c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Refactor host registry

This commit is contained in:
Ehmry - 2022-01-16 13:26:37 +01:00
parent dd05418887
commit 84f896770e
24 changed files with 199 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
config/c3d2.nix
View File

@ -32,7 +32,6 @@ in {
config = let
cfg = config.c3d2;
hostRegistry = import ../host-registry.nix;
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
in {
# Configuration specific to this machine
@ -51,21 +50,18 @@ in {
message = "mapHqHosts must be enabled for enableMpdProxy";
}
{
assertion = let
check = hostName: hostName == config.networking.hostName;
checkRegistry = builtins.any check;
in cfg.isInHq -> checkRegistry hostRegistry.hqLocal;
assertion = cfg.isInHq -> builtins.hasAttr config.networking.hostName cfg.hosts;
message = "${config.networking.hostName} is not registered in ${
toString ../host-registry.nix
}";
}
( # Check for hostRegistry address collisions
( # Check for host registry address collisions
let
getAddrHosts = key:
builtins.foldl' (result: host:
if hostRegistry.hosts."${host}" ? "${key}"
if cfg.hosts.${host}.${key} != null
then let
addr = hostRegistry.hosts."${host}"."${key}";
addr = cfg.hosts."${host}"."${key}";
in if result ? "${addr}"
then result // {
"${addr}" = result."${addr}" ++ [ host ];
@ -74,7 +70,7 @@ in {
"${addr}" = [ host ];
}
else result
) {} (builtins.attrNames hostRegistry.hosts);
) {} (builtins.attrNames cfg.hosts);
dupHosts =
builtins.concatMap (hosts:
if builtins.length hosts == 1
@ -102,25 +98,25 @@ in {
networking.domain = mkIfIsInHq "hq.c3d2.de";
networking.hosts = let
getHost = hostName: builtins.getAttr hostName hostRegistry.hosts;
getHost = hostName: builtins.getAttr hostName cfg.hosts;
hqLocalHosts = with builtins;
let
f = hostName:
let
host = getHost hostName;
ip6 = if hasAttr "ip6" host then
ip6 = if host.ip6 != null then
host.ip6
else
toHqPrivateAddress hostName;
in [{
name = ip6;
value = [ "${hostName}.hq" hostName ];
}] ++ lib.optional (hasAttr "ip4" host) {
}] ++ lib.optional (host.ip4 != null) {
name = host.ip4;
value = [ "${hostName}.hq" hostName ];
};
in listToAttrs (concatLists (map f (attrNames hostRegistry.hosts)));
in listToAttrs (concatLists (map f (attrNames cfg.hosts)));
in if cfg.mapHqHosts then hqLocalHosts else { };
@ -203,21 +199,20 @@ in {
programs = {
ssh.knownHosts = with builtins;
let
hostNames = hostRegistry.hqLocal;
intersectKeys = intersectAttrs {
publicKey = null;
publicKeyFile = null;
};
list = map (name:
let
host = getAttr name hostRegistry.hosts;
host = getAttr name cfg.hosts;
sshAttrs = intersectKeys host;
in if sshAttrs == { } then
null
else {
inherit name;
value = let
ip6 = if hasAttr "ip6" host then
ip6 = if host.ip6 != null then
host.ip6
else
toHqPrivateAddress name;
@ -226,8 +221,8 @@ in {
publicKeyFile = null;
hostNames = [ ip6 "${name}.hq.c3d2.de" "${name}.hq" name ];
} // sshAttrs;
}) hostNames;
keyedHosts = filter (x: x != null) list;
}) (builtins.attrNames cfg.hosts);
keyedHosts = filter (x: x.value.publicKey != null || x.value.publicKeyFile != null) list;
in listToAttrs keyedHosts;
vim.defaultEditor = true;

2
config/logging.nix
View File

@ -47,7 +47,7 @@ in {
output.logstash:
# Boolean flag to enable or disable the output module.
enabled: true
hosts: ["${hostRegistry.hosts.logging.ip4}:5044"]
hosts: ["${config.c3d2.hosts.logging.ip4}:5044"]
'';
};

2
config/lxc-container.nix
View File

@ -74,7 +74,7 @@
output.logstash:
# Boolean flag to enable or disable the output module.
enabled: true
hosts: ["${hostRegistry.hosts.logging.ip4}:5044"]
hosts: ["${config.c3d2.hosts.logging.ip4}:5044"]
'';
};

3
flake.nix
View File

@ -55,7 +55,7 @@
lib.recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net."${net}")
) {} [ "core" "c3d2" "serv" ];
};
extraHostRegistry = import ./host-registry.nix;
extraHostRegistry.hosts = import ./host-registry.nix;
hostRegistry = lib.recursiveUpdate zwHostRegistry extraHostRegistry;
flakifiedHosts = nixpkgs.lib.filterAttrs (name: _: self.nixosConfigurations ? "${name}") hostRegistry.hosts;
@ -506,6 +506,7 @@
sops-nix.nixosModule
./modules/c3d2.nix
];
c3d2.hosts = hostRegistry.hosts;
c3d2.users = import ./users.nix;
};
plume = {

231
host-registry.nix
View File

@ -1,125 +1,118 @@
# Registry of C3D2 machines.
rec {
hosts = {
ledstripes.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHRwhszG9T8ZWuSRkAupCPi7YDQBdaX0YzoQSsvCSpzC";
{
dacbert.ip4 = "dacbert.hq.c3d2.de";
glotzbert = {
ether = "ec:a8:6b:fe:b4:cb";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
wol = true;
ip4 = "glotzbert.hq.c3d2.de";
};
mpd-index = { };
nfs = { };
ncdc.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzWhy2T7avsFf+ZS8R99kah2wPQs7MYWUP+t4VBi28a";
pulsebert = {
ether = "dc:a6:32:31:b6:32";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQCsDss9Gq3/eTKqpgEwXK+nhnuARS4/kHqF2+laGnp";
wol = true;
ip4 = "pulsebert.hq.c3d2.de";
};
samba = { };
storage-ng.ip4 = "172.22.99.20";
storage-ng.ip6 = "2a00:8180:2c00:223::20";
storage-ng.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
server1 = {
ip4 = "172.20.72.1";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD7M0j9goPMstNFj8dkNjMIgKFvbIGqpgeNKDjwTQdl5QJE+mE0k5/t8RlhN0MprZBr8px8PZw1dZlXAMLK4FQs=
'';
};
server3 = {
ip4 = "172.22.99.13";
ip6 = "2a00:8180:2c00:223::13";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHBQq8QxGUdvQTF6QPiRYHtD73ls4zoUcOtAPLVN/7dDZk7KZLQ+c373VB5jd9FfYKB2/w8lDCHXVi1sY26e+QE=
'';
};
server4 = {
ip4 = "172.22.99.14";
ip6 = "2a00:8180:2c00:223::14";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48=
'';
};
server5 = {
ip4 = "172.22.99.15";
ip6 = "2a00:8180:2c00:223::15";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE=
'';
};
server6 = {
ip4 = "172.22.99.16";
ip6 = "2a00:8180:2c00:223::16";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHhcvlbZ4TjAb6eQkYB2/Z3o/PHQVyAS6iEdGX+CEbGD";
};
freifunk = {
ip4 = "172.20.72.40";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFbxHGfBMBjjior1FNRub56O62K++HVnqUH67BeKD7d";
};
matemat = {
ip4 = "172.20.73.21";
ip6 = "2a00:8180:2c00:282:f82b:1bff:fedc:8572";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBa07c4NnU1TGX1SMNea9e1d4nMtc0OS4gJLmTA3g/fe";
};
scrape = {
ip4 = "172.20.73.32";
ip6 = "2a00:8180:2c00:282:e073:50ff:fef5:eb6e";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGxPgg6nswoij1fBzDPDu6h4+d458XL2+dBxAx9KVOh";
};
dn42 = {
ip4 = "172.22.99.253";
};
grafana = {
ip6 = "2a00:8180:2c00:282:4042:fbff:fe4b:2de8";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y";
};
hydra = {
ip4 = "172.20.73.49";
ip6 = "2a00:8180:2c00:282:e03c:d7ff:fe8e:fe16";
};
mucbot = {
ip4 = "172.20.73.27";
ip6 = "2a00:8180:2c00:282:28db:dff:fe6b:e89a";
};
kibana = {
ip4 = "172.20.73.44";
ip6 = "2a00:8180:2c00:282:460:7cff:fe28:76b2";
};
public-access-proxy = {
ip4 = "172.20.73.45";
ip6 = "2a00:8180:2c00:282:1024:5fff:febd:9be7";
};
gitea.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8MmjiiRmiyUqRYs5a07m7qKDwxh2NwvS2h7pm2b+zx";
dacbert.ip4 = "dacbert.hq.c3d2.de";
nix-build.ip4 = "172.22.99.156";
dn42 = {
ip4 = "172.22.99.253";
};
hqGlobal = builtins.attrNames hosts;
hqLocal = builtins.attrNames hosts;
freifunk = {
ip4 = "172.20.72.40";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFbxHGfBMBjjior1FNRub56O62K++HVnqUH67BeKD7d";
};
gitea.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8MmjiiRmiyUqRYs5a07m7qKDwxh2NwvS2h7pm2b+zx";
glotzbert = {
ether = "ec:a8:6b:fe:b4:cb";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
wol = true;
ip4 = "glotzbert.hq.c3d2.de";
};
grafana = {
ip6 = "2a00:8180:2c00:282:4042:fbff:fe4b:2de8";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y";
};
hydra = {
ip4 = "172.20.73.49";
ip6 = "2a00:8180:2c00:282:e03c:d7ff:fe8e:fe16";
};
kibana = {
ip4 = "172.20.73.44";
ip6 = "2a00:8180:2c00:282:460:7cff:fe28:76b2";
};
ledstripes.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHRwhszG9T8ZWuSRkAupCPi7YDQBdaX0YzoQSsvCSpzC";
mucbot = {
ip4 = "172.20.73.27";
ip6 = "2a00:8180:2c00:282:28db:dff:fe6b:e89a";
};
matemat = {
ip4 = "172.20.73.21";
ip6 = "2a00:8180:2c00:282:f82b:1bff:fedc:8572";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBa07c4NnU1TGX1SMNea9e1d4nMtc0OS4gJLmTA3g/fe";
};
mpd-index = { };
nfs = { };
nix-build.ip4 = "172.22.99.156";
public-access-proxy = {
ip4 = "172.20.73.45";
ip6 = "2a00:8180:2c00:282:1024:5fff:febd:9be7";
};
pulsebert = {
ether = "dc:a6:32:31:b6:32";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQCsDss9Gq3/eTKqpgEwXK+nhnuARS4/kHqF2+laGnp";
wol = true;
ip4 = "pulsebert.hq.c3d2.de";
};
samba = { };
scrape = {
ip4 = "172.20.73.32";
ip6 = "2a00:8180:2c00:282:e073:50ff:fef5:eb6e";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGxPgg6nswoij1fBzDPDu6h4+d458XL2+dBxAx9KVOh";
};
server1 = {
ip4 = "172.20.72.1";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD7M0j9goPMstNFj8dkNjMIgKFvbIGqpgeNKDjwTQdl5QJE+mE0k5/t8RlhN0MprZBr8px8PZw1dZlXAMLK4FQs=
'';
};
server3 = {
ip4 = "172.22.99.13";
ip6 = "2a00:8180:2c00:223::13";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHBQq8QxGUdvQTF6QPiRYHtD73ls4zoUcOtAPLVN/7dDZk7KZLQ+c373VB5jd9FfYKB2/w8lDCHXVi1sY26e+QE=
'';
};
server4 = {
ip4 = "172.22.99.14";
ip6 = "2a00:8180:2c00:223::14";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48=
'';
};
server5 = {
ip4 = "172.22.99.15";
ip6 = "2a00:8180:2c00:223::15";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE=
'';
};
server6 = {
ip4 = "172.22.99.16";
ip6 = "2a00:8180:2c00:223::16";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHhcvlbZ4TjAb6eQkYB2/Z3o/PHQVyAS6iEdGX+CEbGD";
};
storage-ng.ip4 = "172.22.99.20";
storage-ng.ip6 = "2a00:8180:2c00:223::20";
storage-ng.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
}

6
hosts/containers/bind/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, pkgs, ... }:
{ zentralwerk, config, pkgs, ... }:
let
systemctl = "${pkgs.systemd}/bin/systemctl";
deployCommand = "${systemctl} start deploy-c3d2-dns";
@ -14,7 +14,7 @@ in
networking.hostName = "bind";
networking.useNetworkd = true;
networking.interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4;
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
networking.defaultGateway = "172.20.73.1";
@ -85,7 +85,7 @@ in
script = ''
mkdir -p .ssh
cp ${builtins.toFile "id_ed25519" sshPrivkey} .ssh/id_ed25519
echo "gitea.c3d2.de ${hostRegistry.hosts.gitea.publicKey}" > .ssh/known_hosts
echo "gitea.c3d2.de ${config.c3d2.hosts.gitea.publicKey}" > .ssh/known_hosts
chmod 0600 .ssh/id_ed25519
# Build at least once

2
hosts/containers/blogs/default.nix
View File

@ -4,7 +4,7 @@
hostName = "blogs";
useNetworkd = true;
interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4;
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
defaultGateway = "172.20.73.1";

8
hosts/containers/c3d2-web/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, nixpkgs, config, pkgs, ... }:
{ zentralwerk, nixpkgs, config, pkgs, ... }:
let
webroot = "/var/www";
deployCommand = "${pkgs.systemd}/bin/systemctl start deploy-c3d2-web.service";
@ -9,7 +9,7 @@ in
networking.hostName = "c3d2-web";
networking.useNetworkd = true;
networking.interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4;
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
networking.defaultGateway = "172.20.73.1";
@ -36,8 +36,8 @@ in
'';
locations = {
# SpaceAPI
"/status.png".proxyPass = "http://[${hostRegistry.hosts.spaceapi.ip6}]:3000/status.png";
"/spaceapi.json".proxyPass = "http://[${hostRegistry.hosts.spaceapi.ip6}]:3000/spaceapi.json";
"/status.png".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/status.png";
"/spaceapi.json".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/spaceapi.json";
};
};

2
hosts/containers/freifunk/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, modulesPath, hostRegistry, zentralwerk, ... }:
{ config, pkgs, lib, modulesPath, zentralwerk, ... }:
let
inherit (zentralwerk.lib.config.site.net) core;

4
hosts/containers/gitea/modules/networking.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, pkgs, ... }:
{ zentralwerk, config, pkgs, ... }:
{
networking = {
@ -7,7 +7,7 @@
interfaces.eth0 = {
useDHCP = false;
ipv4.addresses = [ {
address = hostRegistry.hosts."${config.networking.hostName}".ip4;
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
} ];
};

2
hosts/containers/hydra/hydra.nix
View File

@ -1,7 +1,7 @@
{ hostRegistry, config, pkgs, ... }:
let
nix-build = "client@${hostRegistry.hosts.nix-build.ip4}";
nix-build = "client@${config.c3d2.hosts.nix-build.ip4}";
in {
nix = {
binaryCaches =

6
hosts/containers/jabber/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, pkgs, lib, ... }:
{ zentralwerk, config, pkgs, lib, ... }:
let
domain = "jabber.c3d2.de";
@ -22,7 +22,7 @@ in
hostName = "jabber";
useNetworkd = true;
interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4;
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
defaultGateway = "172.20.73.1";
@ -159,7 +159,7 @@ in
firewall_scripts = { "${prosodyFirewall}" }
trusted_proxies = { "127.0.0.1", "::1", "${hostRegistry.hosts.public-access-proxy.ip4}", "${hostRegistry.hosts.public-access-proxy.ip4}", }
trusted_proxies = { "127.0.0.1", "::1", "${config.c3d2.hosts.public-access-proxy.ip4}", "${config.c3d2.hosts.public-access-proxy.ip4}", }
http_default_host = "${domain}"
http_host = "${domain}"
http_external_url = "https://${domain}/"

4
hosts/containers/keycloak/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, pkgs, ... }:
{ zentralwerk, config, pkgs, ... }:
let
frontendDomain = "keycloak.c3d2.de";
in
@ -10,7 +10,7 @@ in
interfaces.eth0 = {
useDHCP = false;
ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4;
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}
];

4
hosts/containers/logging/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, pkgs, lib, ... }:
{ zentralwerk, config, pkgs, lib, ... }:
let
graylogPort = 9000;
@ -7,7 +7,7 @@ in
networking = {
hostName = "logging";
interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts.logging.ip4;
address = config.c3d2.hosts.logging.ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
defaultGateway = "172.20.73.1";

4
hosts/containers/matemat/default.nix
View File

@ -1,9 +1,9 @@
{ zentralwerk, hostRegistry, lib, pkgs, ... }:
{ zentralwerk, config, lib, pkgs, ... }:
{
networking.hostName = "matemat";
networking.interfaces.eth0 = {
ipv4.addresses = [{
address = hostRegistry.hosts.matemat.ip4;
address = config.c3d2.hosts.matemat.ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
useDHCP = false;

4
hosts/containers/mobilizon/default.nix
View File

@ -1,10 +1,10 @@
{ zentralwerk, hostRegistry, config, ... }:
{ zentralwerk, config, ... }:
{
c3d2.isInHq = false;
networking = {
hostName = "mobilizon";
interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4;
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
defaultGateway = "172.20.73.1";

2
hosts/containers/nix-build/default.nix
View File

@ -5,7 +5,7 @@
networking.useDHCP = false;
networking.interfaces.enp6s18 = {
ipv4.addresses = [{
address = hostRegistry.hosts.nix-build.ip4;
address = config.c3d2.hosts.nix-build.ip4;
prefixLength = zentralwerk.lib.config.site.net.c3d2.subnet4Len;
}];
useDHCP = false;

12
hosts/containers/public-access-proxy/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, nixosConfigurations, config, pkgs, lib, ... }:
{ zentralwerk, nixosConfigurations, config, pkgs, lib, ... }:
{
imports = [
@ -28,7 +28,7 @@
{
hostNames = [ "jabber.c3d2.de" ];
proxyTo = {
host = hostRegistry.hosts.jabber.ip4;
host = config.c3d2.hosts.jabber.ip4;
httpPort = 5820;
httpsPort = 5821;
};
@ -54,10 +54,10 @@
) (builtins.attrNames nixosConfig.services.nginx.virtualHosts)
);
proxyTo.host =
if hostRegistry.hosts."${host}" ? ip4
then hostRegistry.hosts."${host}".ip4
else if hostRegistry.hosts."${host}" ? ip6
then "[${hostRegistry.hosts."${host}".ip6}]"
if config.c3d2.hosts."${host}" ? ip4
then config.c3d2.hosts."${host}".ip4
else if config.c3d2.hosts."${host}" ? ip6
then "[${config.c3d2.hosts."${host}".ip6}]"
else throw "No known addresses for ${host}";
}
) (builtins.attrNames (

6
hosts/containers/sdrweb/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, pkgs, ... }:
{ zentralwerk, config, pkgs, ... }:
{
c3d2 = {
isInHq = false;
@ -8,7 +8,7 @@
networking.hostName = "sdrweb";
networking.useNetworkd = true;
networking.interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4;
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
networking.defaultGateway = "172.20.73.1";
@ -41,7 +41,7 @@
charset utf-8;
'';
locations."/data.json" = {
proxyPass = "http://${hostRegistry.hosts.radiobert.ip4}:8080/data.json";
proxyPass = "http://${config.c3d2.hosts.radiobert.ip4}:8080/data.json";
};
};
};

6
hosts/containers/stream/default.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, zentralwerk, pkgs, ... }:
{ zentralwerk, pkgs, ... }:
let
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
in
@ -12,12 +12,12 @@ in
matchConfig.MACAddress = "C6:40:E0:21:9B:A4";
networkConfig.IPv6AcceptRA = false;
addresses = [ {
addressConfig.Address = "${hostRegistry.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";
addressConfig.Address = "${config.c3d2.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";
} ];
routes = [ {
routeConfig = {
Destination = "172.20.0.0/14";
Gateway = hostRegistry.hosts.serv-gw.ip4;
Gateway = config.c3d2.hosts.serv-gw.ip4;
};
} ];
};

2
hosts/dacbert/default.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, config, lib, pkgs, modulesPath, ... }:
{ config, lib, pkgs, modulesPath, ... }:
{
boot.initrd.kernelModules = [ ];

4
hosts/radiobert/base.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, lib, pkgs, ... }:
{ zentralwerk, config, lib, pkgs, ... }:
{
boot.initrd.availableKernelModules = [ "usbhid" ];
@ -82,7 +82,7 @@
hostName = "radiobert"; # Define your hostname.
useDHCP = false;
interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4;
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
defaultGateway = "172.20.73.1";

6
hosts/storage-ng/default.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, config, pkgs, lib, strings, ... }:
{ config, pkgs, lib, strings, ... }:
let
eth0 = "ens18";
@ -37,11 +37,11 @@ in
# usePredictableInterfacenames = false;
interfaces."${eth0}" = {
ipv4.addresses = [{
address = hostRegistry.hosts.${config.networking.hostName}.ip4;
address = config.c3d2.hosts.${config.networking.hostName}.ip4;
prefixLength = 24;
}];
ipv6.addresses = [{
address = hostRegistry.hosts.${config.networking.hostName}.ip6;
address = config.c3d2.hosts.${config.networking.hostName}.ip6;
prefixLength = 64;
}];
};

28
modules/c3d2.nix
View File

@ -80,6 +80,34 @@ in
};
hosts =
mkOption {
type = attrsOf (submodule {
options = {
ether = mkOption {
type = with types; nullOr str;
default = null;
};
ip4 = mkOption {
type = with types; nullOr str;
default = null;
};
ip6 = mkOption {
type = with types; nullOr str;
default = null;
};
publicKey = mkOption {
type = with types; nullOr str;
default = null;
};
wol = mkOption {
type = types.bool;
default = false;
};
};
});
};
users =
mkOption {
type = attrsOf (submodule {