diff options
Diffstat (limited to 'krebs/3modules/default.nix')
| -rw-r--r-- | krebs/3modules/default.nix | 255 |
1 files changed, 59 insertions, 196 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 8ea727dc..27c3da2e 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -1,198 +1,61 @@ { config, lib, ... }: - -with import <stockholm/lib>; -let - cfg = config.krebs; - - out = { - imports = [ - ./acl.nix - ./airdcpp.nix - ./announce-activation.nix - ./apt-cacher-ng.nix - ./backup.nix - ./bepasty-server.nix - ./bindfs.nix - ./brockman.nix - ./build.nix - ./cachecache.nix - ./ci.nix - ./current.nix - ./dns.nix - ./ergo.nix - ./exim-retiolum.nix - ./exim-smarthost.nix - ./exim.nix - ./fetchWallpaper.nix - ./git.nix - ./github-hosts-sync.nix - ./github-known-hosts.nix - ./go.nix - ./hidden-ssh.nix - ./hosts.nix - ./htgen.nix - ./iana-etc.nix - ./iptables.nix - ./kapacitor.nix - ./konsens.nix - ./monit.nix - ./nixpkgs.nix - ./on-failure.nix - ./os-release.nix - ./per-user.nix - ./permown.nix - ./power-action.nix - ./reaktor2.nix - ./realwallpaper.nix - ./repo-sync.nix - ./retiolum-bootstrap.nix - ./secret.nix - ./setuid.nix - ./shadow.nix - ./ssl.nix - ./sync-containers.nix - ./systemd.nix - ./tinc.nix - ./tinc_graphs.nix - ./upstream - ./urlwatch.nix - ./xresources.nix - ./zones.nix - ]; - options.krebs = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "krebs"; - - users = mkOption { - type = with types; attrsOf user; - }; - - sitemap = mkOption { - default = {}; - type = types.attrsOf types.sitemap.entry; - }; - - zone-head-config = mkOption { - type = with types; attrsOf str; - description = '' - The zone configuration head which is being used to create the - zone files. The string for each key is pre-pended to the zone file. - ''; - # TODO: configure the default somewhere else, - # maybe use krebs.dns.providers - default = { - - # github.io -> 192.30.252.154 - "krebsco.de" = '' - $TTL 86400 - @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400) - IN NS ns19.ovh.net. - IN NS dns19.ovh.net. - IN A 185.199.108.153 - IN A 185.199.109.153 - IN A 185.199.110.153 - IN A 185.199.111.153 - ''; - }; - }; - }; - - imp = lib.mkMerge [ - { krebs = import ./external { inherit config; }; } - { krebs = import ./external/dbalan.nix { inherit config; }; } - { krebs = import ./external/kmein.nix { inherit config; }; } - { krebs = import ./external/mic92.nix { inherit config; }; } - { krebs = import ./external/palo.nix { inherit config; }; } - { krebs = import ./jeschli { inherit config; }; } - { krebs = import ./krebs { inherit config; }; } - { krebs = import ./lass { inherit config; }; } - { krebs = import ./makefu { inherit config; }; } - { krebs = import ./tv { inherit config; }; } - { - krebs.dns.providers = { - "krebsco.de" = "zones"; - shack = "hosts"; - i = "hosts"; - r = "hosts"; - w = "hosts"; - }; - - krebs.dns.search-domain = mkDefault "r"; - - krebs.users = { - krebs = { - home = "/krebs"; - mail = "spam@krebsco.de"; - }; - root = { - home = "/root"; - pubkey = config.krebs.build.host.ssh.pubkey; - uid = 0; - }; - }; - - services.openssh.hostKeys = - let inherit (config.krebs.build.host.ssh) privkey; in - mkIf (privkey != null) [privkey]; - - # TODO use imports for merging - services.openssh.knownHosts = - (let inherit (config.krebs.build.host.ssh) pubkey; in - optionalAttrs (pubkey != null) { - localhost = { - hostNames = ["localhost" "127.0.0.1" "::1"]; - publicKey = pubkey; - }; - }) - // - mapAttrs - (name: host: { - hostNames = - concatLists - (mapAttrsToList - (net-name: net: - let - longs = net.aliases; - shorts = - optionals - (cfg.dns.search-domain != null) - (map (removeSuffix ".${cfg.dns.search-domain}") - (filter (hasSuffix ".${cfg.dns.search-domain}") - longs)); - add-port = a: - if net.ssh.port != 22 - then "[${a}]:${toString net.ssh.port}" - else a; - in - map add-port (shorts ++ longs ++ net.addrs)) - host.nets); - - publicKey = host.ssh.pubkey; - }) - (filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts); - - programs.ssh.extraConfig = concatMapStrings - (net: '' - Host ${toString (net.aliases ++ net.addrs)} - Port ${toString net.ssh.port} - '') - (filter - (net: net.ssh.port != 22) - (concatMap (host: attrValues host.nets) - (mapAttrsToList - (_: host: recursiveUpdate host - (optionalAttrs (cfg.dns.search-domain != null && - hasAttr cfg.dns.search-domain host.nets) { - nets."" = host.nets.${cfg.dns.search-domain} // { - aliases = [host.name]; - addrs = []; - }; - })) - config.krebs.hosts))); - } +{ + imports = [ + ./acl.nix + ./airdcpp.nix + ./announce-activation.nix + ./apt-cacher-ng.nix + ./backup.nix + ./bepasty-server.nix + ./bindfs.nix + ./brockman.nix + ./build.nix + ./cachecache.nix + ./ci + ./current.nix + ./dns.nix + ./exim-retiolum.nix + ./exim-smarthost.nix + ./exim.nix + ./git.nix + ./github + ./go.nix + ./hidden-ssh.nix + ./hosts.nix + ./htgen.nix + ./iana-etc.nix + ./iptables.nix + ./kapacitor.nix + ./kartei.nix + ./konsens.nix + ./krebs-pages.nix + ./krebs.nix + ./monit.nix + ./nixpkgs.nix + ./on-failure.nix + ./os-release.nix + ./per-user.nix + ./permown.nix + ./power-action.nix + ./reaktor2.nix + ./realwallpaper.nix + ./repo-sync.nix + ./retiolum-bootstrap.nix + ./secret.nix + ./setuid.nix + ./shadow.nix + ./sitemap.nix + ./ssh.nix + ./ssl.nix + ./sync-containers.nix + ./sync-containers3.nix + ./systemd.nix + ./tinc.nix + ./tinc_graphs.nix + ./upstream + ./urlwatch.nix + ./users.nix + ./xresources.nix + ./zones.nix ]; - -in out +} |