From 8f785237b2dc46c63272e360cece351b2974cb6d Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 30 Nov 2017 22:35:04 +0100 Subject: zones module: init (import from default.nix) --- krebs/3modules/default.nix | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'krebs/3modules/default.nix') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index c89f3229..a8933e71 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -44,6 +44,7 @@ let ./tinc_graphs.nix ./urlwatch.nix ./repo-sync.nix + ./zones.nix ]; options.krebs = api; config = lib.mkIf cfg.enable imp; @@ -171,17 +172,6 @@ let ''; }; - # Implements environment.etc."zones/" - environment.etc = let - stripEmptyLines = s: (concatStringsSep "\n" - (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; - all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" - ([cfg.zone-head-config] ++ combined-hosts); - combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts ); - in lib.mapAttrs' (name: value: nameValuePair - ("zones/" + name) - { text=(stripEmptyLines value); }) all-zones; - krebs.exim-smarthost.internet-aliases = let format = from: to: { inherit from; -- cgit v1.2.3 From 3f8ae7bf425eb2addef7634a113197774fe3f76a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 5 Dec 2017 23:37:19 +0100 Subject: krebs.hosts: set default --- krebs/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules/default.nix') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a8933e71..7cf02cd8 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -61,6 +61,7 @@ let hosts = mkOption { type = with types; attrsOf host; + default = {}; }; users = mkOption { -- cgit v1.2.3 From 19fcba24f1ef050a8f8d553f09348adb2a007041 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 12 Dec 2017 21:08:50 +0100 Subject: github: generate ssh_config from API --- krebs/3modules/default.nix | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) (limited to 'krebs/3modules/default.nix') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a8933e71..5bedbcf2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -224,21 +224,26 @@ let }; }) // - # GitHub's IPv4 address range is 192.30.252.0/22 - # Refs https://help.github.com/articles/github-s-ip-addresses/ - # 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses) - # Because line length is limited by OPENSSH_LINE_MAX (= 8192), - # we split each /24 into its own entry. - listToAttrs (map - (c: { - name = "github${toString c}"; - value = { - hostNames = ["github.com"] ++ - map (d: "192.30.${toString c}.${toString d}") (range 0 255); - publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; - }; - }) - (range 252 255)) + { + github = { + hostNames = [ + "github.com" + # List generated with + # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob + "192.30.253.*" + "192.30.254.*" + "192.30.255.*" + "185.199.108.*" + "185.199.109.*" + "185.199.110.*" + "185.199.111.*" + "18.195.85.27" + "18.194.104.89" + "35.159.8.160" + ]; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; + }; + } // mapAttrs (name: host: { -- cgit v1.2.3