From 66fe12893b78d5005e3e1c0e53a675e4421e7df0 Mon Sep 17 00:00:00 2001 From: Niten Date: Wed, 3 Mar 2021 03:03:35 +0000 Subject: [PATCH] working clunk --- config/hosts/clunk.nix | 47 ++++++++++++++++++++------------ lib/fudo/dns.nix | 4 +-- lib/fudo/ldap.nix | 6 ++-- lib/fudo/mail.nix | 4 +-- lib/fudo/password.nix | 2 +- lib/fudo/postgres.nix | 4 +-- lib/fudo/prometheus.nix | 4 +-- lib/fudo/vpn.nix | 2 +- lib/fudo/webmail.nix | 2 +- lib/informis/cl-gemini.nix | 2 +- lib/lib/dns.nix | 23 ++++++++++------ lib/types/network-definition.nix | 10 ++----- 12 files changed, 61 insertions(+), 49 deletions(-) diff --git a/config/hosts/clunk.nix b/config/hosts/clunk.nix index 02be23c..7d59f4a 100644 --- a/config/hosts/clunk.nix +++ b/config/hosts/clunk.nix @@ -9,8 +9,19 @@ let site = config.fudo.site.${site-name}; in { - # Don't do unsupervised upgrades... - system.autoUpgrade.enable = mkForce false; + system = { + # Don't do unsupervised upgrades... + autoUpgrade.enable = mkForce false; + + # DO force all DNS traffic to use the local server + activationScripts.force-local-dns = let + wifi-ip = + config.fudo.networks."rus.selby.ca".hosts.google-wifi.ipv4-address; + in '' + ${pkgs.iptables}/bin/iptables -t nat -A OUTPUT -p udp -s ${wifi-ip} --dport 53 -j DNAT --to ${primary-ip}:53 + ${pkgs.iptables}/bin/iptables -t nat -A OUTPUT -p tcp -s ${wifi-ip} --dport 53 -j DNAT --to ${primary-ip}:53 + ''; + }; fudo.local-network = let host-config = config.fudo.hosts.${config.instance.hostname}; @@ -90,29 +101,31 @@ in { }; }; - # environment.systemPackages = with pkgs; [ dnsproxy ]; - virtualisation = { docker = { enable = true; autoPrune.enable = true; enableOnBoot = true; }; - }; - docker-containers = { - pihole = { - image = "pihole/pihole:v5.1.2"; - ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ]; - environment = { - ServerIP = primary-ip; - VIRTUAL_HOST = "dns-hole.rus.selby.ca"; - DNS1 = dns-proxy-ip; + oci-containers = { + backend = "docker"; + containers = { + pihole = { + image = "pihole/pihole:v5.1.2"; + autoStart = true; + ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ]; + environment = { + ServerIP = primary-ip; + VIRTUAL_HOST = "dns-hole.rus.selby.ca"; + DNS1 = dns-proxy-ip; + }; + volumes = [ + "/srv/pihole/etc-pihole/:/etc/pihole/" + "/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" + ]; + }; }; - volumes = [ - "/srv/pihole/etc-pihole/:/etc/pihole/" - "/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" - ]; }; }; diff --git a/lib/fudo/dns.nix b/lib/fudo/dns.nix index af7ed49..346dc72 100644 --- a/lib/fudo/dns.nix +++ b/lib/fudo/dns.nix @@ -67,7 +67,7 @@ in { # FIXME: This should allow for AAAA addresses too... nameservers = mkOption { - type = loaOf (submodule hostOpts); + type = attrsOf (submodule hostOpts); description = "Map of domain nameserver FQDNs to IP."; example = { "ns1.domain.com" = { @@ -84,7 +84,7 @@ in { }; domains = mkOption { - type = loaOf (submodule domainOpts); + type = attrsOf (submodule domainOpts); default = { }; description = "A map of domain to domain options."; }; diff --git a/lib/fudo/ldap.nix b/lib/fudo/ldap.nix index fb43ea5..cbc3759 100644 --- a/lib/fudo/ldap.nix +++ b/lib/fudo/ldap.nix @@ -244,7 +244,7 @@ in { users = mkOption { default = { }; - type = with types; loaOf (submodule ldapUserOpts); + type = with types; attrsOf (submodule ldapUserOpts); example = { tester = { uid = 10099; @@ -259,7 +259,7 @@ in { groups = mkOption { default = { }; - type = with types; loaOf (submodule ldapGroupOpts); + type = with types; attrsOf (submodule ldapGroupOpts); example = { admin = { gid = 1099; @@ -273,7 +273,7 @@ in { system-users = mkOption { default = { }; - type = with types; loaOf (submodule ldapSystemUserOpts); + type = with types; attrsOf (submodule ldapSystemUserOpts); example = { replicator = { description = "System user for database sync"; diff --git a/lib/fudo/mail.nix b/lib/fudo/mail.nix index ba350fd..522286d 100644 --- a/lib/fudo/mail.nix +++ b/lib/fudo/mail.nix @@ -102,7 +102,7 @@ in { }; user-aliases = mkOption { - type = with types; loaOf(listOf str); + type = with types; attrsOf(listOf str); description = "A map of real user to list of aliases."; default = {}; example = { @@ -111,7 +111,7 @@ in { }; alias-users = mkOption { - type = with types; loaOf(listOf str); + type = with types; attrsOf(listOf str); description = "A map of email alias to a list of users."; example = { alias = ["realuser0" "realuser1"]; diff --git a/lib/fudo/password.nix b/lib/fudo/password.nix index 2322d9e..2c7d0e4 100644 --- a/lib/fudo/password.nix +++ b/lib/fudo/password.nix @@ -76,7 +76,7 @@ let in { options.fudo.password = { file-generator = mkOption { - type = with types; loaOf (submodule genOpts); + type = with types; attrsOf (submodule genOpts); description = "List of password files to generate."; default = {}; }; diff --git a/lib/fudo/postgres.nix b/lib/fudo/postgres.nix index 3a07c54..64dbd12 100644 --- a/lib/fudo/postgres.nix +++ b/lib/fudo/postgres.nix @@ -150,7 +150,7 @@ in { }; users = mkOption { - type = with types; loaOf (submodule userOpts); + type = with types; attrsOf (submodule userOpts); description = "A map of users to user attributes."; example = { sampleUser = { @@ -167,7 +167,7 @@ in { }; databases = mkOption { - type = with types; loaOf (submodule databaseOpts); + type = with types; attrsOf (submodule databaseOpts); description = "A map of databases to database options."; default = { }; }; diff --git a/lib/fudo/prometheus.nix b/lib/fudo/prometheus.nix index 7951932..f8c38d4 100644 --- a/lib/fudo/prometheus.nix +++ b/lib/fudo/prometheus.nix @@ -12,7 +12,7 @@ in { enable = mkEnableOption "Fudo Prometheus Data-Gathering Server"; service-discovery-dns = mkOption { - type = with types; loaOf (listOf str); + type = with types; attrsOf (listOf str); description = '' A map of exporter type to a list of domains to use for service discovery. ''; @@ -29,7 +29,7 @@ in { }; static-targets = mkOption { - type = with types; loaOf (listOf str); + type = with types; attrsOf (listOf str); description = '' A map of exporter type to a list of host:ports from which to collect metrics. ''; diff --git a/lib/fudo/vpn.nix b/lib/fudo/vpn.nix index 7f6eeeb..1ad39d2 100644 --- a/lib/fudo/vpn.nix +++ b/lib/fudo/vpn.nix @@ -69,7 +69,7 @@ in { }; peers = mkOption { - type = loaOf str; + type = attrsOf str; description = "A map of peers to shared private keys."; default = {}; example = { diff --git a/lib/fudo/webmail.nix b/lib/fudo/webmail.nix index 73e46e1..3ecc59a 100644 --- a/lib/fudo/webmail.nix +++ b/lib/fudo/webmail.nix @@ -197,7 +197,7 @@ in { enable = mkEnableOption "Enable a RainLoop webmail server."; sites = mkOption { - type = with types; (loaOf (submodule siteOpts)); + type = with types; (attrsOf (submodule siteOpts)); description = "A map of webmail sites to site configurations."; example = { "webmail.domain.com" = { diff --git a/lib/informis/cl-gemini.nix b/lib/informis/cl-gemini.nix index 172a92b..80bcf47 100644 --- a/lib/informis/cl-gemini.nix +++ b/lib/informis/cl-gemini.nix @@ -119,7 +119,7 @@ in { }; feeds = mkOption { - type = loaOf (submodule feedOpts); + type = attrsOf (submodule feedOpts); description = "Feeds to generate and make available (as eg. /feed/name.xml)."; example = { diary = { diff --git a/lib/lib/dns.nix b/lib/lib/dns.nix index 73eb40f..3223d62 100644 --- a/lib/lib/dns.nix +++ b/lib/lib/dns.nix @@ -4,14 +4,19 @@ with lib; let join-lines = concatStringsSep "\n"; - makeSrvRecords = protocol: type: records: + dump = obj: builtins.trace obj obj; + + makeSrvRecords = protocol: service: records: let + service-blah = (dump service); + record-blah = (dump records); + in join-lines (map (record: - "_${type}._${protocol} IN SRV ${toString record.priority} ${ + "_${service}._${protocol} IN SRV ${toString record.priority} ${ toString record.weight } ${toString record.port} ${record.host}.") records); - makeSrvProtocolRecords = protocol: types: - join-lines (mapAttrsToList (makeSrvRecords protocol) types); + makeSrvProtocolRecords = protocol: services: + join-lines (mapAttrsToList (makeSrvRecords protocol) services); srvRecordOpts = with types; { options = { @@ -40,8 +45,8 @@ let }; }; - srvRecordPair = domain: protocol: type: record: { - "_${type}._${protocol}.${domain}" = + srvRecordPair = domain: protocol: service: record: { + "_${service}._${protocol}.${domain}" = "${toString record.priority} ${toString record.weight} ${ toString record.port } ${record.host}."; @@ -57,9 +62,9 @@ in rec { concatMapAttrs = f: attrs: concatMap (x: x) (mapAttrsToList (key: val: f key val) attrs); - srvRecordsToPairs = domain: srvRecords: - listToAttrs (concatMapAttrs (protocol: types: + srvRecordsToPairs = domain: srvRecords: + listToAttrs (concatMapAttrs (protocol: services: concatMapAttrs - (type: records: map (srvRecordPair domain protocol type) records) types) + (service: records: map (srvRecordPair domain protocol service) records) services) srvRecords); } diff --git a/lib/types/network-definition.nix b/lib/types/network-definition.nix index 7fe2304..9e2b88d 100644 --- a/lib/types/network-definition.nix +++ b/lib/types/network-definition.nix @@ -2,14 +2,8 @@ with lib; let - srvRecordOpts = { service, ... }: { + srvRecordOpts = { ... }: { options = with types; { - service = { - type = str; - description = "Service name of SRV record."; - default = service; - }; - priority = mkOption { type = int; description = "Priority to give to this record."; @@ -96,7 +90,7 @@ in { }; aliases = mkOption { - type = loaOf str; + type = attrsOf str; default = { }; description = "A mapping of host-alias -> hostnames to add to the domain record.";