Networks aren't a function

2021-10-19 10:04:35 -07:00 · 2021-10-19 10:04:35 -07:00 · 5383cea338
parent 409f341fbb
commit 5383cea338
5 changed files with 51 additions and 67 deletions
--- a/config/host-config/nostromo.nix
+++ b/config/host-config/nostromo.nix
@ -48,8 +48,8 @@ in {
      createMountPoints = false;
      exports = let
        exportList = [
-          "/export/documents 10.0.0.0/24 (rw,sync,root_squash,no_subtree_check,fsid=10,sec=krb5p)"
-          "/export/downloads 10.0.0.0/24 (rw,sync,root_squash,no_subtree_check,fsid=11,sec=krb5i)"
+          "/export/documents 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=10,sec=krb5p)"
+          "/export/downloads 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=11,sec=krb5i)"
        ];
      in ''
        ${concatStringsSep "\n" exportList}
@ -58,7 +58,7 @@ in {
  };

  systemd.services.nfs-server = {
-    # Don't start in on boot
+    # Don't start on boot
    wantedBy = mkForce [ "sea-store.target" ];
    # Only start after filesystem mounts are available
    after = [ "export-documents.mount" "export-downloads.mount" ];
--- a/config/networks/informis.land.nix
+++ b/config/networks/informis.land.nix
@ -1,6 +1,3 @@
-{ config, lib, ... }:
-
-with lib;
 {
  mx = [ "smtp.informis.land" ];

@ -11,16 +8,6 @@ with lib;
    git    = "procul.informis.land.";
  };

-  verbatim-dns-records = let
-    domain-name = config.fudo.hosts.${config.instance.hostname}.domain;
-    # NOTE: we're assuming IPv4...
-    domain-local-nets = map (network: "ip4:${network}") config.fudo.domains.${domain-name}.local-networks;
-    local-net-string = concatStringsSep " " domain-local-nets;
-  in [
-    ''@ IN TXT "v=spf1 mx ${local-net-string} -all"''
-    ''@ IN SPF "v=spf1 mx ${local-net-string} -all"''
-  ];
-
  srv-records = {
    tcp = {
      domain = [{
--- a/config/site-config/seattle.nix
+++ b/config/site-config/seattle.nix
@ -37,59 +37,44 @@ in {
      fsType = "nfs4";
      options = [ "comment=systemd.automount" ];
    };
-    # "/net/documents" = {
-    #   device = "sea-store.${local-domain}:/export/documents";
-    #   fsType = "nfs";
-    #   options = [
-    #     "nfsvers=4.2"
-    #     "comment=systemd.automount"
-    #     "sec=krb5p"
-    #     # "noauto" ?
-    #   ];
-    # };
-    # "/net/downloads" = {
-    #   device = "sea-store.${local-domain}:/export/downloads";
-    #   fsType = "nfs";
-    #   options = [
-    #     "nfsvers=4.2"
-    #     "comment=systemd.automount"
-    #     "sec=krb5i"
-    #     # "noauto" ?
-    #   ];
-    # };
-  };
-
-  systemd.mounts = [
-    {
-      what = "sea-store.sea.fudo.org:/export/documents";
-      where = "/net/documents";
-      type = "nfs4";
-      options = "sec=krb5p";
-      description = "sea-store documents on encrypted filesysem.";
-    }
-    {
-      what = "sea-store.sea.fudo.org:/export/downloads";
-      where = "/net/downloads";
-      type = "nfs4";
-      options = "sec=krb5i";
-      description = "sea-store downloads on encrypted filesysem.";
-    }
+    "/net/documents" = {
+      device = "sea-store.${local-domain}:/export/documents";
+      fsType = "nfs";
+      options = [
+        "nfsvers=4.2"
+        "comment=systemd.automount"
+        "sec=krb5p"
+        # "noauto" ?
      ];
+    };
+    "/net/downloads" = {
+      device = "sea-store.${local-domain}:/export/downloads";
+      fsType = "nfs";
+      options = [
+        "nfsvers=4.2"
+        "comment=systemd.automount"
+        "sec=krb5i"
+        # "noauto" ?
+      ];
+    };
+  };

-  krb5 = {
-    domain_realm = {
-      "fudo.org" = "FUDO.ORG";
-      ".fudo.org" = "FUDO.ORG";
-      "sea.fudo.org" = "FUDO.ORG";
-      ".sea.fudo.org" = "FUDO.ORG";
-    };
-    realms = {
-      "FUDO.ORG" = {
-        admin_server = "france.fudo.org";
-        kdc = [ "france.fudo.org" ];
-      };
-    };
-  };
+  # systemd.mounts = [
+  #   {
+  #     what = "sea-store.sea.fudo.org:/export/documents";
+  #     where = "/net/documents";
+  #     type = "nfs4";
+  #     options = "sec=krb5p";
+  #     description = "sea-store documents on encrypted filesysem.";
+  #   }
+  #   {
+  #     what = "sea-store.sea.fudo.org:/export/downloads";
+  #     where = "/net/downloads";
+  #     type = "nfs4";
+  #     options = "sec=krb5i";
+  #     description = "sea-store downloads on encrypted filesysem.";
+  #   }
+  # ];

  services.printing = {
    enable = true;
--- a/lib/fudo/networks.nix
+++ b/lib/fudo/networks.nix
@ -10,4 +10,16 @@ in {
    description = "A map of networks to network definitions.";
    default = { };
  };
+
+  config = let
+    domain-name = config.instance.local-domain;
+    local-networks = map (network: "ip4:${network}")
+      config.fudo.domains.${domain-name}.local-networks;
+    local-net-string = concatStringsSep " " domain-local-nets;
+  in {
+    fudo.networks.${domain-name}.verbatim-dns-records = [
+      ''@ IN TXT "v=spf1 mx ${local-net-string} -all"''
+      ''@ IN SPF "v=spf1 mx ${local-net-string} -all"''
+    ];
+  };
 }
--- a/lib/fudo/users.nix
+++ b/lib/fudo/users.nix
@ -142,7 +142,7 @@ in {
    in {
      General = {
        Verbosity = 10;
-        Domain = local-domain;
+        # Domain = local-domain;
        "Local-Realms" = local-realm;
      };
      Translation = {