diff options
Diffstat (limited to 'krebs/3modules')
| -rw-r--r-- | krebs/3modules/build.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/default.nix | 9 | ||||
| -rw-r--r-- | krebs/3modules/retiolum.nix | 94 | ||||
| -rw-r--r-- | krebs/3modules/tv/default.nix | 42 |
4 files changed, 69 insertions, 78 deletions
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 00142acd..0da5dd38 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -74,7 +74,7 @@ let unset tmpdir trap ' - rm "$tmpdir"/* + rm -f "$tmpdir"/* rmdir "$tmpdir" trap - EXIT INT QUIT ' EXIT INT QUIT diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ba1f425d..52950690 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -92,11 +92,12 @@ let de.krebsco = "zones"; gg23 = "hosts"; shack = "hosts"; + i = "hosts"; internet = "hosts"; + r = "hosts"; retiolum = "hosts"; }; - # XXX This overlaps with krebs.retiolum networking.extraHosts = concatStringsSep "\n" (flatten ( mapAttrsToList (hostname: host: mapAttrsToList (netname: net: @@ -104,10 +105,8 @@ let aliases = longs ++ shorts; providers = dns.split-by-provider net.aliases cfg.dns.providers; longs = providers.hosts; - shorts = - map (removeSuffix ".${cfg.search-domain}") - (filter (hasSuffix ".${cfg.search-domain}") - longs); + shorts = let s = ".${cfg.search-domain}"; in + map (removeSuffix s) (filter (hasSuffix s) longs); in map (addr: "${addr} ${toString aliases}") net.addrs ) (filterAttrs (name: host: host.aliases != []) host.nets) diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index e0e2692a..2bf8aa5d 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -1,6 +1,4 @@ { config, pkgs, lib, ... }: - -with builtins; with lib; let cfg = config.krebs.retiolum; @@ -31,22 +29,13 @@ let ''; }; - generateEtcHosts = mkOption { - type = types.str; - default = "both"; - description = '' - If set to <literal>short</literal>, <literal>long</literal>, or <literal>both</literal>, - then generate entries in <filename>/etc/hosts</filename> from subnets. - ''; - }; - - network = mkOption { + netname = mkOption { type = types.str; default = "retiolum"; description = '' The tinc network name. - It is used to generate long host entries, - and name the TUN device. + It is used to name the TUN device and to generate the default value for + <literal>config.krebs.retiolum.hosts</literal>. ''; }; @@ -65,10 +54,13 @@ let }; hosts = mkOption { - type = with types; either package path; - default = ../Zhosts; + type = with types; attrsOf host; + default = + filterAttrs (_: h: hasAttr cfg.netname h.nets) config.krebs.hosts; description = '' - If a path is given, then it will be used to generate an ad-hoc package. + Hosts which should be part of the tinc configuration. + Note that these hosts must have a correspondingly named network + configured, see <literal>config.krebs.retiolum.netname</literal>. ''; }; @@ -104,9 +96,7 @@ let }; imp = { - environment.systemPackages = [ tinc hosts iproute ]; - - networking.extraHosts = retiolumExtraHosts; + environment.systemPackages = [ tinc iproute ]; systemd.services.retiolum = { description = "Tinc daemon for Retiolum"; @@ -140,60 +130,20 @@ let tinc = cfg.tincPackage; - hosts = getAttr (typeOf cfg.hosts) { - package = cfg.hosts; - path = pkgs.stdenv.mkDerivation { - name = "custom-retiolum-hosts"; - src = cfg.hosts; - installPhase = '' - mkdir $out - find . -name .git -prune -o -type f -print0 \ - | xargs -0 cp --target-directory $out - ''; - }; + tinc-hosts = pkgs.stdenv.mkDerivation { + name = "${cfg.netname}-tinc-hosts"; + phases = [ "installPhase" ]; + installPhase = '' + mkdir $out + ${concatStrings (mapAttrsToList (_: host: '' + echo ${shell.escape host.nets.${cfg.netname}.tinc.config} \ + > $out/${shell.escape host.name} + '') cfg.hosts)} + ''; }; iproute = cfg.iproutePackage; - retiolumExtraHosts = import (pkgs.runCommand "retiolum-etc-hosts" - { } - '' - generate() { - (cd ${hosts} - printf \'\' - for i in `ls`; do - names=$(hostnames $i) - for j in `sed -En 's|^ *Aliases *= *(.+)|\1|p' $i`; do - names="$names $(hostnames $j)" - done - sed -En ' - s|^ *Subnet *= *([^ /]*)(/[0-9]*)? *$|\1 '"$names"'|p - ' $i - done | sort - printf \'\' - ) - } - - case ${cfg.generateEtcHosts} in - short) - hostnames() { echo "$1"; } - generate - ;; - long) - hostnames() { echo "$1.${cfg.network}"; } - generate - ;; - both) - hostnames() { echo "$1.${cfg.network} $1"; } - generate - ;; - *) - echo '""' - ;; - esac > $out - ''); - - confDir = pkgs.runCommand "retiolum" { # TODO text executable = true; @@ -203,12 +153,12 @@ let mkdir -p $out - ln -s ${hosts} $out/hosts + ln -s ${tinc-hosts} $out/hosts cat > $out/tinc.conf <<EOF Name = ${cfg.name} Device = /dev/net/tun - Interface = ${cfg.network} + Interface = ${cfg.netname} ${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)} PrivateKeyFile = /tmp/retiolum-rsa_key.priv ${cfg.extraConfig} diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 31c1a375..7db5c532 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -24,6 +24,7 @@ with lib; internet = { addrs4 = ["162.219.7.216"]; aliases = [ + "cd.i" "cd.internet" "cd.krebsco.de" "cgit.cd.krebsco.de" @@ -37,6 +38,7 @@ with lib; addrs4 = ["10.243.113.222"]; addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"]; aliases = [ + "cd.r" "cd.retiolum" "cgit.cd.retiolum" ]; @@ -67,6 +69,7 @@ with lib; internet = { addrs4 = ["104.167.114.142"]; aliases = [ + "mkdir.i" "mkdir.internet" ]; }; @@ -75,6 +78,7 @@ with lib; addrs4 = ["10.243.113.223"]; addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"]; aliases = [ + "mkdir.r" "mkdir.retiolum" "cgit.mkdir.retiolum" ]; @@ -104,6 +108,7 @@ with lib; internet = { addrs4 = ["198.147.22.115"]; aliases = [ + "ire.i" "ire.internet" "ire.krebsco.de" ]; @@ -113,6 +118,7 @@ with lib; addrs4 = ["10.243.231.66"]; addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"]; aliases = [ + "ire.r" "ire.retiolum" ]; tinc.pubkey = '' @@ -130,6 +136,37 @@ with lib; }; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaMjBJ/BfYlHjyn5CO0xzFNaQ0LPvMP3W9UlOs1OxGY"; }; + kaepsele = { + nets = { + internet = { + addrs4 = ["92.222.10.169"]; + aliases = [ + "kaepsele.i" + "kaepsele.internet" + # TODO "kaepsele.org" + ]; + }; + retiolum = { + addrs4 = ["10.243.166.2"]; + addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"]; + aliases = [ + "kaepsele.r" + "kaepsele.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/ + Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo + rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y + y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu + yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5 + FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF"; + }; nomic = { cores = 2; dc = "tv"; #dc = "gg23"; @@ -142,6 +179,7 @@ with lib; addrs4 = ["10.243.0.110"]; addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"]; aliases = [ + "nomic.r" "nomic.retiolum" "cgit.nomic.retiolum" ]; @@ -176,6 +214,7 @@ with lib; internet = { addrs4 = ["167.88.34.182"]; aliases = [ + "rmdir.i" "rmdir.internet" ]; }; @@ -184,6 +223,7 @@ with lib; addrs4 = ["10.243.113.224"]; addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"]; aliases = [ + "rmdir.r" "rmdir.retiolum" "cgit.rmdir.retiolum" ]; @@ -231,6 +271,7 @@ with lib; addrs4 = ["10.243.13.37"]; addrs6 = ["42:0:0:0:0:0:0:1337"]; aliases = [ + "wu.r" "wu.retiolum" "cgit.wu.retiolum" ]; @@ -263,6 +304,7 @@ with lib; addrs4 = ["10.243.13.38"]; addrs6 = ["42:0:0:0:0:0:0:1338"]; aliases = [ + "xu.r" "xu.retiolum" ]; tinc.pubkey = '' |