nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

working clunk

This commit is contained in:
Niten 2021-03-03 03:03:35 +00:00
parent 1a2f74dcdc
commit 66fe12893b
12 changed files with 61 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
config/hosts/clunk.nix
View File

@ -9,8 +9,19 @@ let
site = config.fudo.site.${site-name};
in {
# Don't do unsupervised upgrades...
system.autoUpgrade.enable = mkForce false;
system = {
# Don't do unsupervised upgrades...
autoUpgrade.enable = mkForce false;
# DO force all DNS traffic to use the local server
activationScripts.force-local-dns = let
wifi-ip =
config.fudo.networks."rus.selby.ca".hosts.google-wifi.ipv4-address;
in ''
${pkgs.iptables}/bin/iptables -t nat -A OUTPUT -p udp -s ${wifi-ip} --dport 53 -j DNAT --to ${primary-ip}:53
${pkgs.iptables}/bin/iptables -t nat -A OUTPUT -p tcp -s ${wifi-ip} --dport 53 -j DNAT --to ${primary-ip}:53
'';
};
fudo.local-network = let
host-config = config.fudo.hosts.${config.instance.hostname};
@ -90,29 +101,31 @@ in {
};
};
# environment.systemPackages = with pkgs; [ dnsproxy ];
virtualisation = {
docker = {
enable = true;
autoPrune.enable = true;
enableOnBoot = true;
};
};
docker-containers = {
pihole = {
image = "pihole/pihole:v5.1.2";
ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ];
environment = {
ServerIP = primary-ip;
VIRTUAL_HOST = "dns-hole.rus.selby.ca";
DNS1 = dns-proxy-ip;
oci-containers = {
backend = "docker";
containers = {
pihole = {
image = "pihole/pihole:v5.1.2";
autoStart = true;
ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ];
environment = {
ServerIP = primary-ip;
VIRTUAL_HOST = "dns-hole.rus.selby.ca";
DNS1 = dns-proxy-ip;
};
volumes = [
"/srv/pihole/etc-pihole/:/etc/pihole/"
"/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
];
};
};
volumes = [
"/srv/pihole/etc-pihole/:/etc/pihole/"
"/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
];
};
};

4
lib/fudo/dns.nix
View File

@ -67,7 +67,7 @@ in {
# FIXME: This should allow for AAAA addresses too...
nameservers = mkOption {
type = loaOf (submodule hostOpts);
type = attrsOf (submodule hostOpts);
description = "Map of domain nameserver FQDNs to IP.";
example = {
"ns1.domain.com" = {
@ -84,7 +84,7 @@ in {
};
domains = mkOption {
type = loaOf (submodule domainOpts);
type = attrsOf (submodule domainOpts);
default = { };
description = "A map of domain to domain options.";
};

6
lib/fudo/ldap.nix
View File

@ -244,7 +244,7 @@ in {
users = mkOption {
default = { };
type = with types; loaOf (submodule ldapUserOpts);
type = with types; attrsOf (submodule ldapUserOpts);
example = {
tester = {
uid = 10099;
@ -259,7 +259,7 @@ in {
groups = mkOption {
default = { };
type = with types; loaOf (submodule ldapGroupOpts);
type = with types; attrsOf (submodule ldapGroupOpts);
example = {
admin = {
gid = 1099;
@ -273,7 +273,7 @@ in {
system-users = mkOption {
default = { };
type = with types; loaOf (submodule ldapSystemUserOpts);
type = with types; attrsOf (submodule ldapSystemUserOpts);
example = {
replicator = {
description = "System user for database sync";

4
lib/fudo/mail.nix
View File

@ -102,7 +102,7 @@ in {
};
user-aliases = mkOption {
type = with types; loaOf(listOf str);
type = with types; attrsOf(listOf str);
description = "A map of real user to list of aliases.";
default = {};
example = {
@ -111,7 +111,7 @@ in {
};
alias-users = mkOption {
type = with types; loaOf(listOf str);
type = with types; attrsOf(listOf str);
description = "A map of email alias to a list of users.";
example = {
alias = ["realuser0" "realuser1"];

2
lib/fudo/password.nix
View File

@ -76,7 +76,7 @@ let
in {
options.fudo.password = {
file-generator = mkOption {
type = with types; loaOf (submodule genOpts);
type = with types; attrsOf (submodule genOpts);
description = "List of password files to generate.";
default = {};
};

4
lib/fudo/postgres.nix
View File

@ -150,7 +150,7 @@ in {
};
users = mkOption {
type = with types; loaOf (submodule userOpts);
type = with types; attrsOf (submodule userOpts);
description = "A map of users to user attributes.";
example = {
sampleUser = {
@ -167,7 +167,7 @@ in {
};
databases = mkOption {
type = with types; loaOf (submodule databaseOpts);
type = with types; attrsOf (submodule databaseOpts);
description = "A map of databases to database options.";
default = { };
};

4
lib/fudo/prometheus.nix
View File

@ -12,7 +12,7 @@ in {
enable = mkEnableOption "Fudo Prometheus Data-Gathering Server";
service-discovery-dns = mkOption {
type = with types; loaOf (listOf str);
type = with types; attrsOf (listOf str);
description = ''
A map of exporter type to a list of domains to use for service discovery.
'';
@ -29,7 +29,7 @@ in {
};
static-targets = mkOption {
type = with types; loaOf (listOf str);
type = with types; attrsOf (listOf str);
description = ''
A map of exporter type to a list of host:ports from which to collect metrics.
'';

2
lib/fudo/vpn.nix
View File

@ -69,7 +69,7 @@ in {
};
peers = mkOption {
type = loaOf str;
type = attrsOf str;
description = "A map of peers to shared private keys.";
default = {};
example = {

2
lib/fudo/webmail.nix
View File

@ -197,7 +197,7 @@ in {
enable = mkEnableOption "Enable a RainLoop webmail server.";
sites = mkOption {
type = with types; (loaOf (submodule siteOpts));
type = with types; (attrsOf (submodule siteOpts));
description = "A map of webmail sites to site configurations.";
example = {
"webmail.domain.com" = {

2
lib/informis/cl-gemini.nix
View File

@ -119,7 +119,7 @@ in {
};
feeds = mkOption {
type = loaOf (submodule feedOpts);
type = attrsOf (submodule feedOpts);
description = "Feeds to generate and make available (as eg. /feed/name.xml).";
example = {
diary = {

23
lib/lib/dns.nix
View File

@ -4,14 +4,19 @@ with lib;
let
join-lines = concatStringsSep "\n";
makeSrvRecords = protocol: type: records:
dump = obj: builtins.trace obj obj;
makeSrvRecords = protocol: service: records: let
service-blah = (dump service);
record-blah = (dump records);
in
join-lines (map (record:
"_${type}._${protocol} IN SRV ${toString record.priority} ${
"_${service}._${protocol} IN SRV ${toString record.priority} ${
toString record.weight
} ${toString record.port} ${record.host}.") records);
makeSrvProtocolRecords = protocol: types:
join-lines (mapAttrsToList (makeSrvRecords protocol) types);
makeSrvProtocolRecords = protocol: services:
join-lines (mapAttrsToList (makeSrvRecords protocol) services);
srvRecordOpts = with types; {
options = {
@ -40,8 +45,8 @@ let
};
};
srvRecordPair = domain: protocol: type: record: {
"_${type}._${protocol}.${domain}" =
srvRecordPair = domain: protocol: service: record: {
"_${service}._${protocol}.${domain}" =
"${toString record.priority} ${toString record.weight} ${
toString record.port
} ${record.host}.";
@ -57,9 +62,9 @@ in rec {
concatMapAttrs = f: attrs:
concatMap (x: x) (mapAttrsToList (key: val: f key val) attrs);
srvRecordsToPairs = domain: srvRecords:
listToAttrs (concatMapAttrs (protocol: types:
srvRecordsToPairs = domain: srvRecords:
listToAttrs (concatMapAttrs (protocol: services:
concatMapAttrs
(type: records: map (srvRecordPair domain protocol type) records) types)
(service: records: map (srvRecordPair domain protocol service) records) services)
srvRecords);
}

10
lib/types/network-definition.nix
View File

@ -2,14 +2,8 @@
with lib;
let
srvRecordOpts = { service, ... }: {
srvRecordOpts = { ... }: {
options = with types; {
service = {
type = str;
description = "Service name of SRV record.";
default = service;
};
priority = mkOption {
type = int;
description = "Priority to give to this record.";
@ -96,7 +90,7 @@ in {
};
aliases = mkOption {
type = loaOf str;
type = attrsOf str;
default = { };
description =
"A mapping of host-alias -> hostnames to add to the domain record.";