forked from c3d2/nix-config
Fix eval, remove useless attr hosts in hostRegistry, hosts are now directly at hostRegistry
This commit is contained in:
parent
d3c2074a16
commit
0028e20c55
14
flake.lock
14
flake.lock
|
@ -333,11 +333,11 @@
|
|||
},
|
||||
"nixos-modules": {
|
||||
"locked": {
|
||||
"lastModified": 1671497882,
|
||||
"narHash": "sha256-XVaCow2b+liXKO2mapUCHuyUAufViv3W1MCSndwg6H0=",
|
||||
"lastModified": 1671513238,
|
||||
"narHash": "sha256-NdSyyr1boQwt9RTOA+AxSUnxFZR0HiQ/0Wtg0zj79FY=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixos-modules",
|
||||
"rev": "59917ca90d6375cc9916f1e5ed55af3d259b4d92",
|
||||
"rev": "09848211f1b016b4e56a882f7c74573744b2e478",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -708,11 +708,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1671504518,
|
||||
"narHash": "sha256-me6+d61Z0ze22kS7A/xLGuUzDA1VqM9/Dm/jBjl7z+w=",
|
||||
"lastModified": 1671510376,
|
||||
"narHash": "sha256-9sl5+ssJ/lWXzfk7LevGCRIDKmrhR5kRQ9cE3ohYY7k=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "465e824add3c204c24b01742b5487a424430c105",
|
||||
"revCount": 1699,
|
||||
"rev": "f02f15a568318bf9ed66176ef0efe564c0369f55",
|
||||
"revCount": 1700,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/zentralwerk/network.git"
|
||||
},
|
||||
|
|
19
flake.nix
19
flake.nix
|
@ -210,7 +210,7 @@
|
|||
) result (builtins.attrNames hosts6."${ctx}")
|
||||
) {} (builtins.attrNames hosts6)
|
||||
);
|
||||
hostRegistry.hosts =
|
||||
hostRegistry =
|
||||
builtins.foldl' (result: net:
|
||||
lib.recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net."${net}")
|
||||
) {} [ "core" "cluster" "c3d2" "serv" "flpk" "pub" ];
|
||||
|
@ -219,23 +219,22 @@
|
|||
nixosSystem' =
|
||||
{ nixpkgs ? inputs.nixos
|
||||
, modules
|
||||
, extraArgs ? { }
|
||||
, specialArgs ? { }
|
||||
, system ? "x86_64-linux"
|
||||
}@args:
|
||||
|
||||
{ inherit args; } // nixpkgs.lib.nixosSystem {
|
||||
inherit specialArgs system;
|
||||
{ inherit args; } // lib.nixosSystem {
|
||||
inherit system;
|
||||
|
||||
modules = [
|
||||
({ ... }: {
|
||||
_module.args = extraArgs // {
|
||||
({ config, ... }: {
|
||||
_module.args = {
|
||||
inherit hostRegistry inputs zentralwerk;
|
||||
|
||||
lib = lib.recursiveUpdate nixpkgs.lib nixos-modules.lib;
|
||||
libz = nixos-modules.lib { inherit lib config; };
|
||||
};
|
||||
|
||||
nixpkgs.overlays = [ self.overlays ];
|
||||
nixpkgs.overlays = [
|
||||
self.overlays
|
||||
];
|
||||
})
|
||||
|
||||
self.nixosModules.c3d2
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, ... }:
|
||||
{ config, lib, libz, ... }:
|
||||
|
||||
{
|
||||
c3d2.deployment.server = "server10";
|
||||
|
@ -38,6 +38,7 @@
|
|||
};
|
||||
domain = "auth.c3d2.de";
|
||||
ldap = {
|
||||
searchUserName = "search";
|
||||
suffix = "dc=c3d2,dc=de";
|
||||
tls = true;
|
||||
};
|
||||
|
@ -47,6 +48,6 @@
|
|||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets."portunus/seed" = lib.sops.permissionForUser "portunus";
|
||||
secrets."portunus/seed" = libz.sops.permissionForUser "portunus";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, hostRegistry, pkgs, ... }:
|
||||
let
|
||||
webroot = "/var/www";
|
||||
geminiRoot = "/var/gemini";
|
||||
|
@ -54,8 +54,8 @@ in
|
|||
"/.well-known/webfinger".return = "301 https://c3d2.social$request_uri";
|
||||
|
||||
# SpaceAPI
|
||||
"/status.png".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/status.png";
|
||||
"/spaceapi.json".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/spaceapi.json";
|
||||
"/status.png".proxyPass = "http://[${hostRegistry.spaceapi.ip6}]:3000/status.png";
|
||||
"/spaceapi.json".proxyPass = "http://[${hostRegistry.spaceapi.ip6}]:3000/spaceapi.json";
|
||||
|
||||
# WKD: Web Key Directory for PGP Keys
|
||||
"/openpgp" = {
|
||||
|
|
|
@ -97,7 +97,7 @@ in
|
|||
# fkms-3d.enable = true;
|
||||
# };
|
||||
fileSystems."/" = {
|
||||
device = "${hostRegistry.hosts.nfsroot.ip4}:/var/lib/nfsroot/dacbert";
|
||||
device = "${hostRegistry.nfsroot.ip4}:/var/lib/nfsroot/dacbert";
|
||||
fsType = "nfs";
|
||||
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "rw" ];
|
||||
};
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ zentralwerk, config, pkgs, lib, ... }:
|
||||
{ zentralwerk, config, hostRegistry, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
domain = "jabber.c3d2.de";
|
||||
|
@ -159,7 +159,7 @@ in
|
|||
|
||||
firewall_scripts = { "${prosodyFirewall}" }
|
||||
|
||||
trusted_proxies = { "127.0.0.1", "::1", "${config.c3d2.hosts.public-access-proxy.ip4}", "${config.c3d2.hosts.public-access-proxy.ip4}", }
|
||||
trusted_proxies = { "127.0.0.1", "::1", "${hostRegistry.public-access-proxy.ip4}", "${hostRegistry.public-access-proxy.ip4}", }
|
||||
http_default_host = "${domain}"
|
||||
http_host = "${domain}"
|
||||
http_external_url = "https://${domain}/"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ zentralwerk, config, pkgs, lib, ... }:
|
||||
{ zentralwerk, config, hostRegistry, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
@ -18,11 +18,11 @@
|
|||
matchArg = "-m end";
|
||||
} {
|
||||
hostNames = [ "auth.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.auth.ip4;
|
||||
proxyTo.host = hostRegistry.auth.ip4;
|
||||
} {
|
||||
hostNames = [ "jabber.c3d2.de" ];
|
||||
proxyTo = {
|
||||
host = config.c3d2.hosts.jabber.ip4;
|
||||
host = hostRegistry.jabber.ip4;
|
||||
};
|
||||
matchArg = "-m end";
|
||||
} {
|
||||
|
@ -32,13 +32,13 @@
|
|||
} {
|
||||
hostNames = [ "direkthilfe.c3d2.de" ];
|
||||
proxyTo = {
|
||||
host = config.c3d2.hosts.direkthilfe.ip4;
|
||||
host = hostRegistry.direkthilfe.ip4;
|
||||
};
|
||||
matchArg = "-m end";
|
||||
} {
|
||||
hostNames = [ "staging.dvb.solutions" ];
|
||||
proxyTo = {
|
||||
host = config.c3d2.hosts.staging-data-hoarder.ip4;
|
||||
host = hostRegistry.staging-data-hoarder.ip4;
|
||||
};
|
||||
matchArg = "-m end";
|
||||
} {
|
||||
|
@ -49,10 +49,10 @@
|
|||
matchArg = "-m end";
|
||||
} {
|
||||
hostNames = [ "bind.serv.zentralwerk.org" ];
|
||||
proxyTo.host = config.c3d2.hosts.bind.ip4;
|
||||
proxyTo.host = hostRegistry.bind.ip4;
|
||||
} {
|
||||
hostNames = [ "blogs.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.blogs.ip4;
|
||||
proxyTo.host = hostRegistry.blogs.ip4;
|
||||
} {
|
||||
hostNames = [
|
||||
"datenspuren.de" "www.datenspuren.de" "ds.c3d2.de" "datenspuren.c3d2.de"
|
||||
|
@ -69,73 +69,73 @@
|
|||
"hackmd.c3d2.de"
|
||||
"hedgedoc.c3d2.de"
|
||||
];
|
||||
proxyTo.host = config.c3d2.hosts.hedgedoc.ip4;
|
||||
proxyTo.host = hostRegistry.hedgedoc.ip4;
|
||||
} {
|
||||
hostNames = [ "ftp.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.ftp.ip4;
|
||||
proxyTo.host = hostRegistry.ftp.ip4;
|
||||
} {
|
||||
hostNames = [ "gitea.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.gitea.ip4;
|
||||
proxyTo.host = hostRegistry.gitea.ip4;
|
||||
} {
|
||||
hostNames = [ "grafana.hq.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.grafana.ip4;
|
||||
proxyTo.host = hostRegistry.grafana.ip4;
|
||||
} {
|
||||
hostNames = [
|
||||
"hydra.hq.c3d2.de"
|
||||
"hydra-ca.hq.c3d2.de"
|
||||
"nix-serve.hq.c3d2.de"
|
||||
];
|
||||
proxyTo.host = config.c3d2.hosts.hydra.ip4;
|
||||
proxyTo.host = hostRegistry.hydra.ip4;
|
||||
} {
|
||||
hostNames = [
|
||||
"zentralwerk.org"
|
||||
"www.zentralwerk.org"
|
||||
];
|
||||
proxyTo.host = config.c3d2.hosts.network-homepage.ip4;
|
||||
proxyTo.host = hostRegistry.network-homepage.ip4;
|
||||
} {
|
||||
hostNames = [
|
||||
"kibana.hq.c3d2.de"
|
||||
"kibana-es.hq.c3d2.de"
|
||||
];
|
||||
proxyTo.host = config.c3d2.hosts.kibana.ip4;
|
||||
proxyTo.host = hostRegistry.kibana.ip4;
|
||||
} {
|
||||
hostNames = [ "matemat.hq.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.matemat.ip4;
|
||||
proxyTo.host = hostRegistry.matemat.ip4;
|
||||
} {
|
||||
hostNames = [ "mobilizon.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.mobilizon.ip4;
|
||||
proxyTo.host = hostRegistry.mobilizon.ip4;
|
||||
} {
|
||||
hostNames = [ "drkkr.hq.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.pulsebert.ip4;
|
||||
proxyTo.host = hostRegistry.pulsebert.ip4;
|
||||
} {
|
||||
hostNames = [ "scrape.hq.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.scrape.ip4;
|
||||
proxyTo.host = hostRegistry.scrape.ip4;
|
||||
} {
|
||||
hostNames = [
|
||||
"adsb.hq.c3d2.de"
|
||||
"sdr.hq.c3d2.de"
|
||||
];
|
||||
proxyTo.host = config.c3d2.hosts.sdrweb.ip4;
|
||||
proxyTo.host = hostRegistry.sdrweb.ip4;
|
||||
} {
|
||||
hostNames = [
|
||||
"stream.hq.c3d2.de" "torrents.hq.c3d2.de"
|
||||
];
|
||||
proxyTo.host = config.c3d2.hosts.stream.ip4;
|
||||
proxyTo.host = hostRegistry.stream.ip4;
|
||||
} {
|
||||
hostNames = [ "ticker.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.ticker.ip4;
|
||||
proxyTo.host = hostRegistry.ticker.ip4;
|
||||
} {
|
||||
hostNames = [ "wiki.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.mediawiki.ip4;
|
||||
proxyTo.host = hostRegistry.mediawiki.ip4;
|
||||
} {
|
||||
hostNames = [ "zengel.datenspuren.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.zengel.ip4;
|
||||
proxyTo.host = hostRegistry.zengel.ip4;
|
||||
} {
|
||||
hostNames = [ "owncast.c3d2.de" ];
|
||||
proxyTo.host = config.c3d2.hosts.owncast.ip4;
|
||||
proxyTo.host = hostRegistry.owncast.ip4;
|
||||
} {
|
||||
hostNames = [ "c3d2.social" ];
|
||||
proxyTo.host = config.c3d2.hosts.mastodon.ip4;
|
||||
proxyTo.host = hostRegistry.mastodon.ip4;
|
||||
} {
|
||||
hostNames = [ "relay.fedi.buzz" ];
|
||||
proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.buzzrelay;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ zentralwerk, config, lib, pkgs, ... }:
|
||||
{ zentralwerk, config, hostRegistry, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
@ -99,7 +99,7 @@
|
|||
hostName = "radiobert"; # Define your hostname.
|
||||
useDHCP = false;
|
||||
interfaces.eth0.ipv4.addresses = [{
|
||||
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
|
||||
address = hostRegistry."${config.networking.hostName}".ip4;
|
||||
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
||||
}];
|
||||
defaultGateway = "172.20.73.1";
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
options = [ "bind" ];
|
||||
};
|
||||
fileSystems."/" = {
|
||||
device = "${hostRegistry.hosts.nfsroot.ip4}:/var/lib/nfsroot/riscbert";
|
||||
device = "${hostRegistry.nfsroot.ip4}:/var/lib/nfsroot/riscbert";
|
||||
fsType = "nfs";
|
||||
options = [ "nfsvers=4" "proto=tcp" "nolock" "hard" "async" "rw" ];
|
||||
};
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
};
|
||||
# mount the server's /nix/store
|
||||
"/nix/store" = {
|
||||
device = "${hostRegistry.hosts.nfsroot.ip4}:/nix/store";
|
||||
device = "${hostRegistry.nfsroot.ip4}:/nix/store";
|
||||
fsType = "nfs";
|
||||
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "ro" ];
|
||||
neededForBoot = true;
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, hostRegistry, pkgs, ... }:
|
||||
{
|
||||
deployment = {
|
||||
# needs to keep just its ssh key for sops-nix
|
||||
persistedShares = [ "/home" "/etc" "/var" ];
|
||||
mem = 4096;
|
||||
vcpu = 16;
|
||||
needForSpeed = true;
|
||||
|
@ -40,7 +38,7 @@
|
|||
charset utf-8;
|
||||
'';
|
||||
locations."/data.json" = {
|
||||
proxyPass = "http://${config.c3d2.hosts.radiobert.ip4}:8080/data.json";
|
||||
proxyPass = "http://${hostRegistry.radiobert.ip4}:8080/data.json";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ zentralwerk, config, lib, pkgs, ... }:
|
||||
{ zentralwerk, config, hostRegistry, lib, pkgs, ... }:
|
||||
let
|
||||
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||||
in
|
||||
|
@ -23,7 +23,7 @@ in
|
|||
# try harder disabling global ipv6
|
||||
networkConfig.LinkLocalAddressing = "no";
|
||||
addresses = [ {
|
||||
addressConfig.Address = "${config.c3d2.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";
|
||||
addressConfig.Address = "${hostRegistry.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";
|
||||
} ];
|
||||
gateway = lib.mkForce [];
|
||||
routes = [ {
|
||||
|
|
|
@ -238,7 +238,7 @@ in
|
|||
}];
|
||||
};
|
||||
|
||||
nameservers = with hostRegistry.hosts.dnscache; [
|
||||
nameservers = with hostRegistry.dnscache; [
|
||||
ip4
|
||||
ip6
|
||||
"9.9.9.9"
|
||||
|
|
|
@ -34,7 +34,7 @@ in {
|
|||
nodes = builtins.listToAttrs (
|
||||
map (name: {
|
||||
inherit name;
|
||||
value.address = hostRegistry.hosts.${name}.ip4;
|
||||
value.address = hostRegistry.${name}.ip4;
|
||||
}) servers
|
||||
);
|
||||
nomad = {
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
let
|
||||
getHostAddr = name:
|
||||
let
|
||||
hostConf = hostRegistry.hosts."${name}";
|
||||
hostConf = hostRegistry."${name}";
|
||||
in
|
||||
hostConf.ip4 or (hostConf.ip6 or (throw "Host ${name} has no ip4 or ip6 address"));
|
||||
|
||||
|
|
Loading…
Reference in New Issue