From 5383cea338ae9b34abd03ff475cb26f455219c88 Mon Sep 17 00:00:00 2001 From: niten Date: Tue, 19 Oct 2021 10:04:35 -0700 Subject: [PATCH] Networks aren't a function --- config/host-config/nostromo.nix | 6 +-- config/networks/informis.land.nix | 13 ----- config/site-config/seattle.nix | 85 +++++++++++++------------------ lib/fudo/networks.nix | 12 +++++ lib/fudo/users.nix | 2 +- 5 files changed, 51 insertions(+), 67 deletions(-) diff --git a/config/host-config/nostromo.nix b/config/host-config/nostromo.nix index d28b642..f4231f6 100644 --- a/config/host-config/nostromo.nix +++ b/config/host-config/nostromo.nix @@ -48,8 +48,8 @@ in { createMountPoints = false; exports = let exportList = [ - "/export/documents 10.0.0.0/24 (rw,sync,root_squash,no_subtree_check,fsid=10,sec=krb5p)" - "/export/downloads 10.0.0.0/24 (rw,sync,root_squash,no_subtree_check,fsid=11,sec=krb5i)" + "/export/documents 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=10,sec=krb5p)" + "/export/downloads 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=11,sec=krb5i)" ]; in '' ${concatStringsSep "\n" exportList} @@ -58,7 +58,7 @@ in { }; systemd.services.nfs-server = { - # Don't start in on boot + # Don't start on boot wantedBy = mkForce [ "sea-store.target" ]; # Only start after filesystem mounts are available after = [ "export-documents.mount" "export-downloads.mount" ]; diff --git a/config/networks/informis.land.nix b/config/networks/informis.land.nix index c48d139..ab7f02e 100644 --- a/config/networks/informis.land.nix +++ b/config/networks/informis.land.nix @@ -1,6 +1,3 @@ -{ config, lib, ... }: - -with lib; { mx = [ "smtp.informis.land" ]; @@ -11,16 +8,6 @@ with lib; git = "procul.informis.land."; }; - verbatim-dns-records = let - domain-name = config.fudo.hosts.${config.instance.hostname}.domain; - # NOTE: we're assuming IPv4... - domain-local-nets = map (network: "ip4:${network}") config.fudo.domains.${domain-name}.local-networks; - local-net-string = concatStringsSep " " domain-local-nets; - in [ - ''@ IN TXT "v=spf1 mx ${local-net-string} -all"'' - ''@ IN SPF "v=spf1 mx ${local-net-string} -all"'' - ]; - srv-records = { tcp = { domain = [{ diff --git a/config/site-config/seattle.nix b/config/site-config/seattle.nix index e554fda..af7c287 100644 --- a/config/site-config/seattle.nix +++ b/config/site-config/seattle.nix @@ -37,60 +37,45 @@ in { fsType = "nfs4"; options = [ "comment=systemd.automount" ]; }; - # "/net/documents" = { - # device = "sea-store.${local-domain}:/export/documents"; - # fsType = "nfs"; - # options = [ - # "nfsvers=4.2" - # "comment=systemd.automount" - # "sec=krb5p" - # # "noauto" ? - # ]; - # }; - # "/net/downloads" = { - # device = "sea-store.${local-domain}:/export/downloads"; - # fsType = "nfs"; - # options = [ - # "nfsvers=4.2" - # "comment=systemd.automount" - # "sec=krb5i" - # # "noauto" ? - # ]; - # }; - }; - - systemd.mounts = [ - { - what = "sea-store.sea.fudo.org:/export/documents"; - where = "/net/documents"; - type = "nfs4"; - options = "sec=krb5p"; - description = "sea-store documents on encrypted filesysem."; - } - { - what = "sea-store.sea.fudo.org:/export/downloads"; - where = "/net/downloads"; - type = "nfs4"; - options = "sec=krb5i"; - description = "sea-store downloads on encrypted filesysem."; - } - ]; - - krb5 = { - domain_realm = { - "fudo.org" = "FUDO.ORG"; - ".fudo.org" = "FUDO.ORG"; - "sea.fudo.org" = "FUDO.ORG"; - ".sea.fudo.org" = "FUDO.ORG"; + "/net/documents" = { + device = "sea-store.${local-domain}:/export/documents"; + fsType = "nfs"; + options = [ + "nfsvers=4.2" + "comment=systemd.automount" + "sec=krb5p" + # "noauto" ? + ]; }; - realms = { - "FUDO.ORG" = { - admin_server = "france.fudo.org"; - kdc = [ "france.fudo.org" ]; - }; + "/net/downloads" = { + device = "sea-store.${local-domain}:/export/downloads"; + fsType = "nfs"; + options = [ + "nfsvers=4.2" + "comment=systemd.automount" + "sec=krb5i" + # "noauto" ? + ]; }; }; + # systemd.mounts = [ + # { + # what = "sea-store.sea.fudo.org:/export/documents"; + # where = "/net/documents"; + # type = "nfs4"; + # options = "sec=krb5p"; + # description = "sea-store documents on encrypted filesysem."; + # } + # { + # what = "sea-store.sea.fudo.org:/export/downloads"; + # where = "/net/downloads"; + # type = "nfs4"; + # options = "sec=krb5i"; + # description = "sea-store downloads on encrypted filesysem."; + # } + # ]; + services.printing = { enable = true; drivers = [ diff --git a/lib/fudo/networks.nix b/lib/fudo/networks.nix index aa2fe1a..937c284 100644 --- a/lib/fudo/networks.nix +++ b/lib/fudo/networks.nix @@ -10,4 +10,16 @@ in { description = "A map of networks to network definitions."; default = { }; }; + + config = let + domain-name = config.instance.local-domain; + local-networks = map (network: "ip4:${network}") + config.fudo.domains.${domain-name}.local-networks; + local-net-string = concatStringsSep " " domain-local-nets; + in { + fudo.networks.${domain-name}.verbatim-dns-records = [ + ''@ IN TXT "v=spf1 mx ${local-net-string} -all"'' + ''@ IN SPF "v=spf1 mx ${local-net-string} -all"'' + ]; + }; } diff --git a/lib/fudo/users.nix b/lib/fudo/users.nix index 85c3d27..82c7c17 100644 --- a/lib/fudo/users.nix +++ b/lib/fudo/users.nix @@ -142,7 +142,7 @@ in { in { General = { Verbosity = 10; - Domain = local-domain; + # Domain = local-domain; "Local-Realms" = local-realm; }; Translation = {