c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Refactor host registry

This commit is contained in:
Ehmry - 2022-01-16 13:26:37 +01:00
parent dd05418887
commit 84f896770e
24 changed files with 199 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
config/c3d2.nix
View File

@ -32,7 +32,6 @@ in {
config = let config = let
cfg = config.c3d2; cfg = config.c3d2;
hostRegistry = import ../host-registry.nix;
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x); mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
in { in {
# Configuration specific to this machine # Configuration specific to this machine
@ -51,21 +50,18 @@ in {
message = "mapHqHosts must be enabled for enableMpdProxy"; message = "mapHqHosts must be enabled for enableMpdProxy";
} }
{ {
assertion = let assertion = cfg.isInHq -> builtins.hasAttr config.networking.hostName cfg.hosts;
check = hostName: hostName == config.networking.hostName;
checkRegistry = builtins.any check;
in cfg.isInHq -> checkRegistry hostRegistry.hqLocal;
message = "${config.networking.hostName} is not registered in ${ message = "${config.networking.hostName} is not registered in ${
toString ../host-registry.nix toString ../host-registry.nix
}"; }";
} }
( # Check for hostRegistry address collisions ( # Check for host registry address collisions
let let
getAddrHosts = key: getAddrHosts = key:
builtins.foldl' (result: host: builtins.foldl' (result: host:
if hostRegistry.hosts."${host}" ? "${key}" if cfg.hosts.${host}.${key} != null
then let then let
addr = hostRegistry.hosts."${host}"."${key}"; addr = cfg.hosts."${host}"."${key}";
in if result ? "${addr}" in if result ? "${addr}"
then result // { then result // {
"${addr}" = result."${addr}" ++ [ host ]; "${addr}" = result."${addr}" ++ [ host ];
@ -74,7 +70,7 @@ in {
"${addr}" = [ host ]; "${addr}" = [ host ];
} }
else result else result
) {} (builtins.attrNames hostRegistry.hosts); ) {} (builtins.attrNames cfg.hosts);
dupHosts = dupHosts =
builtins.concatMap (hosts: builtins.concatMap (hosts:
if builtins.length hosts == 1 if builtins.length hosts == 1
@ -102,25 +98,25 @@ in {
networking.domain = mkIfIsInHq "hq.c3d2.de"; networking.domain = mkIfIsInHq "hq.c3d2.de";
networking.hosts = let networking.hosts = let
getHost = hostName: builtins.getAttr hostName hostRegistry.hosts; getHost = hostName: builtins.getAttr hostName cfg.hosts;
hqLocalHosts = with builtins; hqLocalHosts = with builtins;
let let
f = hostName: f = hostName:
let let
host = getHost hostName; host = getHost hostName;
ip6 = if hasAttr "ip6" host then ip6 = if host.ip6 != null then
host.ip6 host.ip6
else else
toHqPrivateAddress hostName; toHqPrivateAddress hostName;
in [{ in [{
name = ip6; name = ip6;
value = [ "${hostName}.hq" hostName ]; value = [ "${hostName}.hq" hostName ];
}] ++ lib.optional (hasAttr "ip4" host) { }] ++ lib.optional (host.ip4 != null) {
name = host.ip4; name = host.ip4;
value = [ "${hostName}.hq" hostName ]; value = [ "${hostName}.hq" hostName ];
}; };
in listToAttrs (concatLists (map f (attrNames hostRegistry.hosts))); in listToAttrs (concatLists (map f (attrNames cfg.hosts)));
in if cfg.mapHqHosts then hqLocalHosts else { }; in if cfg.mapHqHosts then hqLocalHosts else { };
@ -203,21 +199,20 @@ in {
programs = { programs = {
ssh.knownHosts = with builtins; ssh.knownHosts = with builtins;
let let
hostNames = hostRegistry.hqLocal;
intersectKeys = intersectAttrs { intersectKeys = intersectAttrs {
publicKey = null; publicKey = null;
publicKeyFile = null; publicKeyFile = null;
}; };
list = map (name: list = map (name:
let let
host = getAttr name hostRegistry.hosts; host = getAttr name cfg.hosts;
sshAttrs = intersectKeys host; sshAttrs = intersectKeys host;
in if sshAttrs == { } then in if sshAttrs == { } then
null null
else { else {
inherit name; inherit name;
value = let value = let
ip6 = if hasAttr "ip6" host then ip6 = if host.ip6 != null then
host.ip6 host.ip6
else else
toHqPrivateAddress name; toHqPrivateAddress name;
@ -226,8 +221,8 @@ in {
publicKeyFile = null; publicKeyFile = null;
hostNames = [ ip6 "${name}.hq.c3d2.de" "${name}.hq" name ]; hostNames = [ ip6 "${name}.hq.c3d2.de" "${name}.hq" name ];
} // sshAttrs; } // sshAttrs;
}) hostNames; }) (builtins.attrNames cfg.hosts);
keyedHosts = filter (x: x != null) list; keyedHosts = filter (x: x.value.publicKey != null || x.value.publicKeyFile != null) list;
in listToAttrs keyedHosts; in listToAttrs keyedHosts;
vim.defaultEditor = true; vim.defaultEditor = true;

2
config/logging.nix
View File

@ -47,7 +47,7 @@ in {
output.logstash: output.logstash:
# Boolean flag to enable or disable the output module. # Boolean flag to enable or disable the output module.
enabled: true enabled: true
hosts: ["${hostRegistry.hosts.logging.ip4}:5044"] hosts: ["${config.c3d2.hosts.logging.ip4}:5044"]
''; '';
}; };

2
config/lxc-container.nix
View File

@ -74,7 +74,7 @@
output.logstash: output.logstash:
# Boolean flag to enable or disable the output module. # Boolean flag to enable or disable the output module.
enabled: true enabled: true
hosts: ["${hostRegistry.hosts.logging.ip4}:5044"] hosts: ["${config.c3d2.hosts.logging.ip4}:5044"]
''; '';
}; };

3
flake.nix
View File

@ -55,7 +55,7 @@
lib.recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net."${net}") lib.recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net."${net}")
) {} [ "core" "c3d2" "serv" ]; ) {} [ "core" "c3d2" "serv" ];
}; };
extraHostRegistry = import ./host-registry.nix; extraHostRegistry.hosts = import ./host-registry.nix;
hostRegistry = lib.recursiveUpdate zwHostRegistry extraHostRegistry; hostRegistry = lib.recursiveUpdate zwHostRegistry extraHostRegistry;
flakifiedHosts = nixpkgs.lib.filterAttrs (name: _: self.nixosConfigurations ? "${name}") hostRegistry.hosts; flakifiedHosts = nixpkgs.lib.filterAttrs (name: _: self.nixosConfigurations ? "${name}") hostRegistry.hosts;
@ -506,6 +506,7 @@
sops-nix.nixosModule sops-nix.nixosModule
./modules/c3d2.nix ./modules/c3d2.nix
]; ];
c3d2.hosts = hostRegistry.hosts;
c3d2.users = import ./users.nix; c3d2.users = import ./users.nix;
}; };
plume = { plume = {

231
host-registry.nix
View File

@ -1,125 +1,118 @@
# Registry of C3D2 machines. # Registry of C3D2 machines.
rec { {
hosts = { dacbert.ip4 = "dacbert.hq.c3d2.de";
ledstripes.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHRwhszG9T8ZWuSRkAupCPi7YDQBdaX0YzoQSsvCSpzC";
glotzbert = { dn42 = {
ether = "ec:a8:6b:fe:b4:cb"; ip4 = "172.22.99.253";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
wol = true;
ip4 = "glotzbert.hq.c3d2.de";
};
mpd-index = { };
nfs = { };
ncdc.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzWhy2T7avsFf+ZS8R99kah2wPQs7MYWUP+t4VBi28a";
pulsebert = {
ether = "dc:a6:32:31:b6:32";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQCsDss9Gq3/eTKqpgEwXK+nhnuARS4/kHqF2+laGnp";
wol = true;
ip4 = "pulsebert.hq.c3d2.de";
};
samba = { };
storage-ng.ip4 = "172.22.99.20";
storage-ng.ip6 = "2a00:8180:2c00:223::20";
storage-ng.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
server1 = {
ip4 = "172.20.72.1";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD7M0j9goPMstNFj8dkNjMIgKFvbIGqpgeNKDjwTQdl5QJE+mE0k5/t8RlhN0MprZBr8px8PZw1dZlXAMLK4FQs=
'';
};
server3 = {
ip4 = "172.22.99.13";
ip6 = "2a00:8180:2c00:223::13";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHBQq8QxGUdvQTF6QPiRYHtD73ls4zoUcOtAPLVN/7dDZk7KZLQ+c373VB5jd9FfYKB2/w8lDCHXVi1sY26e+QE=
'';
};
server4 = {
ip4 = "172.22.99.14";
ip6 = "2a00:8180:2c00:223::14";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48=
'';
};
server5 = {
ip4 = "172.22.99.15";
ip6 = "2a00:8180:2c00:223::15";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE=
'';
};
server6 = {
ip4 = "172.22.99.16";
ip6 = "2a00:8180:2c00:223::16";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHhcvlbZ4TjAb6eQkYB2/Z3o/PHQVyAS6iEdGX+CEbGD";
};
freifunk = {
ip4 = "172.20.72.40";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFbxHGfBMBjjior1FNRub56O62K++HVnqUH67BeKD7d";
};
matemat = {
ip4 = "172.20.73.21";
ip6 = "2a00:8180:2c00:282:f82b:1bff:fedc:8572";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBa07c4NnU1TGX1SMNea9e1d4nMtc0OS4gJLmTA3g/fe";
};
scrape = {
ip4 = "172.20.73.32";
ip6 = "2a00:8180:2c00:282:e073:50ff:fef5:eb6e";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGxPgg6nswoij1fBzDPDu6h4+d458XL2+dBxAx9KVOh";
};
dn42 = {
ip4 = "172.22.99.253";
};
grafana = {
ip6 = "2a00:8180:2c00:282:4042:fbff:fe4b:2de8";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y";
};
hydra = {
ip4 = "172.20.73.49";
ip6 = "2a00:8180:2c00:282:e03c:d7ff:fe8e:fe16";
};
mucbot = {
ip4 = "172.20.73.27";
ip6 = "2a00:8180:2c00:282:28db:dff:fe6b:e89a";
};
kibana = {
ip4 = "172.20.73.44";
ip6 = "2a00:8180:2c00:282:460:7cff:fe28:76b2";
};
public-access-proxy = {
ip4 = "172.20.73.45";
ip6 = "2a00:8180:2c00:282:1024:5fff:febd:9be7";
};
gitea.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8MmjiiRmiyUqRYs5a07m7qKDwxh2NwvS2h7pm2b+zx";
dacbert.ip4 = "dacbert.hq.c3d2.de";
nix-build.ip4 = "172.22.99.156";
}; };
hqGlobal = builtins.attrNames hosts; freifunk = {
hqLocal = builtins.attrNames hosts; ip4 = "172.20.72.40";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFbxHGfBMBjjior1FNRub56O62K++HVnqUH67BeKD7d";
};
gitea.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8MmjiiRmiyUqRYs5a07m7qKDwxh2NwvS2h7pm2b+zx";
glotzbert = {
ether = "ec:a8:6b:fe:b4:cb";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
wol = true;
ip4 = "glotzbert.hq.c3d2.de";
};
grafana = {
ip6 = "2a00:8180:2c00:282:4042:fbff:fe4b:2de8";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y";
};
hydra = {
ip4 = "172.20.73.49";
ip6 = "2a00:8180:2c00:282:e03c:d7ff:fe8e:fe16";
};
kibana = {
ip4 = "172.20.73.44";
ip6 = "2a00:8180:2c00:282:460:7cff:fe28:76b2";
};
ledstripes.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHRwhszG9T8ZWuSRkAupCPi7YDQBdaX0YzoQSsvCSpzC";
mucbot = {
ip4 = "172.20.73.27";
ip6 = "2a00:8180:2c00:282:28db:dff:fe6b:e89a";
};
matemat = {
ip4 = "172.20.73.21";
ip6 = "2a00:8180:2c00:282:f82b:1bff:fedc:8572";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBa07c4NnU1TGX1SMNea9e1d4nMtc0OS4gJLmTA3g/fe";
};
mpd-index = { };
nfs = { };
nix-build.ip4 = "172.22.99.156";
public-access-proxy = {
ip4 = "172.20.73.45";
ip6 = "2a00:8180:2c00:282:1024:5fff:febd:9be7";
};
pulsebert = {
ether = "dc:a6:32:31:b6:32";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQCsDss9Gq3/eTKqpgEwXK+nhnuARS4/kHqF2+laGnp";
wol = true;
ip4 = "pulsebert.hq.c3d2.de";
};
samba = { };
scrape = {
ip4 = "172.20.73.32";
ip6 = "2a00:8180:2c00:282:e073:50ff:fef5:eb6e";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGxPgg6nswoij1fBzDPDu6h4+d458XL2+dBxAx9KVOh";
};
server1 = {
ip4 = "172.20.72.1";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD7M0j9goPMstNFj8dkNjMIgKFvbIGqpgeNKDjwTQdl5QJE+mE0k5/t8RlhN0MprZBr8px8PZw1dZlXAMLK4FQs=
'';
};
server3 = {
ip4 = "172.22.99.13";
ip6 = "2a00:8180:2c00:223::13";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHBQq8QxGUdvQTF6QPiRYHtD73ls4zoUcOtAPLVN/7dDZk7KZLQ+c373VB5jd9FfYKB2/w8lDCHXVi1sY26e+QE=
'';
};
server4 = {
ip4 = "172.22.99.14";
ip6 = "2a00:8180:2c00:223::14";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48=
'';
};
server5 = {
ip4 = "172.22.99.15";
ip6 = "2a00:8180:2c00:223::15";
publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE=
'';
};
server6 = {
ip4 = "172.22.99.16";
ip6 = "2a00:8180:2c00:223::16";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHhcvlbZ4TjAb6eQkYB2/Z3o/PHQVyAS6iEdGX+CEbGD";
};
storage-ng.ip4 = "172.22.99.20";
storage-ng.ip6 = "2a00:8180:2c00:223::20";
storage-ng.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
} }

6
hosts/containers/bind/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, pkgs, ... }: { zentralwerk, config, pkgs, ... }:
let let
systemctl = "${pkgs.systemd}/bin/systemctl"; systemctl = "${pkgs.systemd}/bin/systemctl";
deployCommand = "${systemctl} start deploy-c3d2-dns"; deployCommand = "${systemctl} start deploy-c3d2-dns";
@ -14,7 +14,7 @@ in
networking.hostName = "bind"; networking.hostName = "bind";
networking.useNetworkd = true; networking.useNetworkd = true;
networking.interfaces.eth0.ipv4.addresses = [{ networking.interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4; address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}]; }];
networking.defaultGateway = "172.20.73.1"; networking.defaultGateway = "172.20.73.1";
@ -85,7 +85,7 @@ in
script = '' script = ''
mkdir -p .ssh mkdir -p .ssh
cp ${builtins.toFile "id_ed25519" sshPrivkey} .ssh/id_ed25519 cp ${builtins.toFile "id_ed25519" sshPrivkey} .ssh/id_ed25519
echo "gitea.c3d2.de ${hostRegistry.hosts.gitea.publicKey}" > .ssh/known_hosts echo "gitea.c3d2.de ${config.c3d2.hosts.gitea.publicKey}" > .ssh/known_hosts
chmod 0600 .ssh/id_ed25519 chmod 0600 .ssh/id_ed25519
# Build at least once # Build at least once

2
hosts/containers/blogs/default.nix
View File

@ -4,7 +4,7 @@
hostName = "blogs"; hostName = "blogs";
useNetworkd = true; useNetworkd = true;
interfaces.eth0.ipv4.addresses = [{ interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4; address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}]; }];
defaultGateway = "172.20.73.1"; defaultGateway = "172.20.73.1";

8
hosts/containers/c3d2-web/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, nixpkgs, config, pkgs, ... }: { zentralwerk, nixpkgs, config, pkgs, ... }:
let let
webroot = "/var/www"; webroot = "/var/www";
deployCommand = "${pkgs.systemd}/bin/systemctl start deploy-c3d2-web.service"; deployCommand = "${pkgs.systemd}/bin/systemctl start deploy-c3d2-web.service";
@ -9,7 +9,7 @@ in
networking.hostName = "c3d2-web"; networking.hostName = "c3d2-web";
networking.useNetworkd = true; networking.useNetworkd = true;
networking.interfaces.eth0.ipv4.addresses = [{ networking.interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4; address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}]; }];
networking.defaultGateway = "172.20.73.1"; networking.defaultGateway = "172.20.73.1";
@ -36,8 +36,8 @@ in
''; '';
locations = { locations = {
# SpaceAPI # SpaceAPI
"/status.png".proxyPass = "http://[${hostRegistry.hosts.spaceapi.ip6}]:3000/status.png"; "/status.png".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/status.png";
"/spaceapi.json".proxyPass = "http://[${hostRegistry.hosts.spaceapi.ip6}]:3000/spaceapi.json"; "/spaceapi.json".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/spaceapi.json";
}; };
}; };

2
hosts/containers/freifunk/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, modulesPath, hostRegistry, zentralwerk, ... }: { config, pkgs, lib, modulesPath, zentralwerk, ... }:
let let
inherit (zentralwerk.lib.config.site.net) core; inherit (zentralwerk.lib.config.site.net) core;

4
hosts/containers/gitea/modules/networking.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, pkgs, ... }: { zentralwerk, config, pkgs, ... }:
{ {
networking = { networking = {
@ -7,7 +7,7 @@
interfaces.eth0 = { interfaces.eth0 = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [ { ipv4.addresses = [ {
address = hostRegistry.hosts."${config.networking.hostName}".ip4; address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
} ]; } ];
}; };

2
hosts/containers/hydra/hydra.nix
View File

@ -1,7 +1,7 @@
{ hostRegistry, config, pkgs, ... }: { hostRegistry, config, pkgs, ... }:
let let
nix-build = "client@${hostRegistry.hosts.nix-build.ip4}"; nix-build = "client@${config.c3d2.hosts.nix-build.ip4}";
in { in {
nix = { nix = {
binaryCaches = binaryCaches =

6
hosts/containers/jabber/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, pkgs, lib, ... }: { zentralwerk, config, pkgs, lib, ... }:
let let
domain = "jabber.c3d2.de"; domain = "jabber.c3d2.de";
@ -22,7 +22,7 @@ in
hostName = "jabber"; hostName = "jabber";
useNetworkd = true; useNetworkd = true;
interfaces.eth0.ipv4.addresses = [{ interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4; address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}]; }];
defaultGateway = "172.20.73.1"; defaultGateway = "172.20.73.1";
@ -159,7 +159,7 @@ in
firewall_scripts = { "${prosodyFirewall}" } firewall_scripts = { "${prosodyFirewall}" }
trusted_proxies = { "127.0.0.1", "::1", "${hostRegistry.hosts.public-access-proxy.ip4}", "${hostRegistry.hosts.public-access-proxy.ip4}", } trusted_proxies = { "127.0.0.1", "::1", "${config.c3d2.hosts.public-access-proxy.ip4}", "${config.c3d2.hosts.public-access-proxy.ip4}", }
http_default_host = "${domain}" http_default_host = "${domain}"
http_host = "${domain}" http_host = "${domain}"
http_external_url = "https://${domain}/" http_external_url = "https://${domain}/"

4
hosts/containers/keycloak/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, pkgs, ... }: { zentralwerk, config, pkgs, ... }:
let let
frontendDomain = "keycloak.c3d2.de"; frontendDomain = "keycloak.c3d2.de";
in in
@ -10,7 +10,7 @@ in
interfaces.eth0 = { interfaces.eth0 = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [{ ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4; address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
} }
]; ];

4
hosts/containers/logging/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, pkgs, lib, ... }: { zentralwerk, config, pkgs, lib, ... }:
let let
graylogPort = 9000; graylogPort = 9000;
@ -7,7 +7,7 @@ in
networking = { networking = {
hostName = "logging"; hostName = "logging";
interfaces.eth0.ipv4.addresses = [{ interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts.logging.ip4; address = config.c3d2.hosts.logging.ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}]; }];
defaultGateway = "172.20.73.1"; defaultGateway = "172.20.73.1";

4
hosts/containers/matemat/default.nix
View File

@ -1,9 +1,9 @@
{ zentralwerk, hostRegistry, lib, pkgs, ... }: { zentralwerk, config, lib, pkgs, ... }:
{ {
networking.hostName = "matemat"; networking.hostName = "matemat";
networking.interfaces.eth0 = { networking.interfaces.eth0 = {
ipv4.addresses = [{ ipv4.addresses = [{
address = hostRegistry.hosts.matemat.ip4; address = config.c3d2.hosts.matemat.ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}]; }];
useDHCP = false; useDHCP = false;

4
hosts/containers/mobilizon/default.nix
View File

@ -1,10 +1,10 @@
{ zentralwerk, hostRegistry, config, ... }: { zentralwerk, config, ... }:
{ {
c3d2.isInHq = false; c3d2.isInHq = false;
networking = { networking = {
hostName = "mobilizon"; hostName = "mobilizon";
interfaces.eth0.ipv4.addresses = [{ interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4; address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}]; }];
defaultGateway = "172.20.73.1"; defaultGateway = "172.20.73.1";

2
hosts/containers/nix-build/default.nix
View File

@ -5,7 +5,7 @@
networking.useDHCP = false; networking.useDHCP = false;
networking.interfaces.enp6s18 = { networking.interfaces.enp6s18 = {
ipv4.addresses = [{ ipv4.addresses = [{
address = hostRegistry.hosts.nix-build.ip4; address = config.c3d2.hosts.nix-build.ip4;
prefixLength = zentralwerk.lib.config.site.net.c3d2.subnet4Len; prefixLength = zentralwerk.lib.config.site.net.c3d2.subnet4Len;
}]; }];
useDHCP = false; useDHCP = false;

12
hosts/containers/public-access-proxy/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, nixosConfigurations, config, pkgs, lib, ... }: { zentralwerk, nixosConfigurations, config, pkgs, lib, ... }:
{ {
imports = [ imports = [
@ -28,7 +28,7 @@
{ {
hostNames = [ "jabber.c3d2.de" ]; hostNames = [ "jabber.c3d2.de" ];
proxyTo = { proxyTo = {
host = hostRegistry.hosts.jabber.ip4; host = config.c3d2.hosts.jabber.ip4;
httpPort = 5820; httpPort = 5820;
httpsPort = 5821; httpsPort = 5821;
}; };
@ -54,10 +54,10 @@
) (builtins.attrNames nixosConfig.services.nginx.virtualHosts) ) (builtins.attrNames nixosConfig.services.nginx.virtualHosts)
); );
proxyTo.host = proxyTo.host =
if hostRegistry.hosts."${host}" ? ip4 if config.c3d2.hosts."${host}" ? ip4
then hostRegistry.hosts."${host}".ip4 then config.c3d2.hosts."${host}".ip4
else if hostRegistry.hosts."${host}" ? ip6 else if config.c3d2.hosts."${host}" ? ip6
then "[${hostRegistry.hosts."${host}".ip6}]" then "[${config.c3d2.hosts."${host}".ip6}]"
else throw "No known addresses for ${host}"; else throw "No known addresses for ${host}";
} }
) (builtins.attrNames ( ) (builtins.attrNames (

6
hosts/containers/sdrweb/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, pkgs, ... }: { zentralwerk, config, pkgs, ... }:
{ {
c3d2 = { c3d2 = {
isInHq = false; isInHq = false;
@ -8,7 +8,7 @@
networking.hostName = "sdrweb"; networking.hostName = "sdrweb";
networking.useNetworkd = true; networking.useNetworkd = true;
networking.interfaces.eth0.ipv4.addresses = [{ networking.interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4; address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}]; }];
networking.defaultGateway = "172.20.73.1"; networking.defaultGateway = "172.20.73.1";
@ -41,7 +41,7 @@
charset utf-8; charset utf-8;
''; '';
locations."/data.json" = { locations."/data.json" = {
proxyPass = "http://${hostRegistry.hosts.radiobert.ip4}:8080/data.json"; proxyPass = "http://${config.c3d2.hosts.radiobert.ip4}:8080/data.json";
}; };
}; };
}; };

6
hosts/containers/stream/default.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, zentralwerk, pkgs, ... }: { zentralwerk, pkgs, ... }:
let let
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY"; authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
in in
@ -12,12 +12,12 @@ in
matchConfig.MACAddress = "C6:40:E0:21:9B:A4"; matchConfig.MACAddress = "C6:40:E0:21:9B:A4";
networkConfig.IPv6AcceptRA = false; networkConfig.IPv6AcceptRA = false;
addresses = [ { addresses = [ {
addressConfig.Address = "${hostRegistry.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}"; addressConfig.Address = "${config.c3d2.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";
} ]; } ];
routes = [ { routes = [ {
routeConfig = { routeConfig = {
Destination = "172.20.0.0/14"; Destination = "172.20.0.0/14";
Gateway = hostRegistry.hosts.serv-gw.ip4; Gateway = config.c3d2.hosts.serv-gw.ip4;
}; };
} ]; } ];
}; };

2
hosts/dacbert/default.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];

4
hosts/radiobert/base.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, lib, pkgs, ... }: { zentralwerk, config, lib, pkgs, ... }:
{ {
boot.initrd.availableKernelModules = [ "usbhid" ]; boot.initrd.availableKernelModules = [ "usbhid" ];
@ -82,7 +82,7 @@
hostName = "radiobert"; # Define your hostname. hostName = "radiobert"; # Define your hostname.
useDHCP = false; useDHCP = false;
interfaces.eth0.ipv4.addresses = [{ interfaces.eth0.ipv4.addresses = [{
address = hostRegistry.hosts."${config.networking.hostName}".ip4; address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}]; }];
defaultGateway = "172.20.73.1"; defaultGateway = "172.20.73.1";

6
hosts/storage-ng/default.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, config, pkgs, lib, strings, ... }: { config, pkgs, lib, strings, ... }:
let let
eth0 = "ens18"; eth0 = "ens18";
@ -37,11 +37,11 @@ in
# usePredictableInterfacenames = false; # usePredictableInterfacenames = false;
interfaces."${eth0}" = { interfaces."${eth0}" = {
ipv4.addresses = [{ ipv4.addresses = [{
address = hostRegistry.hosts.${config.networking.hostName}.ip4; address = config.c3d2.hosts.${config.networking.hostName}.ip4;
prefixLength = 24; prefixLength = 24;
}]; }];
ipv6.addresses = [{ ipv6.addresses = [{
address = hostRegistry.hosts.${config.networking.hostName}.ip6; address = config.c3d2.hosts.${config.networking.hostName}.ip6;
prefixLength = 64; prefixLength = 64;
}]; }];
}; };

28
modules/c3d2.nix
View File

@ -80,6 +80,34 @@ in
}; };
hosts =
mkOption {
type = attrsOf (submodule {
options = {
ether = mkOption {
type = with types; nullOr str;
default = null;
};
ip4 = mkOption {
type = with types; nullOr str;
default = null;
};
ip6 = mkOption {
type = with types; nullOr str;
default = null;
};
publicKey = mkOption {
type = with types; nullOr str;
default = null;
};
wol = mkOption {
type = types.bool;
default = false;
};
};
});
};
users = users =
mkOption { mkOption {
type = attrsOf (submodule { type = attrsOf (submodule {