nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changes for plato

Browse Source
This commit is contained in:
Root
2021-04-09 14:24:50 -07:00
parent 418c04170c
commit 16fd1ff21f
6 changed files with 60 additions and 316 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
lib/fudo/networks/rus.selby.ca.nix
View File

@@ -1,86 +0,0 @@
{ config, lib, ... }:
{
default-host = "10.0.0.1";
mx = [ "mail.fudo.org" ];
hosts = {
clunk = {
ipv4-address = "10.0.0.1";
mac-address = "02:44:d1:eb:c3:6b";
};
dns-proxy = {
ipv4-address = "10.0.0.2";
# This is just a second IP on clunk, for the pihole
};
google-wifi = {
ipv4-address = "10.0.0.11";
mac-address = "70:3a:cb:c0:3b:09";
};
pselby-work = {
ipv4-address = "10.0.0.151";
mac-address = "00:50:b6:aa:bd:b3";
};
downstairs-desktop = {
ipv4-address = "10.0.0.100";
mac-address = "90:b1:1c:8e:29:cf";
};
upstairs-desktop = {
ipv4-address = "10.0.0.101";
mac-address = "80:e8:2c:22:65:c2";
};
};
aliases = {
dns-hole = "clunk";
gateway = "clunk";
upstairs = "upstairs-desktop";
downstairs = "downstairs-desktop";
};
srv-records = {
tcp = {
domain = [{
port = 53;
host = "clunk.${local-domain}";
}];
kerberos = [{
port = 88;
host = "france.fudo.org";
}];
kerberos-adm = [{
port = 88;
host = "france.fudo.org";
}];
ssh = [{
port = 22;
host = "clunk.${local-domain}";
}];
};
udp = {
domain = [{
port = 53;
host = "clunk.${local-domain}";
}];
kerberos = [{
port = 88;
host = "france.fudo.org";
}];
kerboros-master = [{
port = 88;
host = "france.fudo.org";
}];
kpasswd = [{
port = 464;
host = "france.fudo.org";
}];
};
};
}

214
lib/fudo/networks/sea.fudo.org.nix
View File

@@ -1,214 +0,0 @@
{ config, lib, ... }:
{
default-host = "10.0.0.1";
mx = [ "mail.fudo.org" ];
aliases = {
kadmin = "nostromo";
kdc = "nostromo";
photo = "doraemon";
music = "doraemon";
panopticon = "lambda";
panopticon-od = "lambda";
ipfs = "nostromo";
hole = "nostromo";
pihole = "nostromo";
dns-hole = "nostromo";
mon-1 = "srv-1";
};
srv-records = {
tcp = {
domain = [{
port = 53;
host = "nostromo.sea.fudo.org";
}];
kerberos = [{
port = 88;
host = "france.fudo.org";
}];
kerberos-adm = [{
port = 88;
host = "france.fudo.org";
}];
ssh = [{
port = 22;
host = "nostromo.sea.fudo.org";
}];
ldap = [{
port = 389;
host = "france.fudo.org";
}];
};
udp = {
domain = [{
port = 53;
host = "nostromo.sea.fudo.org";
}];
kerberos = [{
port = 88;
host = "france.fudo.org";
}];
kerboros-master = [{
port = 88;
host = "france.fudo.org";
}];
kpasswd = [{
port = 464;
host = "france.fudo.org";
}];
};
};
hosts = {
nostromo = {
ip-address = "10.0.0.1";
mac-address = "46:54:76:06:f1:10";
};
lm = {
ip-address = "10.0.0.2";
mac-address = "00:23:7d:e6:d9:ea";
};
lambda = {
ip-address = "10.0.0.3";
mac-address = "02:50:f6:52:9f:9d";
};
switch-master = {
ip-address = "10.0.0.5";
mac-address = "00:14:1C:B6:BB:40";
};
google-wifi = {
ip-address = "10.0.0.7";
mac-address = "7C:D9:5C:9F:6F:E9";
};
cam-entrance = {
ip-address = "10.0.0.31";
mac-address = "9c:8e:cd:0e:99:7b";
};
cam-driveway = {
ip-address = "10.0.0.32";
mac-address = "9c:8e:cd:0d:3b:09";
};
cam-deck = {
ip-address = "10.0.0.33";
mac-address = "9c:8e:cd:0e:98:c8";
};
cargo = {
ip-address = "10.0.0.50";
mac-address = "00:11:32:75:d8:b7";
};
whitedwarf = {
ip-address = "10.0.0.51";
mac-address = "00:11:32:12:14:1d";
};
doraemon = {
ip-address = "10.0.0.52";
mac-address = "00:11:32:0a:06:c5";
};
android = {
ip-address = "10.0.0.81";
mac-address = "00:16:3e:43:39:fc";
};
retro-wired = {
ip-address = "10.0.0.82";
mac-address = "dc:a6:32:6b:57:43";
};
retro = {
ip-address = "10.0.0.83";
mac-address = "dc:a6:32:6b:57:45";
};
monolith = {
ip-address = "10.0.0.100";
mac-address = "6c:62:6d:c8:b0:d8";
};
taipan = {
ip-address = "10.0.0.107";
mac-address = "52:54:00:34:c4:78";
};
spark = {
ip-address = "10.0.0.108";
mac-address = "78:24:af:04:f7:dd";
};
hyperion = {
ip-address = "10.0.0.109";
mac-address = "52:54:00:33:46:de";
};
zbox = {
ip-address = "10.0.0.110";
mac-address = "02:dd:80:52:83:9b";
};
ubiquiti-wifi = {
ip-address = "10.0.0.126";
mac-address = "04:18:d6:20:48:fb";
};
generator-wireless = {
ip-address = "10.0.0.130";
mac-address = "B8:27:EB:A6:32:26";
};
brother-wireless = {
ip-address = "10.0.0.160";
mac-address = "c0:38:96:64:49:65";
};
nest = {
ip-address = "10.0.0.176";
mac-address = "18:b4:30:16:7c:5a";
};
xixi-phone = {
ip-address = "10.0.0.193";
mac-address = "48:43:7c:75:89:42";
};
ipad = {
ip-address = "10.0.0.202";
mac-address = "9c:35:eb:48:6e:71";
};
cam-front = {
ip-address = "10.0.0.203";
mac-address = "c4:d6:55:3e:b4:c3";
};
family-tv = {
ip-address = "10.0.0.205";
mac-address = "84:a4:66:3a:b1:f8";
};
babycam = {
ip-address = "10.0.0.206";
mac-address = "08:ea:40:59:5f:9e";
};
workphone = {
ip-address = "10.0.0.211";
mac-address = "a8:8e:24:5c:12:67";
};
chromecast-2 = {
ip-address = "10.0.0.215";
mac-address = "a4:77:33:59:a2:ba";
};
front-light = {
ip-address = "10.0.0.221";
mac-address = "94:10:3e:48:94:ed";
};
# Ceph network
srv-1 = {
ip-address = "10.0.10.1";
mac-address = "02:65:d7:00:7d:1b";
};
node-1 = {
ip-address = "10.0.10.101";
mac-address = "00:1e:06:36:81:cf";
};
node-2 = {
ip-address = "10.0.10.102";
mac-address = "00:1e:06:36:ec:3e";
};
node-3 = {
ip-address = "10.0.10.103";
mac-address = "00:1e:06:36:ec:4b";
};
node-4 = {
ip-address = "10.0.10.104";
mac-address = "00:1e:06:36:dd:8c";
};
};
}

51
lib/fudo/sites.nix
View File

@@ -95,6 +95,12 @@ let
description = "Location of Dropbear ECDSA key.";
default = "/etc/dropbear/host_ecdsa_key";
};
dropbear-deploy-port = mkOption {
type = port;
description = "Port to be used for the deploy SSH server.";
default = 2112;
};
};
};
@@ -107,16 +113,30 @@ in {
config = mkIf (site-cfg.deploy-pubkey != null) {
environment.etc."dropbear/authorized_keys" = {
text = "root@deploy ${site-cfg.deploy-pubkey}";
text = "${site-cfg.deploy-pubkey} root@deploy";
mode = "0400";
};
systemd.services = let dropbear-port = 2112;
in {
networking.firewall.allowedTCPPorts = [ site-cfg.dropbear-deploy-port ];
dropbear-init = {
wantedBy = [ "multi-user.target" ];
script = ''
systemd = {
sockets = {
dropbear-deploy = {
wantedBy = [ "sockets.target" ];
socketConfig = {
ListenStream = "0.0.0.0:${toString site-cfg.dropbear-deploy-port}";
Accept = true;
};
unitConfig = {
restartIfChanged = true;
};
};
};
services = {
dropbear-deploy-init = {
wantedBy = [ "multi-user.target" ];
script = ''
if [ ! -d /etc/dropbear ]; then
mkdir /etc/dropbear
chmod 700 /etc/dropbear
@@ -132,15 +152,18 @@ in {
${pkgs.coreutils}/bin/chmod 0400 ${site-cfg.dropbear-ecdsa-key-path}
fi
'';
};
};
dropbear = {
requires = [ "dropbear-init.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
type = "simple";
ExecStart = "${pkgs.dropbear} -F -m -s -j -k -p ${dropbear-port}";
"dropbear-deploy@" = {
description = "Per-connection service for deployment, using dropbear.";
requires = [ "dropbear-deploy-init.service" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.dropbear}/bin/dropbear -F -i -m -s -j -k -r ${site-cfg.dropbear-rsa-key-path} -r ${site-cfg.dropbear-ecdsa-key-path}";
ExecReload = "${pkgs.utillinux}/bin/kill -HUP $MAINPID";
StandardInput = "socket";
};
};
};
};