diff options
| -rw-r--r-- | .gitmodules | 2 | ||||
| -rw-r--r-- | kartei/default.nix | 31 | ||||
| -rw-r--r-- | kartei/template/default.nix | 20 | ||||
| -rw-r--r-- | krebs/3modules/default.nix | 33 | ||||
| -rw-r--r-- | krebs/3modules/dns.nix | 13 | ||||
| -rw-r--r-- | krebs/3modules/hosts.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/sitemap.nix | 8 | ||||
| -rw-r--r-- | krebs/3modules/users.nix | 20 | ||||
| -rw-r--r-- | lib/types.nix | 16 |
9 files changed, 90 insertions, 55 deletions
diff --git a/.gitmodules b/.gitmodules index 7ecb497e..869980fa 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,6 @@ [submodule "submodules/nix-writers"] path = submodules/nix-writers - url = http://cgit.krebsco.de/nix-writers + url = https://cgit.krebsco.de/nix-writers [submodule "submodules/krops"] path = submodules/krops url = https://cgit.krebsco.de/krops diff --git a/kartei/default.nix b/kartei/default.nix index 1b11f0fd..6024e235 100644 --- a/kartei/default.nix +++ b/kartei/default.nix @@ -1,15 +1,18 @@ -{ config, lib, ... }: { - config = lib.mkMerge (map (path: { krebs = import path { inherit config; }; }) [ - ./dbalan - ./jeschli - ./kmein - ./krebs - ./lass - ./makefu - ./mic92 - ./others - ./palo - ./rtunreal - ./tv - ]); +{ config, lib, ... }: let + removeTemplate = + # TODO don't remove during CI + lib.flip builtins.removeAttrs ["template"]; +in { + config = + lib.mkMerge + (lib.mapAttrsToList + (name: _type: let + path = ./. + "/${name}"; + in { + krebs = import path { inherit config; }; + }) + (removeTemplate + (lib.filterAttrs + (_name: type: type == "directory") + (builtins.readDir ./.)))); } diff --git a/kartei/template/default.nix b/kartei/template/default.nix new file mode 100644 index 00000000..2acf78d3 --- /dev/null +++ b/kartei/template/default.nix @@ -0,0 +1,20 @@ +{ config, ... }: let + lib = import ../../lib; +in { + users.DUMMYUSER = { + mail = "DUMMYUSER@example.ork"; + }; + hosts.DUMMYHOST = { + owner = config.krebs.users.DUMMYUSER; + nets.retiolum = { + aliases = [ "DUMMYHOST.DUMMYUSER.r" ]; + ip6.addr = (lib.krebs.genipv6 "retiolum" "DUMMYUSER" { hostName = "DUMMYHOST"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + DUMMYTINCPUBKEYRSA + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "DUMMYTINCPUBKEYED25519"; + }; + }; +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 70fc0581..e8f5d161 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -49,6 +49,7 @@ let ./secret.nix ./setuid.nix ./shadow.nix + ./sitemap.nix ./ssl.nix ./sync-containers.nix ./systemd.nix @@ -56,6 +57,7 @@ let ./tinc_graphs.nix ./upstream ./urlwatch.nix + ./users.nix ./xresources.nix ./zones.nix ]; @@ -66,15 +68,6 @@ let api = { enable = mkEnableOption "krebs"; - users = mkOption { - type = with types; attrsOf user; - }; - - sitemap = mkOption { - default = {}; - type = types.attrsOf types.sitemap.entry; - }; - zone-head-config = mkOption { type = with types; attrsOf str; description = '' @@ -102,28 +95,6 @@ let imp = lib.mkMerge [ { - krebs.dns.providers = { - "krebsco.de" = "zones"; - shack = "hosts"; - i = "hosts"; - r = "hosts"; - w = "hosts"; - }; - - krebs.dns.search-domain = mkDefault "r"; - - krebs.users = { - krebs = { - home = "/krebs"; - mail = "spam@krebsco.de"; - }; - root = { - home = "/root"; - pubkey = config.krebs.build.host.ssh.pubkey; - uid = 0; - }; - }; - services.openssh.hostKeys = let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) [privkey]; diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix index 8acc4ccd..8a74d306 100644 --- a/krebs/3modules/dns.nix +++ b/krebs/3modules/dns.nix @@ -1,12 +1,21 @@ with import <stockholm/lib>; -{ +{ config, ... }: { options = { krebs.dns.providers = mkOption { type = types.attrsOf types.str; }; - krebs.dns.search-domain = mkOption { type = types.nullOr types.hostname; }; }; + config = mkIf config.krebs.enable { + krebs.dns.providers = { + "krebsco.de" = "zones"; + shack = "hosts"; + i = "hosts"; + r = "hosts"; + w = "hosts"; + }; + krebs.dns.search-domain = mkDefault "r"; + }; } diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index ae013630..bd1bb165 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -11,7 +11,7 @@ in { }; }; - config = { + config = mkIf config.krebs.enable { networking.hosts = filterAttrs (_name: value: value != []) diff --git a/krebs/3modules/sitemap.nix b/krebs/3modules/sitemap.nix new file mode 100644 index 00000000..ec2179db --- /dev/null +++ b/krebs/3modules/sitemap.nix @@ -0,0 +1,8 @@ +let + lib = import ../../lib; +in { + options.krebs.sitemap = lib.mkOption { + type = with lib.types; attrsOf sitemap.entry; + default = {}; + }; +} diff --git a/krebs/3modules/users.nix b/krebs/3modules/users.nix new file mode 100644 index 00000000..c1ad4b44 --- /dev/null +++ b/krebs/3modules/users.nix @@ -0,0 +1,20 @@ +{ config, ... }: let + lib = import ../../lib; +in { + options.krebs.users = lib.mkOption { + type = with lib.types; attrsOf user; + }; + config = lib.mkIf config.krebs.enable { + krebs.users = { + krebs = { + home = "/krebs"; + mail = "spam@krebsco.de"; + }; + root = { + home = "/root"; + pubkey = config.krebs.build.host.ssh.pubkey; + uid = 0; + }; + }; + }; +} diff --git a/lib/types.nix b/lib/types.nix index 0e0e093f..67a0c6f1 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -136,7 +136,7 @@ rec { default = null; }; ip4 = mkOption { - type = nullOr (submodule { + type = nullOr (submodule (ip4: { options = { addr = mkOption { type = addr4; @@ -146,13 +146,15 @@ rec { } // { retiolum.default = "10.243.0.0/16"; wiregrill.default = "10.244.0.0/16"; - }.${config._module.args.name} or {}); + }.${config._module.args.name} or { + default = "${ip4.config.addr}/32"; + }); }; - }); + })); default = null; }; ip6 = mkOption { - type = nullOr (submodule { + type = nullOr (submodule (ip6: { options = { addr = mkOption { type = addr6; @@ -163,9 +165,11 @@ rec { } // { retiolum.default = "42:0::/32"; wiregrill.default = "42:1::/32"; - }.${config._module.args.name} or {}); + }.${config._module.args.name} or { + default = "${ip6.config.addr}/128"; + }); }; - }); + })); default = null; }; ssh = mkOption { |