Networks aren't a function

2021-10-19 10:04:35 -07:00 · 2021-10-19 10:04:35 -07:00 · 5383cea338
parent 409f341fbb
commit 5383cea338
5 changed files with 51 additions and 67 deletions
--- a/config/host-config/nostromo.nix
+++ b/config/host-config/nostromo.nix
@ -48,8 +48,8 @@ in {
      createMountPoints = false;
      exports = let
        exportList = [
-          "/export/documents 10.0.0.0/24 (rw,sync,root_squash,no_subtree_check,fsid=10,sec=krb5p)"
+          "/export/documents 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=10,sec=krb5p)"
-          "/export/downloads 10.0.0.0/24 (rw,sync,root_squash,no_subtree_check,fsid=11,sec=krb5i)"
+          "/export/downloads 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=11,sec=krb5i)"
        ];
      in ''
        ${concatStringsSep "\n" exportList}
@ -58,7 +58,7 @@ in {
  };
  systemd.services.nfs-server = {
-    # Don't start in on boot
+    # Don't start on boot
    wantedBy = mkForce [ "sea-store.target" ];
    # Only start after filesystem mounts are available
    after = [ "export-documents.mount" "export-downloads.mount" ];
--- a/config/networks/informis.land.nix
+++ b/config/networks/informis.land.nix
@ -1,6 +1,3 @@
 { config, lib, ... }:
 with lib;
 {
  mx = [ "smtp.informis.land" ];
@ -11,16 +8,6 @@ with lib;
    git    = "procul.informis.land.";
  };
  verbatim-dns-records = let
    domain-name = config.fudo.hosts.${config.instance.hostname}.domain;
    # NOTE: we're assuming IPv4...
    domain-local-nets = map (network: "ip4:${network}") config.fudo.domains.${domain-name}.local-networks;
    local-net-string = concatStringsSep " " domain-local-nets;
  in [
    ''@ IN TXT "v=spf1 mx ${local-net-string} -all"''
    ''@ IN SPF "v=spf1 mx ${local-net-string} -all"''
  ];
  srv-records = {
    tcp = {
      domain = [{
--- a/config/site-config/seattle.nix
+++ b/config/site-config/seattle.nix
@ -37,59 +37,44 @@ in {
      fsType = "nfs4";
      options = [ "comment=systemd.automount" ];
    };
-    # "/net/documents" = {
+    "/net/documents" = {
-    #   device = "sea-store.${local-domain}:/export/documents";
+      device = "sea-store.${local-domain}:/export/documents";
-    #   fsType = "nfs";
+      fsType = "nfs";
-    #   options = [
+      options = [
-    #     "nfsvers=4.2"
+        "nfsvers=4.2"
-    #     "comment=systemd.automount"
+        "comment=systemd.automount"
-    #     "sec=krb5p"
+        "sec=krb5p"
-    #     # "noauto" ?
+        # "noauto" ?
    #   ];
    # };
    # "/net/downloads" = {
    #   device = "sea-store.${local-domain}:/export/downloads";
    #   fsType = "nfs";
    #   options = [
    #     "nfsvers=4.2"
    #     "comment=systemd.automount"
    #     "sec=krb5i"
    #     # "noauto" ?
    #   ];
    # };
  };
  systemd.mounts = [
    {
      what = "sea-store.sea.fudo.org:/export/documents";
      where = "/net/documents";
      type = "nfs4";
      options = "sec=krb5p";
      description = "sea-store documents on encrypted filesysem.";
    }
    {
      what = "sea-store.sea.fudo.org:/export/downloads";
      where = "/net/downloads";
      type = "nfs4";
      options = "sec=krb5i";
      description = "sea-store downloads on encrypted filesysem.";
    }
      ];
    };
    "/net/downloads" = {
      device = "sea-store.${local-domain}:/export/downloads";
      fsType = "nfs";
      options = [
        "nfsvers=4.2"
        "comment=systemd.automount"
        "sec=krb5i"
        # "noauto" ?
      ];
    };
  };
-  krb5 = {
+  # systemd.mounts = [
-    domain_realm = {
+  #   {
-      "fudo.org" = "FUDO.ORG";
+  #     what = "sea-store.sea.fudo.org:/export/documents";
-      ".fudo.org" = "FUDO.ORG";
+  #     where = "/net/documents";
-      "sea.fudo.org" = "FUDO.ORG";
+  #     type = "nfs4";
-      ".sea.fudo.org" = "FUDO.ORG";
+  #     options = "sec=krb5p";
-    };
+  #     description = "sea-store documents on encrypted filesysem.";
-    realms = {
+  #   }
-      "FUDO.ORG" = {
+  #   {
-        admin_server = "france.fudo.org";
+  #     what = "sea-store.sea.fudo.org:/export/downloads";
-        kdc = [ "france.fudo.org" ];
+  #     where = "/net/downloads";
-      };
+  #     type = "nfs4";
-    };
+  #     options = "sec=krb5i";
-  };
+  #     description = "sea-store downloads on encrypted filesysem.";
  #   }
  # ];
  services.printing = {
    enable = true;
--- a/lib/fudo/networks.nix
+++ b/lib/fudo/networks.nix
@ -10,4 +10,16 @@ in {
    description = "A map of networks to network definitions.";
    default = { };
  };
  config = let
    domain-name = config.instance.local-domain;
    local-networks = map (network: "ip4:${network}")
      config.fudo.domains.${domain-name}.local-networks;
    local-net-string = concatStringsSep " " domain-local-nets;
  in {
    fudo.networks.${domain-name}.verbatim-dns-records = [
      ''@ IN TXT "v=spf1 mx ${local-net-string} -all"''
      ''@ IN SPF "v=spf1 mx ${local-net-string} -all"''
    ];
  };
 }
--- a/lib/fudo/users.nix
+++ b/lib/fudo/users.nix
@ -142,7 +142,7 @@ in {
    in {
      General = {
        Verbosity = 10;
-        Domain = local-domain;
+        # Domain = local-domain;
        "Local-Realms" = local-realm;
      };
      Translation = {