nix +++ b/modules/c3d2.nix @@ -238,7 +238,7 @@ in }]; }; - nameservers = with hostRegistry.hosts.dnscache; [ + nameservers = with hostRegistry.dnscache; [ ip4 ip6 "9.9.9.9" diff --git a/modules/cluster/default.nix b/modules/cluster/default.nix index 229e5f2b..ce95a97e 100644 --- a/modules/cluster/default.nix +++ b/modules/cluster/default.nix @@ -34,7 +34,7 @@ in { nodes = builtins.listToAttrs ( map (name: { inherit name; - value.address = hostRegistry.hosts.${name}.ip4; + value.address = hostRegistry.${name}.ip4; }) servers ); nomad = { diff --git a/packages.nix b/packages.nix index 80ebf7f4..a5851d56 100644 --- a/packages.nix +++ b/packages.nix @@ -3,7 +3,7 @@ let getHostAddr = name: let - hostConf = hostRegistry.hosts."${name}"; + hostConf = hostRegistry."${name}"; in hostConf.ip4 or (hostConf.ip6 or (throw "Host ${name} has no ip4 or ip6 address"));