From 84f896770e9498d30e120c247526caa747705d50 Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Sun, 16 Jan 2022 13:26:37 +0100 Subject: [PATCH] Refactor host registry --- config/c3d2.nix | 31 +-- config/logging.nix | 2 +- config/lxc-container.nix | 2 +- flake.nix | 3 +- host-registry.nix | 231 +++++++++--------- hosts/containers/bind/default.nix | 6 +- hosts/containers/blogs/default.nix | 2 +- hosts/containers/c3d2-web/default.nix | 8 +- hosts/containers/freifunk/default.nix | 2 +- hosts/containers/gitea/modules/networking.nix | 4 +- hosts/containers/hydra/hydra.nix | 2 +- hosts/containers/jabber/default.nix | 6 +- hosts/containers/keycloak/default.nix | 4 +- hosts/containers/logging/default.nix | 4 +- hosts/containers/matemat/default.nix | 4 +- hosts/containers/mobilizon/default.nix | 4 +- hosts/containers/nix-build/default.nix | 2 +- .../public-access-proxy/default.nix | 12 +- hosts/containers/sdrweb/default.nix | 6 +- hosts/containers/stream/default.nix | 6 +- hosts/dacbert/default.nix | 2 +- hosts/radiobert/base.nix | 4 +- hosts/storage-ng/default.nix | 6 +- modules/c3d2.nix | 28 +++ 24 files changed, 199 insertions(+), 182 deletions(-) diff --git a/config/c3d2.nix b/config/c3d2.nix index d87fe629..3dc1d7f0 100644 --- a/config/c3d2.nix +++ b/config/c3d2.nix @@ -32,7 +32,6 @@ in { config = let cfg = config.c3d2; - hostRegistry = import ../host-registry.nix; mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x); in { # Configuration specific to this machine @@ -51,21 +50,18 @@ in { message = "mapHqHosts must be enabled for enableMpdProxy"; } { - assertion = let - check = hostName: hostName == config.networking.hostName; - checkRegistry = builtins.any check; - in cfg.isInHq -> checkRegistry hostRegistry.hqLocal; + assertion = cfg.isInHq -> builtins.hasAttr config.networking.hostName cfg.hosts; message = "${config.networking.hostName} is not registered in ${ toString ../host-registry.nix }"; } - ( # Check for hostRegistry address collisions + ( # Check for host registry address collisions let getAddrHosts = key: builtins.foldl' (result: host: - if hostRegistry.hosts."${host}" ? "${key}" + if cfg.hosts.${host}.${key} != null then let - addr = hostRegistry.hosts."${host}"."${key}"; + addr = cfg.hosts."${host}"."${key}"; in if result ? "${addr}" then result // { "${addr}" = result."${addr}" ++ [ host ]; @@ -74,7 +70,7 @@ in { "${addr}" = [ host ]; } else result - ) {} (builtins.attrNames hostRegistry.hosts); + ) {} (builtins.attrNames cfg.hosts); dupHosts = builtins.concatMap (hosts: if builtins.length hosts == 1 @@ -102,25 +98,25 @@ in { networking.domain = mkIfIsInHq "hq.c3d2.de"; networking.hosts = let - getHost = hostName: builtins.getAttr hostName hostRegistry.hosts; + getHost = hostName: builtins.getAttr hostName cfg.hosts; hqLocalHosts = with builtins; let f = hostName: let host = getHost hostName; - ip6 = if hasAttr "ip6" host then + ip6 = if host.ip6 != null then host.ip6 else toHqPrivateAddress hostName; in [{ name = ip6; value = [ "${hostName}.hq" hostName ]; - }] ++ lib.optional (hasAttr "ip4" host) { + }] ++ lib.optional (host.ip4 != null) { name = host.ip4; value = [ "${hostName}.hq" hostName ]; }; - in listToAttrs (concatLists (map f (attrNames hostRegistry.hosts))); + in listToAttrs (concatLists (map f (attrNames cfg.hosts))); in if cfg.mapHqHosts then hqLocalHosts else { }; @@ -203,21 +199,20 @@ in { programs = { ssh.knownHosts = with builtins; let - hostNames = hostRegistry.hqLocal; intersectKeys = intersectAttrs { publicKey = null; publicKeyFile = null; }; list = map (name: let - host = getAttr name hostRegistry.hosts; + host = getAttr name cfg.hosts; sshAttrs = intersectKeys host; in if sshAttrs == { } then null else { inherit name; value = let - ip6 = if hasAttr "ip6" host then + ip6 = if host.ip6 != null then host.ip6 else toHqPrivateAddress name; @@ -226,8 +221,8 @@ in { publicKeyFile = null; hostNames = [ ip6 "${name}.hq.c3d2.de" "${name}.hq" name ]; } // sshAttrs; - }) hostNames; - keyedHosts = filter (x: x != null) list; + }) (builtins.attrNames cfg.hosts); + keyedHosts = filter (x: x.value.publicKey != null || x.value.publicKeyFile != null) list; in listToAttrs keyedHosts; vim.defaultEditor = true; diff --git a/config/logging.nix b/config/logging.nix index 37a29298..f5bd2149 100644 --- a/config/logging.nix +++ b/config/logging.nix @@ -47,7 +47,7 @@ in { output.logstash: # Boolean flag to enable or disable the output module. enabled: true - hosts: ["${hostRegistry.hosts.logging.ip4}:5044"] + hosts: ["${config.c3d2.hosts.logging.ip4}:5044"] ''; }; diff --git a/config/lxc-container.nix b/config/lxc-container.nix index 3ea20211..126b890c 100644 --- a/config/lxc-container.nix +++ b/config/lxc-container.nix @@ -74,7 +74,7 @@ output.logstash: # Boolean flag to enable or disable the output module. enabled: true - hosts: ["${hostRegistry.hosts.logging.ip4}:5044"] + hosts: ["${config.c3d2.hosts.logging.ip4}:5044"] ''; }; diff --git a/flake.nix b/flake.nix index bcb76195..7f10a164 100644 --- a/flake.nix +++ b/flake.nix @@ -55,7 +55,7 @@ lib.recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net."${net}") ) {} [ "core" "c3d2" "serv" ]; }; - extraHostRegistry = import ./host-registry.nix; + extraHostRegistry.hosts = import ./host-registry.nix; hostRegistry = lib.recursiveUpdate zwHostRegistry extraHostRegistry; flakifiedHosts = nixpkgs.lib.filterAttrs (name: _: self.nixosConfigurations ? "${name}") hostRegistry.hosts; @@ -506,6 +506,7 @@ sops-nix.nixosModule ./modules/c3d2.nix ]; + c3d2.hosts = hostRegistry.hosts; c3d2.users = import ./users.nix; }; plume = { diff --git a/host-registry.nix b/host-registry.nix index 26df3f4a..f102406c 100644 --- a/host-registry.nix +++ b/host-registry.nix @@ -1,125 +1,118 @@ # Registry of C3D2 machines. -rec { - hosts = { - ledstripes.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHRwhszG9T8ZWuSRkAupCPi7YDQBdaX0YzoQSsvCSpzC"; +{ + dacbert.ip4 = "dacbert.hq.c3d2.de"; - glotzbert = { - ether = "ec:a8:6b:fe:b4:cb"; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG"; - wol = true; - ip4 = "glotzbert.hq.c3d2.de"; - }; - - mpd-index = { }; - - nfs = { }; - - ncdc.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzWhy2T7avsFf+ZS8R99kah2wPQs7MYWUP+t4VBi28a"; - - pulsebert = { - ether = "dc:a6:32:31:b6:32"; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQCsDss9Gq3/eTKqpgEwXK+nhnuARS4/kHqF2+laGnp"; - wol = true; - ip4 = "pulsebert.hq.c3d2.de"; - }; - - samba = { }; - - storage-ng.ip4 = "172.22.99.20"; - storage-ng.ip6 = "2a00:8180:2c00:223::20"; - storage-ng.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP"; - - server1 = { - ip4 = "172.20.72.1"; - publicKey = '' - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD7M0j9goPMstNFj8dkNjMIgKFvbIGqpgeNKDjwTQdl5QJE+mE0k5/t8RlhN0MprZBr8px8PZw1dZlXAMLK4FQs= - ''; - }; - - server3 = { - ip4 = "172.22.99.13"; - ip6 = "2a00:8180:2c00:223::13"; - publicKey = '' - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHBQq8QxGUdvQTF6QPiRYHtD73ls4zoUcOtAPLVN/7dDZk7KZLQ+c373VB5jd9FfYKB2/w8lDCHXVi1sY26e+QE= - ''; - }; - - server4 = { - ip4 = "172.22.99.14"; - ip6 = "2a00:8180:2c00:223::14"; - publicKey = '' - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48= - ''; - }; - - server5 = { - ip4 = "172.22.99.15"; - ip6 = "2a00:8180:2c00:223::15"; - publicKey = '' - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE= - ''; - }; - - server6 = { - ip4 = "172.22.99.16"; - ip6 = "2a00:8180:2c00:223::16"; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHhcvlbZ4TjAb6eQkYB2/Z3o/PHQVyAS6iEdGX+CEbGD"; - }; - - freifunk = { - ip4 = "172.20.72.40"; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFbxHGfBMBjjior1FNRub56O62K++HVnqUH67BeKD7d"; - }; - - matemat = { - ip4 = "172.20.73.21"; - ip6 = "2a00:8180:2c00:282:f82b:1bff:fedc:8572"; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBa07c4NnU1TGX1SMNea9e1d4nMtc0OS4gJLmTA3g/fe"; - }; - - scrape = { - ip4 = "172.20.73.32"; - ip6 = "2a00:8180:2c00:282:e073:50ff:fef5:eb6e"; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGxPgg6nswoij1fBzDPDu6h4+d458XL2+dBxAx9KVOh"; - }; - - dn42 = { - ip4 = "172.22.99.253"; - }; - - grafana = { - ip6 = "2a00:8180:2c00:282:4042:fbff:fe4b:2de8"; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y"; - }; - - hydra = { - ip4 = "172.20.73.49"; - ip6 = "2a00:8180:2c00:282:e03c:d7ff:fe8e:fe16"; - }; - - mucbot = { - ip4 = "172.20.73.27"; - ip6 = "2a00:8180:2c00:282:28db:dff:fe6b:e89a"; - }; - - kibana = { - ip4 = "172.20.73.44"; - ip6 = "2a00:8180:2c00:282:460:7cff:fe28:76b2"; - }; - - public-access-proxy = { - ip4 = "172.20.73.45"; - ip6 = "2a00:8180:2c00:282:1024:5fff:febd:9be7"; - }; - - gitea.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8MmjiiRmiyUqRYs5a07m7qKDwxh2NwvS2h7pm2b+zx"; - - dacbert.ip4 = "dacbert.hq.c3d2.de"; - - nix-build.ip4 = "172.22.99.156"; + dn42 = { + ip4 = "172.22.99.253"; }; - hqGlobal = builtins.attrNames hosts; - hqLocal = builtins.attrNames hosts; + freifunk = { + ip4 = "172.20.72.40"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFbxHGfBMBjjior1FNRub56O62K++HVnqUH67BeKD7d"; + }; + + gitea.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8MmjiiRmiyUqRYs5a07m7qKDwxh2NwvS2h7pm2b+zx"; + + glotzbert = { + ether = "ec:a8:6b:fe:b4:cb"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG"; + wol = true; + ip4 = "glotzbert.hq.c3d2.de"; + }; + + grafana = { + ip6 = "2a00:8180:2c00:282:4042:fbff:fe4b:2de8"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y"; + }; + + hydra = { + ip4 = "172.20.73.49"; + ip6 = "2a00:8180:2c00:282:e03c:d7ff:fe8e:fe16"; + }; + + kibana = { + ip4 = "172.20.73.44"; + ip6 = "2a00:8180:2c00:282:460:7cff:fe28:76b2"; + }; + + ledstripes.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHRwhszG9T8ZWuSRkAupCPi7YDQBdaX0YzoQSsvCSpzC"; + + mucbot = { + ip4 = "172.20.73.27"; + ip6 = "2a00:8180:2c00:282:28db:dff:fe6b:e89a"; + }; + + matemat = { + ip4 = "172.20.73.21"; + ip6 = "2a00:8180:2c00:282:f82b:1bff:fedc:8572"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBa07c4NnU1TGX1SMNea9e1d4nMtc0OS4gJLmTA3g/fe"; + }; + + mpd-index = { }; + + nfs = { }; + + nix-build.ip4 = "172.22.99.156"; + + public-access-proxy = { + ip4 = "172.20.73.45"; + ip6 = "2a00:8180:2c00:282:1024:5fff:febd:9be7"; + }; + + pulsebert = { + ether = "dc:a6:32:31:b6:32"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQCsDss9Gq3/eTKqpgEwXK+nhnuARS4/kHqF2+laGnp"; + wol = true; + ip4 = "pulsebert.hq.c3d2.de"; + }; + + samba = { }; + + scrape = { + ip4 = "172.20.73.32"; + ip6 = "2a00:8180:2c00:282:e073:50ff:fef5:eb6e"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGxPgg6nswoij1fBzDPDu6h4+d458XL2+dBxAx9KVOh"; + }; + + server1 = { + ip4 = "172.20.72.1"; + publicKey = '' + ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD7M0j9goPMstNFj8dkNjMIgKFvbIGqpgeNKDjwTQdl5QJE+mE0k5/t8RlhN0MprZBr8px8PZw1dZlXAMLK4FQs= + ''; + }; + + server3 = { + ip4 = "172.22.99.13"; + ip6 = "2a00:8180:2c00:223::13"; + publicKey = '' + ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHBQq8QxGUdvQTF6QPiRYHtD73ls4zoUcOtAPLVN/7dDZk7KZLQ+c373VB5jd9FfYKB2/w8lDCHXVi1sY26e+QE= + ''; + }; + + server4 = { + ip4 = "172.22.99.14"; + ip6 = "2a00:8180:2c00:223::14"; + publicKey = '' + ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48= + ''; + }; + + server5 = { + ip4 = "172.22.99.15"; + ip6 = "2a00:8180:2c00:223::15"; + publicKey = '' + ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE= + ''; + }; + + server6 = { + ip4 = "172.22.99.16"; + ip6 = "2a00:8180:2c00:223::16"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHhcvlbZ4TjAb6eQkYB2/Z3o/PHQVyAS6iEdGX+CEbGD"; + }; + + storage-ng.ip4 = "172.22.99.20"; + storage-ng.ip6 = "2a00:8180:2c00:223::20"; + storage-ng.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP"; } diff --git a/hosts/containers/bind/default.nix b/hosts/containers/bind/default.nix index 4779af75..30cb9e76 100644 --- a/hosts/containers/bind/default.nix +++ b/hosts/containers/bind/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, hostRegistry, config, pkgs, ... }: +{ zentralwerk, config, pkgs, ... }: let systemctl = "${pkgs.systemd}/bin/systemctl"; deployCommand = "${systemctl} start deploy-c3d2-dns"; @@ -14,7 +14,7 @@ in networking.hostName = "bind"; networking.useNetworkd = true; networking.interfaces.eth0.ipv4.addresses = [{ - address = hostRegistry.hosts."${config.networking.hostName}".ip4; + address = config.c3d2.hosts."${config.networking.hostName}".ip4; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }]; networking.defaultGateway = "172.20.73.1"; @@ -85,7 +85,7 @@ in script = '' mkdir -p .ssh cp ${builtins.toFile "id_ed25519" sshPrivkey} .ssh/id_ed25519 - echo "gitea.c3d2.de ${hostRegistry.hosts.gitea.publicKey}" > .ssh/known_hosts + echo "gitea.c3d2.de ${config.c3d2.hosts.gitea.publicKey}" > .ssh/known_hosts chmod 0600 .ssh/id_ed25519 # Build at least once diff --git a/hosts/containers/blogs/default.nix b/hosts/containers/blogs/default.nix index 1a5c66ec..6ed5cd28 100644 --- a/hosts/containers/blogs/default.nix +++ b/hosts/containers/blogs/default.nix @@ -4,7 +4,7 @@ hostName = "blogs"; useNetworkd = true; interfaces.eth0.ipv4.addresses = [{ - address = hostRegistry.hosts."${config.networking.hostName}".ip4; + address = config.c3d2.hosts."${config.networking.hostName}".ip4; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }]; defaultGateway = "172.20.73.1"; diff --git a/hosts/containers/c3d2-web/default.nix b/hosts/containers/c3d2-web/default.nix index fef584f2..0c7db2a7 100644 --- a/hosts/containers/c3d2-web/default.nix +++ b/hosts/containers/c3d2-web/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, hostRegistry, nixpkgs, config, pkgs, ... }: +{ zentralwerk, nixpkgs, config, pkgs, ... }: let webroot = "/var/www"; deployCommand = "${pkgs.systemd}/bin/systemctl start deploy-c3d2-web.service"; @@ -9,7 +9,7 @@ in networking.hostName = "c3d2-web"; networking.useNetworkd = true; networking.interfaces.eth0.ipv4.addresses = [{ - address = hostRegistry.hosts."${config.networking.hostName}".ip4; + address = config.c3d2.hosts."${config.networking.hostName}".ip4; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }]; networking.defaultGateway = "172.20.73.1"; @@ -36,8 +36,8 @@ in ''; locations = { # SpaceAPI - "/status.png".proxyPass = "http://[${hostRegistry.hosts.spaceapi.ip6}]:3000/status.png"; - "/spaceapi.json".proxyPass = "http://[${hostRegistry.hosts.spaceapi.ip6}]:3000/spaceapi.json"; + "/status.png".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/status.png"; + "/spaceapi.json".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/spaceapi.json"; }; }; diff --git a/hosts/containers/freifunk/default.nix b/hosts/containers/freifunk/default.nix index a1093a49..97d180ac 100644 --- a/hosts/containers/freifunk/default.nix +++ b/hosts/containers/freifunk/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, modulesPath, hostRegistry, zentralwerk, ... }: +{ config, pkgs, lib, modulesPath, zentralwerk, ... }: let inherit (zentralwerk.lib.config.site.net) core; diff --git a/hosts/containers/gitea/modules/networking.nix b/hosts/containers/gitea/modules/networking.nix index 1c2ce9a2..ff332f75 100644 --- a/hosts/containers/gitea/modules/networking.nix +++ b/hosts/containers/gitea/modules/networking.nix @@ -1,4 +1,4 @@ -{ zentralwerk, hostRegistry, config, pkgs, ... }: +{ zentralwerk, config, pkgs, ... }: { networking = { @@ -7,7 +7,7 @@ interfaces.eth0 = { useDHCP = false; ipv4.addresses = [ { - address = hostRegistry.hosts."${config.networking.hostName}".ip4; + address = config.c3d2.hosts."${config.networking.hostName}".ip4; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; } ]; }; diff --git a/hosts/containers/hydra/hydra.nix b/hosts/containers/hydra/hydra.nix index 18b642c4..e5266e73 100644 --- a/hosts/containers/hydra/hydra.nix +++ b/hosts/containers/hydra/hydra.nix @@ -1,7 +1,7 @@ { hostRegistry, config, pkgs, ... }: let - nix-build = "client@${hostRegistry.hosts.nix-build.ip4}"; + nix-build = "client@${config.c3d2.hosts.nix-build.ip4}"; in { nix = { binaryCaches = diff --git a/hosts/containers/jabber/default.nix b/hosts/containers/jabber/default.nix index d7cd843a..2c29a64d 100644 --- a/hosts/containers/jabber/default.nix +++ b/hosts/containers/jabber/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, hostRegistry, config, pkgs, lib, ... }: +{ zentralwerk, config, pkgs, lib, ... }: let domain = "jabber.c3d2.de"; @@ -22,7 +22,7 @@ in hostName = "jabber"; useNetworkd = true; interfaces.eth0.ipv4.addresses = [{ - address = hostRegistry.hosts."${config.networking.hostName}".ip4; + address = config.c3d2.hosts."${config.networking.hostName}".ip4; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }]; defaultGateway = "172.20.73.1"; @@ -159,7 +159,7 @@ in firewall_scripts = { "${prosodyFirewall}" } - trusted_proxies = { "127.0.0.1", "::1", "${hostRegistry.hosts.public-access-proxy.ip4}", "${hostRegistry.hosts.public-access-proxy.ip4}", } + trusted_proxies = { "127.0.0.1", "::1", "${config.c3d2.hosts.public-access-proxy.ip4}", "${config.c3d2.hosts.public-access-proxy.ip4}", } http_default_host = "${domain}" http_host = "${domain}" http_external_url = "https://${domain}/" diff --git a/hosts/containers/keycloak/default.nix b/hosts/containers/keycloak/default.nix index b22df0dc..c722ee2b 100644 --- a/hosts/containers/keycloak/default.nix +++ b/hosts/containers/keycloak/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, hostRegistry, config, pkgs, ... }: +{ zentralwerk, config, pkgs, ... }: let frontendDomain = "keycloak.c3d2.de"; in @@ -10,7 +10,7 @@ in interfaces.eth0 = { useDHCP = false; ipv4.addresses = [{ - address = hostRegistry.hosts."${config.networking.hostName}".ip4; + address = config.c3d2.hosts."${config.networking.hostName}".ip4; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; } ]; diff --git a/hosts/containers/logging/default.nix b/hosts/containers/logging/default.nix index 6c5ff5ea..f08c83fd 100644 --- a/hosts/containers/logging/default.nix +++ b/hosts/containers/logging/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, hostRegistry, config, pkgs, lib, ... }: +{ zentralwerk, config, pkgs, lib, ... }: let graylogPort = 9000; @@ -7,7 +7,7 @@ in networking = { hostName = "logging"; interfaces.eth0.ipv4.addresses = [{ - address = hostRegistry.hosts.logging.ip4; + address = config.c3d2.hosts.logging.ip4; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }]; defaultGateway = "172.20.73.1"; diff --git a/hosts/containers/matemat/default.nix b/hosts/containers/matemat/default.nix index cbc8c15c..eb61adfd 100644 --- a/hosts/containers/matemat/default.nix +++ b/hosts/containers/matemat/default.nix @@ -1,9 +1,9 @@ -{ zentralwerk, hostRegistry, lib, pkgs, ... }: +{ zentralwerk, config, lib, pkgs, ... }: { networking.hostName = "matemat"; networking.interfaces.eth0 = { ipv4.addresses = [{ - address = hostRegistry.hosts.matemat.ip4; + address = config.c3d2.hosts.matemat.ip4; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }]; useDHCP = false; diff --git a/hosts/containers/mobilizon/default.nix b/hosts/containers/mobilizon/default.nix index 1545b279..26f8511a 100644 --- a/hosts/containers/mobilizon/default.nix +++ b/hosts/containers/mobilizon/default.nix @@ -1,10 +1,10 @@ -{ zentralwerk, hostRegistry, config, ... }: +{ zentralwerk, config, ... }: { c3d2.isInHq = false; networking = { hostName = "mobilizon"; interfaces.eth0.ipv4.addresses = [{ - address = hostRegistry.hosts."${config.networking.hostName}".ip4; + address = config.c3d2.hosts."${config.networking.hostName}".ip4; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }]; defaultGateway = "172.20.73.1"; diff --git a/hosts/containers/nix-build/default.nix b/hosts/containers/nix-build/default.nix index bda8a33e..e35515af 100644 --- a/hosts/containers/nix-build/default.nix +++ b/hosts/containers/nix-build/default.nix @@ -5,7 +5,7 @@ networking.useDHCP = false; networking.interfaces.enp6s18 = { ipv4.addresses = [{ - address = hostRegistry.hosts.nix-build.ip4; + address = config.c3d2.hosts.nix-build.ip4; prefixLength = zentralwerk.lib.config.site.net.c3d2.subnet4Len; }]; useDHCP = false; diff --git a/hosts/containers/public-access-proxy/default.nix b/hosts/containers/public-access-proxy/default.nix index 2fc92bdb..907a0421 100644 --- a/hosts/containers/public-access-proxy/default.nix +++ b/hosts/containers/public-access-proxy/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, hostRegistry, nixosConfigurations, config, pkgs, lib, ... }: +{ zentralwerk, nixosConfigurations, config, pkgs, lib, ... }: { imports = [ @@ -28,7 +28,7 @@ { hostNames = [ "jabber.c3d2.de" ]; proxyTo = { - host = hostRegistry.hosts.jabber.ip4; + host = config.c3d2.hosts.jabber.ip4; httpPort = 5820; httpsPort = 5821; }; @@ -54,10 +54,10 @@ ) (builtins.attrNames nixosConfig.services.nginx.virtualHosts) ); proxyTo.host = - if hostRegistry.hosts."${host}" ? ip4 - then hostRegistry.hosts."${host}".ip4 - else if hostRegistry.hosts."${host}" ? ip6 - then "[${hostRegistry.hosts."${host}".ip6}]" + if config.c3d2.hosts."${host}" ? ip4 + then config.c3d2.hosts."${host}".ip4 + else if config.c3d2.hosts."${host}" ? ip6 + then "[${config.c3d2.hosts."${host}".ip6}]" else throw "No known addresses for ${host}"; } ) (builtins.attrNames ( diff --git a/hosts/containers/sdrweb/default.nix b/hosts/containers/sdrweb/default.nix index bd9d8bb0..6ca1c081 100644 --- a/hosts/containers/sdrweb/default.nix +++ b/hosts/containers/sdrweb/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, hostRegistry, config, pkgs, ... }: +{ zentralwerk, config, pkgs, ... }: { c3d2 = { isInHq = false; @@ -8,7 +8,7 @@ networking.hostName = "sdrweb"; networking.useNetworkd = true; networking.interfaces.eth0.ipv4.addresses = [{ - address = hostRegistry.hosts."${config.networking.hostName}".ip4; + address = config.c3d2.hosts."${config.networking.hostName}".ip4; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }]; networking.defaultGateway = "172.20.73.1"; @@ -41,7 +41,7 @@ charset utf-8; ''; locations."/data.json" = { - proxyPass = "http://${hostRegistry.hosts.radiobert.ip4}:8080/data.json"; + proxyPass = "http://${config.c3d2.hosts.radiobert.ip4}:8080/data.json"; }; }; }; diff --git a/hosts/containers/stream/default.nix b/hosts/containers/stream/default.nix index 59c733d9..04708685 100644 --- a/hosts/containers/stream/default.nix +++ b/hosts/containers/stream/default.nix @@ -1,4 +1,4 @@ -{ hostRegistry, zentralwerk, pkgs, ... }: +{ zentralwerk, pkgs, ... }: let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY"; in @@ -12,12 +12,12 @@ in matchConfig.MACAddress = "C6:40:E0:21:9B:A4"; networkConfig.IPv6AcceptRA = false; addresses = [ { - addressConfig.Address = "${hostRegistry.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}"; + addressConfig.Address = "${config.c3d2.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}"; } ]; routes = [ { routeConfig = { Destination = "172.20.0.0/14"; - Gateway = hostRegistry.hosts.serv-gw.ip4; + Gateway = config.c3d2.hosts.serv-gw.ip4; }; } ]; }; diff --git a/hosts/dacbert/default.nix b/hosts/dacbert/default.nix index 8ef87e61..7bd890d9 100644 --- a/hosts/dacbert/default.nix +++ b/hosts/dacbert/default.nix @@ -1,4 +1,4 @@ -{ hostRegistry, config, lib, pkgs, modulesPath, ... }: +{ config, lib, pkgs, modulesPath, ... }: { boot.initrd.kernelModules = [ ]; diff --git a/hosts/radiobert/base.nix b/hosts/radiobert/base.nix index abe0d2b5..8daf9dd3 100644 --- a/hosts/radiobert/base.nix +++ b/hosts/radiobert/base.nix @@ -1,4 +1,4 @@ -{ zentralwerk, hostRegistry, config, lib, pkgs, ... }: +{ zentralwerk, config, lib, pkgs, ... }: { boot.initrd.availableKernelModules = [ "usbhid" ]; @@ -82,7 +82,7 @@ hostName = "radiobert"; # Define your hostname. useDHCP = false; interfaces.eth0.ipv4.addresses = [{ - address = hostRegistry.hosts."${config.networking.hostName}".ip4; + address = config.c3d2.hosts."${config.networking.hostName}".ip4; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }]; defaultGateway = "172.20.73.1"; diff --git a/hosts/storage-ng/default.nix b/hosts/storage-ng/default.nix index 186e06b7..b2ec44fe 100644 --- a/hosts/storage-ng/default.nix +++ b/hosts/storage-ng/default.nix @@ -1,4 +1,4 @@ -{ hostRegistry, config, pkgs, lib, strings, ... }: +{ config, pkgs, lib, strings, ... }: let eth0 = "ens18"; @@ -37,11 +37,11 @@ in # usePredictableInterfacenames = false; interfaces."${eth0}" = { ipv4.addresses = [{ - address = hostRegistry.hosts.${config.networking.hostName}.ip4; + address = config.c3d2.hosts.${config.networking.hostName}.ip4; prefixLength = 24; }]; ipv6.addresses = [{ - address = hostRegistry.hosts.${config.networking.hostName}.ip6; + address = config.c3d2.hosts.${config.networking.hostName}.ip6; prefixLength = 64; }]; }; diff --git a/modules/c3d2.nix b/modules/c3d2.nix index 636ff6ee..14d0d661 100644 --- a/modules/c3d2.nix +++ b/modules/c3d2.nix @@ -80,6 +80,34 @@ in }; + hosts = + mkOption { + type = attrsOf (submodule { + options = { + ether = mkOption { + type = with types; nullOr str; + default = null; + }; + ip4 = mkOption { + type = with types; nullOr str; + default = null; + }; + ip6 = mkOption { + type = with types; nullOr str; + default = null; + }; + publicKey = mkOption { + type = with types; nullOr str; + default = null; + }; + wol = mkOption { + type = types.bool; + default = false; + }; + }; + }); + }; + users = mkOption { type = attrsOf (submodule {