working clunk
This commit is contained in:
parent
1a2f74dcdc
commit
66fe12893b
@ -9,8 +9,19 @@ let
|
|||||||
site = config.fudo.site.${site-name};
|
site = config.fudo.site.${site-name};
|
||||||
|
|
||||||
in {
|
in {
|
||||||
# Don't do unsupervised upgrades...
|
system = {
|
||||||
system.autoUpgrade.enable = mkForce false;
|
# Don't do unsupervised upgrades...
|
||||||
|
autoUpgrade.enable = mkForce false;
|
||||||
|
|
||||||
|
# DO force all DNS traffic to use the local server
|
||||||
|
activationScripts.force-local-dns = let
|
||||||
|
wifi-ip =
|
||||||
|
config.fudo.networks."rus.selby.ca".hosts.google-wifi.ipv4-address;
|
||||||
|
in ''
|
||||||
|
${pkgs.iptables}/bin/iptables -t nat -A OUTPUT -p udp -s ${wifi-ip} --dport 53 -j DNAT --to ${primary-ip}:53
|
||||||
|
${pkgs.iptables}/bin/iptables -t nat -A OUTPUT -p tcp -s ${wifi-ip} --dport 53 -j DNAT --to ${primary-ip}:53
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
fudo.local-network = let
|
fudo.local-network = let
|
||||||
host-config = config.fudo.hosts.${config.instance.hostname};
|
host-config = config.fudo.hosts.${config.instance.hostname};
|
||||||
@ -90,29 +101,31 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# environment.systemPackages = with pkgs; [ dnsproxy ];
|
|
||||||
|
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
docker = {
|
docker = {
|
||||||
enable = true;
|
enable = true;
|
||||||
autoPrune.enable = true;
|
autoPrune.enable = true;
|
||||||
enableOnBoot = true;
|
enableOnBoot = true;
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
docker-containers = {
|
oci-containers = {
|
||||||
pihole = {
|
backend = "docker";
|
||||||
image = "pihole/pihole:v5.1.2";
|
containers = {
|
||||||
ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ];
|
pihole = {
|
||||||
environment = {
|
image = "pihole/pihole:v5.1.2";
|
||||||
ServerIP = primary-ip;
|
autoStart = true;
|
||||||
VIRTUAL_HOST = "dns-hole.rus.selby.ca";
|
ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ];
|
||||||
DNS1 = dns-proxy-ip;
|
environment = {
|
||||||
|
ServerIP = primary-ip;
|
||||||
|
VIRTUAL_HOST = "dns-hole.rus.selby.ca";
|
||||||
|
DNS1 = dns-proxy-ip;
|
||||||
|
};
|
||||||
|
volumes = [
|
||||||
|
"/srv/pihole/etc-pihole/:/etc/pihole/"
|
||||||
|
"/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
volumes = [
|
|
||||||
"/srv/pihole/etc-pihole/:/etc/pihole/"
|
|
||||||
"/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -67,7 +67,7 @@ in {
|
|||||||
|
|
||||||
# FIXME: This should allow for AAAA addresses too...
|
# FIXME: This should allow for AAAA addresses too...
|
||||||
nameservers = mkOption {
|
nameservers = mkOption {
|
||||||
type = loaOf (submodule hostOpts);
|
type = attrsOf (submodule hostOpts);
|
||||||
description = "Map of domain nameserver FQDNs to IP.";
|
description = "Map of domain nameserver FQDNs to IP.";
|
||||||
example = {
|
example = {
|
||||||
"ns1.domain.com" = {
|
"ns1.domain.com" = {
|
||||||
@ -84,7 +84,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
domains = mkOption {
|
domains = mkOption {
|
||||||
type = loaOf (submodule domainOpts);
|
type = attrsOf (submodule domainOpts);
|
||||||
default = { };
|
default = { };
|
||||||
description = "A map of domain to domain options.";
|
description = "A map of domain to domain options.";
|
||||||
};
|
};
|
||||||
|
|||||||
@ -244,7 +244,7 @@ in {
|
|||||||
|
|
||||||
users = mkOption {
|
users = mkOption {
|
||||||
default = { };
|
default = { };
|
||||||
type = with types; loaOf (submodule ldapUserOpts);
|
type = with types; attrsOf (submodule ldapUserOpts);
|
||||||
example = {
|
example = {
|
||||||
tester = {
|
tester = {
|
||||||
uid = 10099;
|
uid = 10099;
|
||||||
@ -259,7 +259,7 @@ in {
|
|||||||
|
|
||||||
groups = mkOption {
|
groups = mkOption {
|
||||||
default = { };
|
default = { };
|
||||||
type = with types; loaOf (submodule ldapGroupOpts);
|
type = with types; attrsOf (submodule ldapGroupOpts);
|
||||||
example = {
|
example = {
|
||||||
admin = {
|
admin = {
|
||||||
gid = 1099;
|
gid = 1099;
|
||||||
@ -273,7 +273,7 @@ in {
|
|||||||
|
|
||||||
system-users = mkOption {
|
system-users = mkOption {
|
||||||
default = { };
|
default = { };
|
||||||
type = with types; loaOf (submodule ldapSystemUserOpts);
|
type = with types; attrsOf (submodule ldapSystemUserOpts);
|
||||||
example = {
|
example = {
|
||||||
replicator = {
|
replicator = {
|
||||||
description = "System user for database sync";
|
description = "System user for database sync";
|
||||||
|
|||||||
@ -102,7 +102,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
user-aliases = mkOption {
|
user-aliases = mkOption {
|
||||||
type = with types; loaOf(listOf str);
|
type = with types; attrsOf(listOf str);
|
||||||
description = "A map of real user to list of aliases.";
|
description = "A map of real user to list of aliases.";
|
||||||
default = {};
|
default = {};
|
||||||
example = {
|
example = {
|
||||||
@ -111,7 +111,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
alias-users = mkOption {
|
alias-users = mkOption {
|
||||||
type = with types; loaOf(listOf str);
|
type = with types; attrsOf(listOf str);
|
||||||
description = "A map of email alias to a list of users.";
|
description = "A map of email alias to a list of users.";
|
||||||
example = {
|
example = {
|
||||||
alias = ["realuser0" "realuser1"];
|
alias = ["realuser0" "realuser1"];
|
||||||
|
|||||||
@ -76,7 +76,7 @@ let
|
|||||||
in {
|
in {
|
||||||
options.fudo.password = {
|
options.fudo.password = {
|
||||||
file-generator = mkOption {
|
file-generator = mkOption {
|
||||||
type = with types; loaOf (submodule genOpts);
|
type = with types; attrsOf (submodule genOpts);
|
||||||
description = "List of password files to generate.";
|
description = "List of password files to generate.";
|
||||||
default = {};
|
default = {};
|
||||||
};
|
};
|
||||||
|
|||||||
@ -150,7 +150,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
users = mkOption {
|
users = mkOption {
|
||||||
type = with types; loaOf (submodule userOpts);
|
type = with types; attrsOf (submodule userOpts);
|
||||||
description = "A map of users to user attributes.";
|
description = "A map of users to user attributes.";
|
||||||
example = {
|
example = {
|
||||||
sampleUser = {
|
sampleUser = {
|
||||||
@ -167,7 +167,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
databases = mkOption {
|
databases = mkOption {
|
||||||
type = with types; loaOf (submodule databaseOpts);
|
type = with types; attrsOf (submodule databaseOpts);
|
||||||
description = "A map of databases to database options.";
|
description = "A map of databases to database options.";
|
||||||
default = { };
|
default = { };
|
||||||
};
|
};
|
||||||
|
|||||||
@ -12,7 +12,7 @@ in {
|
|||||||
enable = mkEnableOption "Fudo Prometheus Data-Gathering Server";
|
enable = mkEnableOption "Fudo Prometheus Data-Gathering Server";
|
||||||
|
|
||||||
service-discovery-dns = mkOption {
|
service-discovery-dns = mkOption {
|
||||||
type = with types; loaOf (listOf str);
|
type = with types; attrsOf (listOf str);
|
||||||
description = ''
|
description = ''
|
||||||
A map of exporter type to a list of domains to use for service discovery.
|
A map of exporter type to a list of domains to use for service discovery.
|
||||||
'';
|
'';
|
||||||
@ -29,7 +29,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
static-targets = mkOption {
|
static-targets = mkOption {
|
||||||
type = with types; loaOf (listOf str);
|
type = with types; attrsOf (listOf str);
|
||||||
description = ''
|
description = ''
|
||||||
A map of exporter type to a list of host:ports from which to collect metrics.
|
A map of exporter type to a list of host:ports from which to collect metrics.
|
||||||
'';
|
'';
|
||||||
|
|||||||
@ -69,7 +69,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
peers = mkOption {
|
peers = mkOption {
|
||||||
type = loaOf str;
|
type = attrsOf str;
|
||||||
description = "A map of peers to shared private keys.";
|
description = "A map of peers to shared private keys.";
|
||||||
default = {};
|
default = {};
|
||||||
example = {
|
example = {
|
||||||
|
|||||||
@ -197,7 +197,7 @@ in {
|
|||||||
enable = mkEnableOption "Enable a RainLoop webmail server.";
|
enable = mkEnableOption "Enable a RainLoop webmail server.";
|
||||||
|
|
||||||
sites = mkOption {
|
sites = mkOption {
|
||||||
type = with types; (loaOf (submodule siteOpts));
|
type = with types; (attrsOf (submodule siteOpts));
|
||||||
description = "A map of webmail sites to site configurations.";
|
description = "A map of webmail sites to site configurations.";
|
||||||
example = {
|
example = {
|
||||||
"webmail.domain.com" = {
|
"webmail.domain.com" = {
|
||||||
|
|||||||
@ -119,7 +119,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
feeds = mkOption {
|
feeds = mkOption {
|
||||||
type = loaOf (submodule feedOpts);
|
type = attrsOf (submodule feedOpts);
|
||||||
description = "Feeds to generate and make available (as eg. /feed/name.xml).";
|
description = "Feeds to generate and make available (as eg. /feed/name.xml).";
|
||||||
example = {
|
example = {
|
||||||
diary = {
|
diary = {
|
||||||
|
|||||||
@ -4,14 +4,19 @@ with lib;
|
|||||||
let
|
let
|
||||||
join-lines = concatStringsSep "\n";
|
join-lines = concatStringsSep "\n";
|
||||||
|
|
||||||
makeSrvRecords = protocol: type: records:
|
dump = obj: builtins.trace obj obj;
|
||||||
|
|
||||||
|
makeSrvRecords = protocol: service: records: let
|
||||||
|
service-blah = (dump service);
|
||||||
|
record-blah = (dump records);
|
||||||
|
in
|
||||||
join-lines (map (record:
|
join-lines (map (record:
|
||||||
"_${type}._${protocol} IN SRV ${toString record.priority} ${
|
"_${service}._${protocol} IN SRV ${toString record.priority} ${
|
||||||
toString record.weight
|
toString record.weight
|
||||||
} ${toString record.port} ${record.host}.") records);
|
} ${toString record.port} ${record.host}.") records);
|
||||||
|
|
||||||
makeSrvProtocolRecords = protocol: types:
|
makeSrvProtocolRecords = protocol: services:
|
||||||
join-lines (mapAttrsToList (makeSrvRecords protocol) types);
|
join-lines (mapAttrsToList (makeSrvRecords protocol) services);
|
||||||
|
|
||||||
srvRecordOpts = with types; {
|
srvRecordOpts = with types; {
|
||||||
options = {
|
options = {
|
||||||
@ -40,8 +45,8 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
srvRecordPair = domain: protocol: type: record: {
|
srvRecordPair = domain: protocol: service: record: {
|
||||||
"_${type}._${protocol}.${domain}" =
|
"_${service}._${protocol}.${domain}" =
|
||||||
"${toString record.priority} ${toString record.weight} ${
|
"${toString record.priority} ${toString record.weight} ${
|
||||||
toString record.port
|
toString record.port
|
||||||
} ${record.host}.";
|
} ${record.host}.";
|
||||||
@ -58,8 +63,8 @@ in rec {
|
|||||||
concatMap (x: x) (mapAttrsToList (key: val: f key val) attrs);
|
concatMap (x: x) (mapAttrsToList (key: val: f key val) attrs);
|
||||||
|
|
||||||
srvRecordsToPairs = domain: srvRecords:
|
srvRecordsToPairs = domain: srvRecords:
|
||||||
listToAttrs (concatMapAttrs (protocol: types:
|
listToAttrs (concatMapAttrs (protocol: services:
|
||||||
concatMapAttrs
|
concatMapAttrs
|
||||||
(type: records: map (srvRecordPair domain protocol type) records) types)
|
(service: records: map (srvRecordPair domain protocol service) records) services)
|
||||||
srvRecords);
|
srvRecords);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2,14 +2,8 @@
|
|||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
srvRecordOpts = { service, ... }: {
|
srvRecordOpts = { ... }: {
|
||||||
options = with types; {
|
options = with types; {
|
||||||
service = {
|
|
||||||
type = str;
|
|
||||||
description = "Service name of SRV record.";
|
|
||||||
default = service;
|
|
||||||
};
|
|
||||||
|
|
||||||
priority = mkOption {
|
priority = mkOption {
|
||||||
type = int;
|
type = int;
|
||||||
description = "Priority to give to this record.";
|
description = "Priority to give to this record.";
|
||||||
@ -96,7 +90,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
aliases = mkOption {
|
aliases = mkOption {
|
||||||
type = loaOf str;
|
type = attrsOf str;
|
||||||
default = { };
|
default = { };
|
||||||
description =
|
description =
|
||||||
"A mapping of host-alias -> hostnames to add to the domain record.";
|
"A mapping of host-alias -> hostnames to add to the domain record.";
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user