Seems to be almost working
This commit is contained in:
parent
de56949c14
commit
72cf88bdec
|
@ -7,6 +7,7 @@
|
|||
./domains.nix
|
||||
./groups.nix
|
||||
./hosts.nix
|
||||
./networks.nix
|
||||
./sites.nix
|
||||
./users.nix
|
||||
./wireless-networks.nix
|
||||
|
|
107
config/hosts.nix
107
config/hosts.nix
|
@ -5,30 +5,112 @@
|
|||
atom = {
|
||||
description = "Niten's toy laptop.";
|
||||
enable-gui = false;
|
||||
rp = "niten";
|
||||
admin-email = "niten@fudo.org";
|
||||
domain = "sea.fudo.org";
|
||||
site = "seattle";
|
||||
profile = "laptop";
|
||||
};
|
||||
|
||||
clunk = {
|
||||
description = "rus.selby.ca gateway box.";
|
||||
docker-server = true;
|
||||
ssh-fingerprints = [
|
||||
"1 1 0e23d2156b1f9fca8552a0105c125aed76e51728"
|
||||
"1 2 6d8dfc355102c9870945c6d79c1d19934d29e8b63303260101df51716963b7f5"
|
||||
"4 1 c31a6ecaa02210e3ad72a835a072a05f043c2ef4"
|
||||
"4 2 296ce1b91ac942a8b91e5c6316ea520d0cec14ac819a04bb262af6d4bdced696"
|
||||
];
|
||||
rp = "niten";
|
||||
admin-email = "niten@fudo.org";
|
||||
domain = "rus.selby.ca";
|
||||
site = "russell";
|
||||
profile = "server";
|
||||
};
|
||||
|
||||
downstairs-desktop = {
|
||||
description = "Downstairs desktop in Russell.";
|
||||
ssh-fingerprints = [
|
||||
"1 1 ce704716ec0c3e330a243648531a10a2c78dd1ff"
|
||||
"1 2 6042bbc9b16122a4b63b1cfb84e179ae65911361e9d88ee3f0cd6659428ba27e"
|
||||
"3 1 de6dda3f72ee7043c804a7ad382033f3565b3b84"
|
||||
"3 2 cb611dd503fa15e913a101be15295f9084fa585b3225b6c1084521bff9b2140b"
|
||||
"4 1 a9a139b92851b3d9df2742a13bfea59c3e6e842e"
|
||||
"4 2 2260bfab177ab1ffb6a855b02b5a1aa719d765610e6a7bc79b09c340ce7c1236"
|
||||
];
|
||||
rp = "niten";
|
||||
admin-email = "niten@fudo.org";
|
||||
domain = "rus.selby.ca";
|
||||
site = "russell";
|
||||
profile = "desktop";
|
||||
};
|
||||
|
||||
france = {
|
||||
description = "Primary fudo.org server.";
|
||||
docker-server = true;
|
||||
ssh-fingerprints = [
|
||||
"1 1 1b6d62dafae9ebc59169dfb4ef828582a5450d94"
|
||||
"1 2 079e7a57873542541095bf3d2f97b7350bb457d027b423a6fb56f7f6aa84ac80"
|
||||
"4 1 c95a198f504a589fc62893a95424b12f0b24732d"
|
||||
"4 2 3e7dad879d6cab7f7fb6769e156d7988d0c01281618d03b793834eea2f09bc96"
|
||||
];
|
||||
rp = "admin";
|
||||
admin-email = "admin@fudo.org";
|
||||
domain = "fudo.org";
|
||||
site = "portage";
|
||||
profile = "server";
|
||||
};
|
||||
|
||||
google-wifi = {
|
||||
description = "Google WiFi router.";
|
||||
rp = "niten";
|
||||
};
|
||||
|
||||
lambda = {
|
||||
description = "sea.fudo.org experiment server.";
|
||||
docker-server = true;
|
||||
ssh-fingerprints = [
|
||||
"1 1 128919958a358d44d1c8d76d29b1fa1514f9ad35"
|
||||
"1 2 cd0ae0bb7e65f4058efdb2d7073de97ac403b1ef6f1527a23c60390d9a6bad88"
|
||||
"4 1 a689caa9f1e75c6378efed592bc0d623e4b7d199"
|
||||
"4 2 5856ae661077203fba74a226dd77a17d69d6fda8ab960bfeb22a14c253f4472f"
|
||||
];
|
||||
rp = "niten";
|
||||
admin-email = "niten@fudo.org";
|
||||
domain = "sea.fudo.org";
|
||||
site = "seattle";
|
||||
profile = "server";
|
||||
};
|
||||
|
||||
nostromo = {
|
||||
description = "sea.fudo.org gateway box and primary server.";
|
||||
docker-server = true;
|
||||
ssh-fingerprints = [
|
||||
"1 1 075ee0ae86debffa6fd61436984b39e4699c93c6"
|
||||
"1 2 17a555b21fe08841c8dfb0d598dc2da117b94bf5a94cbf2c6b391eafd3e2c15e"
|
||||
"4 1 ce86eabbe6f015e6422d0f5ef9ae32cc7beb1f42"
|
||||
"4 2 44a5741825d43e571f6f9eb91e8c102eea75a4632dd8a9c80668e091a5fdf7f5"
|
||||
];
|
||||
rp = "niten";
|
||||
admin-email = "niten@fudo.org";
|
||||
domain = "sea.fudo.org";
|
||||
site = "seattle";
|
||||
profile = "server";
|
||||
};
|
||||
|
||||
plato = {
|
||||
description = "Niten's toy server.";
|
||||
ssh-fingerprints = [
|
||||
"4 1 9cc052ed00cbfd82c60530ebb3a35c25c0aeace9"
|
||||
"4 2 5938044054e9fa6cf3ad8176ef8e81b86eede598c19388220d4b07587f6f1c3c"
|
||||
"1 1 eebe1d4a24e0e2dbc46a7cb1107333c06e60d89e"
|
||||
"1 2 a96609da442372bd73044d823b4b56bbaa597725c846b4326be76c323bb47ab3"
|
||||
];
|
||||
rp = "niten";
|
||||
admin-email = "niten@fudo.org";
|
||||
domain = "rus.selby.ca";
|
||||
site = "russell";
|
||||
profile = "server";
|
||||
};
|
||||
|
||||
procul = {
|
||||
|
@ -36,12 +118,27 @@
|
|||
docker-server = true;
|
||||
};
|
||||
|
||||
spark = {
|
||||
description = "Niten's backup desktop.";
|
||||
pselby-work = { description = "Google Lenovo work laptop."; };
|
||||
|
||||
spark = { description = "Niten's backup desktop."; };
|
||||
|
||||
upstairs-desktop = {
|
||||
description = "Upstairs desktop in Russell.";
|
||||
ssh-fingerprints = [
|
||||
"1 1 f927527d712391b57aef6d2e7c3f225a86b62bf4"
|
||||
"1 2 17aece61156ba14c439aeae2e7b0f86daf97eea904241c35980f974ca1744c3d"
|
||||
"3 1 70f5f613e66e53a74534d33cd7ebf248cfdc3024"
|
||||
"3 2 774f1f00614751e51faa0add55183973893313d3a236d269adc3ab3c1f67c952"
|
||||
"4 1 e81e07d1ae7526c457a46ab1f18af3c016b4f48e"
|
||||
"4 2 e5af579cfb7f68b22492f5286b5249c5de74debf2a6cac78c070790f424566aa"
|
||||
];
|
||||
rp = "niten";
|
||||
admin-email = "niten@fudo.org";
|
||||
domain = "rus.selby.ca";
|
||||
site = "russell";
|
||||
profile = "desktop";
|
||||
};
|
||||
|
||||
zbox = {
|
||||
description = "Niten's primary desktop.";
|
||||
};
|
||||
zbox = { description = "Niten's primary desktop."; };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -16,23 +16,22 @@ in {
|
|||
domain = config.fudo.domains.${domain-name};
|
||||
|
||||
in {
|
||||
# FIXME: think about this -- actual network config?
|
||||
enable = true;
|
||||
# NOTE: requests go:
|
||||
# - local bind instance
|
||||
# - pi-hole
|
||||
# - DoH resolver
|
||||
domain = domain-name;
|
||||
dns-servers = [ primary-ip ];
|
||||
gateway = primary-ip;
|
||||
dhcp-interfaces = [ "intif0" ];
|
||||
dns-serve-ips = [ primary-ip "127.0.0.1" "127.0.1.1" "::1" ];
|
||||
dns-listen-ips = [ primary-ip "127.0.0.1" "127.0.1.1" "::1" ];
|
||||
recursive-resolver = "${primary-ip} port 5353";
|
||||
server-ip = primary-ip;
|
||||
domain = "rus.selby.ca";
|
||||
network = site.network;
|
||||
dhcp-dynamic-network = site.dynamic-network;
|
||||
hosts = domain.hosts;
|
||||
|
||||
search-domains = [ domain-name "selby.ca" ];
|
||||
enable-reverse-mappings = true;
|
||||
network-definition = config.fudo.networks."rus.selby.ca";
|
||||
};
|
||||
|
||||
networking = {
|
||||
|
@ -43,12 +42,11 @@ in {
|
|||
};
|
||||
|
||||
interfaces = {
|
||||
enp1s0.useDHCP = false;
|
||||
enp2s0.useDHCP = false;
|
||||
enp3s0.useDHCP = false;
|
||||
enp4s0.useDHCP = false;
|
||||
|
||||
enp1s0.useDHCP = true;
|
||||
|
||||
intif0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [
|
||||
|
@ -132,17 +130,7 @@ in {
|
|||
"hole"
|
||||
];
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3080";
|
||||
|
||||
# extraConfig = ''
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-By $server_addr:$server_port;
|
||||
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
# '';
|
||||
};
|
||||
locations."/" = { proxyPass = "http://127.0.0.1:3080"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
config.fudo.networks = {
|
||||
"rus.selby.ca" = import ./networks/rus.selby.ca.nix { inherit config lib; };
|
||||
"sea.fudo.org" = import ./networks/rus.selby.ca.nix { inherit config lib; };
|
||||
};
|
||||
}
|
|
@ -0,0 +1,186 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
{
|
||||
mx = [ "mail.fudo.org" ];
|
||||
|
||||
default-host = "208.81.3.117";
|
||||
|
||||
aliases = {
|
||||
pop = "mail.fudo.org.";
|
||||
smtp = "mail.fudo.org.";
|
||||
imap = "mail.fudo.org.";
|
||||
webmail = "france.fudo.org.";
|
||||
|
||||
archiva = "france.fudo.org.";
|
||||
auth = "france.fudo.org.";
|
||||
backplane = "france.fudo.org.";
|
||||
chat = "france.fudo.org.";
|
||||
de = "germany.fudo.org.";
|
||||
fr = "france.fudo.org.";
|
||||
git = "france.fudo.org.";
|
||||
metrics = "france.fudo.org.";
|
||||
minecraft = "france.fudo.org.";
|
||||
monitor = "france.fudo.org.";
|
||||
user = "paris.fudo.org.";
|
||||
u = "user.fudo.org.";
|
||||
w = "www.fudo.org.";
|
||||
ww = "www.fudo.org.";
|
||||
www = "hanover.fudo.org.";
|
||||
wiki = "hanover.fudo.org.";
|
||||
};
|
||||
|
||||
extra-dns-records = [
|
||||
''@ IN TXT "v=spf1 mx ip4:208.81.3.112/28 ip6:2605:e200:d200::1/48 -all"''
|
||||
''@ IN SPF "v=spf1 mx ip4:208.81.3.112/28 ip6:2605:e200:d200::1/48 -all"''
|
||||
];
|
||||
|
||||
dmarc-report-address = "dmarc-report@fudo.org";
|
||||
|
||||
srv-records = {
|
||||
tcp = {
|
||||
domain = [
|
||||
{
|
||||
host = "ns1.fudo.org";
|
||||
port = 53;
|
||||
}
|
||||
{
|
||||
host = "ns2.fudo.org";
|
||||
port = 53;
|
||||
}
|
||||
{
|
||||
host = "ns3.fudo.org";
|
||||
port = 53;
|
||||
}
|
||||
{
|
||||
host = "ns4.fudo.org";
|
||||
port = 53;
|
||||
}
|
||||
];
|
||||
ssh = [{
|
||||
host = "france.fudo.org";
|
||||
port = 22;
|
||||
}];
|
||||
smtp = [{
|
||||
host = "mail.fudo.org";
|
||||
port = 25;
|
||||
}];
|
||||
submission = [{
|
||||
host = "mail.fudo.org";
|
||||
port = 587;
|
||||
}];
|
||||
kerberos = [{
|
||||
host = "france.fudo.org";
|
||||
port = 88;
|
||||
}];
|
||||
imaps = [{
|
||||
host = "mail.fudo.org";
|
||||
port = 993;
|
||||
}];
|
||||
ldap = [{
|
||||
host = "france.fudo.org";
|
||||
port = 389;
|
||||
}];
|
||||
ldaps = [{
|
||||
host = "france.fudo.org";
|
||||
port = 636;
|
||||
}];
|
||||
pop3s = [{
|
||||
host = "mail.fudo.org";
|
||||
port = 995;
|
||||
}];
|
||||
http = [{
|
||||
host = "wiki.fudo.org";
|
||||
port = 80;
|
||||
}];
|
||||
https = [{
|
||||
host = "wiki.fudo.org";
|
||||
port = 80;
|
||||
}];
|
||||
xmpp-server = [{
|
||||
host = "fudo.im";
|
||||
port = 5269;
|
||||
}];
|
||||
xmpp-client = [{
|
||||
host = "fudo.im";
|
||||
port = 5222;
|
||||
}];
|
||||
};
|
||||
udp = {
|
||||
domain = [
|
||||
{
|
||||
host = "ns1.fudo.org";
|
||||
port = 53;
|
||||
}
|
||||
{
|
||||
host = "ns2.fudo.org";
|
||||
port = 53;
|
||||
}
|
||||
{
|
||||
host = "ns3.fudo.org";
|
||||
port = 53;
|
||||
}
|
||||
{
|
||||
host = "ns4.fudo.org";
|
||||
port = 53;
|
||||
}
|
||||
];
|
||||
kerberos = [{
|
||||
host = "france.fudo.org";
|
||||
port = 88;
|
||||
}];
|
||||
kerberos-master = [{
|
||||
host = "france.fudo.org";
|
||||
port = 88;
|
||||
}];
|
||||
kpasswd = [{
|
||||
host = "france.fudo.org";
|
||||
port = 464;
|
||||
}];
|
||||
xmpp-server = [{
|
||||
host = "fudo.im";
|
||||
port = 5269;
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
hosts = {
|
||||
cisco = { ipv4-address = "198.163.150.211"; };
|
||||
cisco-int = { ipv4-address = "10.73.77.10"; };
|
||||
cupid = { ipv4-address = "208.38.36.100"; };
|
||||
docker = { ipv4-address = "208.81.3.126"; };
|
||||
france = { ipv4-address = "208.81.3.117"; };
|
||||
frankfurt = {
|
||||
ipv4-address = "208.81.3.120";
|
||||
ipv6-address = "2605:e200:d200:1:5054:ff:fe8c:9738";
|
||||
};
|
||||
germany = {
|
||||
ipv4-address = "208.81.3.116";
|
||||
ipv6-address = "2605:e200:d200:1:78d9:d8ff:fe0f:dd88";
|
||||
};
|
||||
hanover = {
|
||||
ipv4-address = "208.81.1.130";
|
||||
ipv6-address = "2605:e200:d100:1:5054:ff:fe61:ac8b";
|
||||
};
|
||||
localhost = { ipv4-address = "127.0.0.1"; };
|
||||
lsbb-gba = { ipv4-address = "199.101.56.34"; };
|
||||
lsbb-abg = { ipv4-address = "199.101.56.38"; };
|
||||
lsbb-hwd = { ipv4-address = "199.101.56.106"; };
|
||||
lsbb-hcl = { ipv4-address = "199.101.56.110"; };
|
||||
procul = { ipv4-address = "172.86.179.18"; };
|
||||
prunel = { ipv4-address = "208.81.3.123"; };
|
||||
mbix = { ipv4-address = "208.81.7.146"; };
|
||||
ns3-fudo = { ipv4-address = "208.75.74.205"; };
|
||||
ns3-dair = { ipv4-address = "208.75.74.205"; };
|
||||
ns4-fudo = { ipv4-address = "208.75.75.157"; };
|
||||
ns4-dair = { ipv4-address = "208.75.75.157"; };
|
||||
paris = {
|
||||
ipv4-address = "208.81.3.125";
|
||||
ipv6-address = "2605:e200:d200:1:5054:ff:fe67:d0c1";
|
||||
};
|
||||
probe = { ipv4-address = "208.81.3.119"; };
|
||||
tours = {
|
||||
ipv4-address = "208.81.3.121";
|
||||
ipv6-address = "2605:e200:d200:1:5054:ff:fe95:34e5";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,12 +1,52 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
let local-domain = "rus.selby.ca";
|
||||
|
||||
in {
|
||||
domain = "${local-domain}";
|
||||
default-host = "10.0.0.1";
|
||||
|
||||
network = "10.0.0.0/16";
|
||||
mx = [ "mail.fudo.org" ];
|
||||
|
||||
dhcp-dynamic-network = "10.0.1.0/24";
|
||||
gssapi-realm = "FUDO.ORG";
|
||||
|
||||
enable-reverse-mappings = true;
|
||||
hosts = {
|
||||
clunk = {
|
||||
ipv4-address = "10.0.0.1";
|
||||
mac-address = "02:44:d1:eb:c3:6b";
|
||||
};
|
||||
|
||||
dns-proxy = {
|
||||
ipv4-address = "10.0.0.2";
|
||||
# This is just an alias for clunk's primary interface
|
||||
};
|
||||
|
||||
google-wifi = {
|
||||
ipv4-address = "10.0.0.11";
|
||||
mac-address = "70:3a:cb:c0:3b:09";
|
||||
};
|
||||
|
||||
pselby-work = {
|
||||
ipv4-address = "10.0.0.151";
|
||||
mac-address = "00:50:b6:aa:bd:b3";
|
||||
};
|
||||
|
||||
downstairs-desktop = {
|
||||
ipv4-address = "10.0.0.100";
|
||||
mac-address = "90:b1:1c:8e:29:cf";
|
||||
};
|
||||
|
||||
upstairs-desktop = {
|
||||
ipv4-address = "10.0.0.101";
|
||||
mac-address = "80:e8:2c:22:65:c2";
|
||||
};
|
||||
};
|
||||
|
||||
aliases = {
|
||||
dns-hole = "clunk";
|
||||
gateway = "clunk";
|
||||
upstairs = "upstairs-desktop";
|
||||
downstairs = "downstairs-desktop";
|
||||
};
|
||||
|
||||
srv-records = {
|
||||
tcp = {
|
||||
|
@ -47,38 +87,4 @@ in {
|
|||
}];
|
||||
};
|
||||
};
|
||||
|
||||
aliases = { dns-hole = "clunk"; };
|
||||
|
||||
hosts = {
|
||||
clunk = {
|
||||
ip-address = "10.0.0.1";
|
||||
mac-address = "02:44:d1:eb:c3:6b";
|
||||
};
|
||||
|
||||
dns-proxy = {
|
||||
ip-address = "10.0.0.2";
|
||||
# This is just an alias for clunk's primary interface
|
||||
};
|
||||
|
||||
google-wifi = {
|
||||
ip-address = "10.0.0.11";
|
||||
mac-address = "70:3a:cb:c0:3b:09";
|
||||
};
|
||||
|
||||
pselby-work = {
|
||||
ip-address = "10.0.0.151";
|
||||
mac-address = "00:50:b6:aa:bd:b3";
|
||||
};
|
||||
|
||||
downstairs-desktop = {
|
||||
ip-address = "10.0.0.100";
|
||||
mac-address = "90:b1:1c:8e:29:cf";
|
||||
};
|
||||
|
||||
upstairs-desktop = {
|
||||
ip-address = "10.0.0.101";
|
||||
mac-address = "80:e8:2c:22:65:c2";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -48,7 +48,7 @@ in {
|
|||
emacs-nox
|
||||
ldns
|
||||
ldns.examples
|
||||
jdk14_headless
|
||||
jdk12_headless
|
||||
racket-minimal
|
||||
reboot-if-necessary
|
||||
test-config
|
||||
|
|
|
@ -13,7 +13,7 @@ in {
|
|||
domain = local.domain;
|
||||
home-manager-package = builtins.fetchGit {
|
||||
url = "https://github.com/nix-community/home-manager.git";
|
||||
ref = "release-20.09";
|
||||
ref = "release-20.03";
|
||||
};
|
||||
})
|
||||
];
|
||||
|
|
|
@ -29,6 +29,7 @@ with lib; {
|
|||
./fudo/mail-container.nix
|
||||
./fudo/minecraft-server.nix
|
||||
./fudo/netinfo-email.nix
|
||||
./fudo/networks.nix
|
||||
./fudo/node-exporter.nix
|
||||
./fudo/password.nix
|
||||
./fudo/postgres.nix
|
||||
|
|
|
@ -123,6 +123,9 @@ in {
|
|||
|
||||
$TTL 6h
|
||||
|
||||
${optionalString (dom-cfg.gssapi-realm != null)
|
||||
''_kerberos IN TXT "${dom-cfg.gssapi-realm}"''}
|
||||
|
||||
${nsRecords dom cfg.nameservers}
|
||||
${join-lines (mapAttrsToList hostRecords cfg.nameservers)}
|
||||
|
||||
|
|
|
@ -33,8 +33,8 @@ let
|
|||
|
||||
local-groups = mkOption {
|
||||
type = with types; listOf str;
|
||||
description = "List of groups which should exist within this domain.";
|
||||
default = [ ];
|
||||
description = "List of groups which should exist within this domain.";
|
||||
default = [ ];
|
||||
};
|
||||
|
||||
admin-email = mkOption {
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
with lib;
|
||||
let
|
||||
hostOpts = { hostname, ... }: {
|
||||
options = {
|
||||
options = with types; {
|
||||
hostname = mkOption {
|
||||
type = types.str;
|
||||
description = "Hostname (without domain name).";
|
||||
|
@ -23,7 +23,7 @@ let
|
|||
};
|
||||
|
||||
local-networks = mkOption {
|
||||
type = with types; listof str;
|
||||
type = listof str;
|
||||
description =
|
||||
"A list of networks to be considered trusted by this host.";
|
||||
default = [ "127.0.0.0/8" ];
|
||||
|
@ -31,25 +31,19 @@ let
|
|||
|
||||
profile = mkOption {
|
||||
# FIXME: get this list from profiles directly
|
||||
type = with types; listof (enum "desktop" "laptop" "server");
|
||||
type = listof (enum "desktop" "laptop" "server");
|
||||
description =
|
||||
"The profile to be applied to the host, determining what software is included.";
|
||||
};
|
||||
|
||||
admin-email = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
description = "Email for the administrator of this host.";
|
||||
default = null;
|
||||
};
|
||||
|
||||
hardware-configuration = mkOption {
|
||||
type = types.attrs;
|
||||
description =
|
||||
"The hardware configuration of the host (i.e. the contents of hardware-configuration.nix)";
|
||||
};
|
||||
|
||||
local-users = mkOption {
|
||||
type = with types; listOf str;
|
||||
type = listOf str;
|
||||
description =
|
||||
"List of users who should have local (i.e. login) access to the host.";
|
||||
default = [ ];
|
||||
|
@ -62,25 +56,20 @@ let
|
|||
};
|
||||
|
||||
local-admins = mkOption {
|
||||
type = with types; listOf str;
|
||||
type = listOf str;
|
||||
description =
|
||||
"A list of users who should have admin access to this host.";
|
||||
default = [ ];
|
||||
};
|
||||
|
||||
local-groups = mkOption {
|
||||
type = with types; listOf str;
|
||||
type = listOf str;
|
||||
description = "List of groups which should exist on this host.";
|
||||
default = [ ];
|
||||
};
|
||||
|
||||
hardware-config = mkOption {
|
||||
type = types.str;
|
||||
description = "Path to the hardware configuration for this host.";
|
||||
};
|
||||
|
||||
ssh-fingerprints = mkOption {
|
||||
type = with types; listOf str;
|
||||
type = listOf str;
|
||||
description = ''
|
||||
A list of DNS SSHFP records for this host.
|
||||
'';
|
||||
|
@ -88,7 +77,7 @@ let
|
|||
};
|
||||
|
||||
rp = mkOption {
|
||||
type = with types; nullOr str;
|
||||
type = nullOr str;
|
||||
description = "Responsible person.";
|
||||
default = null;
|
||||
};
|
||||
|
@ -100,11 +89,12 @@ let
|
|||
};
|
||||
|
||||
in {
|
||||
options.fudo.hosts = mkOption {
|
||||
type = with types; attrsOf (submodule hostOpts);
|
||||
description = "Host configurations for all hosts known to the system.";
|
||||
default = { };
|
||||
};
|
||||
options.fudo.hosts = with types;
|
||||
mkOption {
|
||||
type = attrsOf (submodule hostOpts);
|
||||
description = "Host configurations for all hosts known to the system.";
|
||||
default = { };
|
||||
};
|
||||
|
||||
config = let
|
||||
hostname = config.instance.hostname;
|
||||
|
|
|
@ -12,12 +12,6 @@ let
|
|||
|
||||
traceout = out: builtins.trace out out;
|
||||
|
||||
hosts = let
|
||||
existingHosts = filterAttrs (host: hostOpts: hasAttr host cfg.fudo.hosts)
|
||||
cfg.network-definition.hosts;
|
||||
in mapAttrs (host: hostAttrs: hostAttrs // cfg.fudo.hosts.${host})
|
||||
existingHosts;
|
||||
|
||||
in {
|
||||
|
||||
options.fudo.local-network = with types; {
|
||||
|
@ -31,7 +25,7 @@ in {
|
|||
|
||||
dns-servers = mkOption {
|
||||
type = listOf str;
|
||||
description = "A list of domain name servers to pass to local clients..";
|
||||
description = "A list of domain name servers to pass to local clients.";
|
||||
};
|
||||
|
||||
dhcp-interfaces = mkOption {
|
||||
|
@ -74,12 +68,7 @@ in {
|
|||
recursive-resolver = mkOption {
|
||||
type = str;
|
||||
description = "DNS nameserver to use for recursive resolution.";
|
||||
default = "1.1.1.1";
|
||||
};
|
||||
|
||||
dns-server-ip = mkOption {
|
||||
type = str;
|
||||
description = "IP of the DNS server.";
|
||||
default = "1.1.1.1 port 53";
|
||||
};
|
||||
|
||||
search-domains = mkOption {
|
||||
|
@ -89,15 +78,18 @@ in {
|
|||
default = [ ];
|
||||
};
|
||||
|
||||
network-definition = mkOption {
|
||||
type =
|
||||
submodule (import ../types/network-definition.nix { inherit lib; });
|
||||
description = "Definition of network to be served by local server.";
|
||||
};
|
||||
network-definition =
|
||||
let networkOpts = import ../types/network-definition.nix { inherit lib; };
|
||||
in mkOption {
|
||||
type = submodule networkOpts;
|
||||
description = "Definition of network to be served by local server.";
|
||||
default = { };
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.dhcpd4 = {
|
||||
services.dhcpd4 = let network = cfg.network-definition;
|
||||
in {
|
||||
enable = true;
|
||||
|
||||
machines = mapAttrsToList (hostname: hostOpts: {
|
||||
|
@ -105,7 +97,8 @@ in {
|
|||
hostName = hostname;
|
||||
ipAddress = hostOpts.ipv4-address;
|
||||
}) (filterAttrs (host: hostOpts:
|
||||
hostOpts.mac-address != null && hostOpts.ipv4-address != null) hosts);
|
||||
hostOpts.mac-address != null && hostOpts.ipv4-address != null)
|
||||
network.hosts);
|
||||
|
||||
interfaces = cfg.dhcp-interfaces;
|
||||
|
||||
|
@ -137,7 +130,7 @@ in {
|
|||
file = let
|
||||
# We should add these...but need a domain to assign them to.
|
||||
# ip-last-el = ip: toInt (last (splitString "." ip));
|
||||
# used-els = map (host-data: ip-last-el host-data.ip-address) hosts-data;
|
||||
# used-els = map (host-data: ip-last-el host-data.ipv4-address) hosts-data;
|
||||
# unused-els = subtractLists used-els (map toString (range 1 255));
|
||||
|
||||
in pkgs.writeText "db.${block}-zone" ''
|
||||
|
@ -160,22 +153,31 @@ in {
|
|||
ipToBlock = ip:
|
||||
concatStringsSep "." (reverseList (take 3 (splitString "." ip)));
|
||||
compactHosts =
|
||||
mapAttrsToList (host: data: data // { host = host; }) hosts;
|
||||
mapAttrsToList (host: data: data // { host = host; }) network.hosts;
|
||||
hostsByBlock =
|
||||
groupBy (host-data: ipToBlock host-data.ip-address) compactHosts;
|
||||
groupBy (host-data: ipToBlock host-data.ipv4-address) compactHosts;
|
||||
hostPtrRecord = host-data:
|
||||
"${
|
||||
last (splitString "." host-data.ip-address)
|
||||
last (splitString "." host-data.ipv4-address)
|
||||
} IN PTR ${host-data.host}.${cfg.domain}.";
|
||||
|
||||
blockZones = mapAttrsToList blockHostsToZone hostsByBlock;
|
||||
|
||||
hostARecord = host: data: "${host} IN A ${data.ip-address}";
|
||||
hostARecord = host: data: "${host} IN A ${data.ipv4-address}";
|
||||
hostSshFpRecords = host: data:
|
||||
join-lines
|
||||
(map (sshfp: "${host} IN SSHFP ${sshfp}") data.ssh-fingerprints);
|
||||
let
|
||||
ssh-fingerprints = if (hasAttr host known-hosts) then
|
||||
known-hosts.${host}.ssh-fingerprints
|
||||
else
|
||||
[ ];
|
||||
in join-lines
|
||||
(map (sshfp: "${host} IN SSHFP ${sshfp}") ssh-fingerprints);
|
||||
cnameRecord = alias: host: "${alias} IN CNAME ${host}";
|
||||
|
||||
network = cfg.network-definition;
|
||||
|
||||
known-hosts = config.fudo.hosts;
|
||||
|
||||
in {
|
||||
enable = true;
|
||||
cacheNetworks = [ cfg.network "localhost" "localnets" ];
|
||||
|
@ -207,12 +209,17 @@ in {
|
|||
|
||||
$TTL 30m
|
||||
|
||||
ns1 IN A ${cfg.server-ip}
|
||||
${join-lines (mapAttrsToList hostARecord cfg.hosts)}
|
||||
${join-lines (mapAttrsToList hostSshFpRecords cfg.hosts)}
|
||||
${join-lines (mapAttrsToList cnameRecord cfg.aliases)}
|
||||
${join-lines cfg.extra-dns-records}
|
||||
${dns.srvRecordsToBindZone cfg.srv-records}
|
||||
${optionalString (network.gssapi-realm != null)
|
||||
''_kerberos IN TXT "${network.gssapi-realm}"''}
|
||||
|
||||
${join-lines
|
||||
(imap1 (i: server-ip: "ns${toString i} IN A ${server-ip}")
|
||||
cfg.dns-servers)}
|
||||
${join-lines (mapAttrsToList hostARecord network.hosts)}
|
||||
${join-lines (mapAttrsToList hostSshFpRecords network.hosts)}
|
||||
${join-lines (mapAttrsToList cnameRecord network.aliases)}
|
||||
${join-lines network.verbatim-dns-records}
|
||||
${dns.srvRecordsToBindZone network.srv-records}
|
||||
'';
|
||||
}] ++ blockZones;
|
||||
};
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
with types;
|
||||
let networkOpts = import ../types/network-definition.nix { inherit lib; };
|
||||
|
||||
in {
|
||||
options.fudo.networks = mkOption {
|
||||
type = attrsOf (submodule networkOpts);
|
||||
description = "A map of networks to network definitions.";
|
||||
default = { };
|
||||
};
|
||||
}
|
|
@ -0,0 +1,86 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
{
|
||||
default-host = "10.0.0.1";
|
||||
|
||||
mx = [ "mail.fudo.org" ];
|
||||
|
||||
hosts = {
|
||||
clunk = {
|
||||
ipv4-address = "10.0.0.1";
|
||||
mac-address = "02:44:d1:eb:c3:6b";
|
||||
};
|
||||
|
||||
dns-proxy = {
|
||||
ipv4-address = "10.0.0.2";
|
||||
# This is just a second IP on clunk, for the pihole
|
||||
};
|
||||
|
||||
google-wifi = {
|
||||
ipv4-address = "10.0.0.11";
|
||||
mac-address = "70:3a:cb:c0:3b:09";
|
||||
};
|
||||
|
||||
pselby-work = {
|
||||
ipv4-address = "10.0.0.151";
|
||||
mac-address = "00:50:b6:aa:bd:b3";
|
||||
};
|
||||
|
||||
downstairs-desktop = {
|
||||
ipv4-address = "10.0.0.100";
|
||||
mac-address = "90:b1:1c:8e:29:cf";
|
||||
};
|
||||
|
||||
upstairs-desktop = {
|
||||
ipv4-address = "10.0.0.101";
|
||||
mac-address = "80:e8:2c:22:65:c2";
|
||||
};
|
||||
};
|
||||
|
||||
aliases = {
|
||||
dns-hole = "clunk";
|
||||
gateway = "clunk";
|
||||
upstairs = "upstairs-desktop";
|
||||
downstairs = "downstairs-desktop";
|
||||
};
|
||||
|
||||
srv-records = {
|
||||
tcp = {
|
||||
domain = [{
|
||||
port = 53;
|
||||
host = "clunk.${local-domain}";
|
||||
}];
|
||||
kerberos = [{
|
||||
port = 88;
|
||||
host = "france.fudo.org";
|
||||
}];
|
||||
kerberos-adm = [{
|
||||
port = 88;
|
||||
host = "france.fudo.org";
|
||||
}];
|
||||
ssh = [{
|
||||
port = 22;
|
||||
host = "clunk.${local-domain}";
|
||||
}];
|
||||
};
|
||||
|
||||
udp = {
|
||||
domain = [{
|
||||
port = 53;
|
||||
host = "clunk.${local-domain}";
|
||||
}];
|
||||
kerberos = [{
|
||||
port = 88;
|
||||
host = "france.fudo.org";
|
||||
}];
|
||||
kerboros-master = [{
|
||||
port = 88;
|
||||
host = "france.fudo.org";
|
||||
}];
|
||||
kpasswd = [{
|
||||
port = 464;
|
||||
host = "france.fudo.org";
|
||||
}];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,214 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
{
|
||||
default-host = "10.0.0.1";
|
||||
|
||||
mx = [ "mail.fudo.org" ];
|
||||
|
||||
aliases = {
|
||||
kadmin = "nostromo";
|
||||
kdc = "nostromo";
|
||||
photo = "doraemon";
|
||||
music = "doraemon";
|
||||
panopticon = "lambda";
|
||||
panopticon-od = "lambda";
|
||||
ipfs = "nostromo";
|
||||
hole = "nostromo";
|
||||
pihole = "nostromo";
|
||||
dns-hole = "nostromo";
|
||||
mon-1 = "srv-1";
|
||||
};
|
||||
|
||||
srv-records = {
|
||||
tcp = {
|
||||
domain = [{
|
||||
port = 53;
|
||||
host = "nostromo.sea.fudo.org";
|
||||
}];
|
||||
kerberos = [{
|
||||
port = 88;
|
||||
host = "france.fudo.org";
|
||||
}];
|
||||
kerberos-adm = [{
|
||||
port = 88;
|
||||
host = "france.fudo.org";
|
||||
}];
|
||||
ssh = [{
|
||||
port = 22;
|
||||
host = "nostromo.sea.fudo.org";
|
||||
}];
|
||||
ldap = [{
|
||||
port = 389;
|
||||
host = "france.fudo.org";
|
||||
}];
|
||||
};
|
||||
|
||||
udp = {
|
||||
domain = [{
|
||||
port = 53;
|
||||
host = "nostromo.sea.fudo.org";
|
||||
}];
|
||||
kerberos = [{
|
||||
port = 88;
|
||||
host = "france.fudo.org";
|
||||
}];
|
||||
kerboros-master = [{
|
||||
port = 88;
|
||||
host = "france.fudo.org";
|
||||
}];
|
||||
kpasswd = [{
|
||||
port = 464;
|
||||
host = "france.fudo.org";
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
hosts = {
|
||||
nostromo = {
|
||||
ip-address = "10.0.0.1";
|
||||
mac-address = "46:54:76:06:f1:10";
|
||||
};
|
||||
lm = {
|
||||
ip-address = "10.0.0.2";
|
||||
mac-address = "00:23:7d:e6:d9:ea";
|
||||
};
|
||||
lambda = {
|
||||
ip-address = "10.0.0.3";
|
||||
mac-address = "02:50:f6:52:9f:9d";
|
||||
};
|
||||
switch-master = {
|
||||
ip-address = "10.0.0.5";
|
||||
mac-address = "00:14:1C:B6:BB:40";
|
||||
};
|
||||
google-wifi = {
|
||||
ip-address = "10.0.0.7";
|
||||
mac-address = "7C:D9:5C:9F:6F:E9";
|
||||
};
|
||||
cam-entrance = {
|
||||
ip-address = "10.0.0.31";
|
||||
mac-address = "9c:8e:cd:0e:99:7b";
|
||||
};
|
||||
cam-driveway = {
|
||||
ip-address = "10.0.0.32";
|
||||
mac-address = "9c:8e:cd:0d:3b:09";
|
||||
};
|
||||
cam-deck = {
|
||||
ip-address = "10.0.0.33";
|
||||
mac-address = "9c:8e:cd:0e:98:c8";
|
||||
};
|
||||
cargo = {
|
||||
ip-address = "10.0.0.50";
|
||||
mac-address = "00:11:32:75:d8:b7";
|
||||
};
|
||||
whitedwarf = {
|
||||
ip-address = "10.0.0.51";
|
||||
mac-address = "00:11:32:12:14:1d";
|
||||
};
|
||||
doraemon = {
|
||||
ip-address = "10.0.0.52";
|
||||
mac-address = "00:11:32:0a:06:c5";
|
||||
};
|
||||
android = {
|
||||
ip-address = "10.0.0.81";
|
||||
mac-address = "00:16:3e:43:39:fc";
|
||||
};
|
||||
retro-wired = {
|
||||
ip-address = "10.0.0.82";
|
||||
mac-address = "dc:a6:32:6b:57:43";
|
||||
};
|
||||
retro = {
|
||||
ip-address = "10.0.0.83";
|
||||
mac-address = "dc:a6:32:6b:57:45";
|
||||
};
|
||||
monolith = {
|
||||
ip-address = "10.0.0.100";
|
||||
mac-address = "6c:62:6d:c8:b0:d8";
|
||||
};
|
||||
taipan = {
|
||||
ip-address = "10.0.0.107";
|
||||
mac-address = "52:54:00:34:c4:78";
|
||||
};
|
||||
spark = {
|
||||
ip-address = "10.0.0.108";
|
||||
mac-address = "78:24:af:04:f7:dd";
|
||||
};
|
||||
hyperion = {
|
||||
ip-address = "10.0.0.109";
|
||||
mac-address = "52:54:00:33:46:de";
|
||||
};
|
||||
zbox = {
|
||||
ip-address = "10.0.0.110";
|
||||
mac-address = "02:dd:80:52:83:9b";
|
||||
};
|
||||
ubiquiti-wifi = {
|
||||
ip-address = "10.0.0.126";
|
||||
mac-address = "04:18:d6:20:48:fb";
|
||||
};
|
||||
generator-wireless = {
|
||||
ip-address = "10.0.0.130";
|
||||
mac-address = "B8:27:EB:A6:32:26";
|
||||
};
|
||||
brother-wireless = {
|
||||
ip-address = "10.0.0.160";
|
||||
mac-address = "c0:38:96:64:49:65";
|
||||
};
|
||||
nest = {
|
||||
ip-address = "10.0.0.176";
|
||||
mac-address = "18:b4:30:16:7c:5a";
|
||||
};
|
||||
xixi-phone = {
|
||||
ip-address = "10.0.0.193";
|
||||
mac-address = "48:43:7c:75:89:42";
|
||||
};
|
||||
ipad = {
|
||||
ip-address = "10.0.0.202";
|
||||
mac-address = "9c:35:eb:48:6e:71";
|
||||
};
|
||||
cam-front = {
|
||||
ip-address = "10.0.0.203";
|
||||
mac-address = "c4:d6:55:3e:b4:c3";
|
||||
};
|
||||
family-tv = {
|
||||
ip-address = "10.0.0.205";
|
||||
mac-address = "84:a4:66:3a:b1:f8";
|
||||
};
|
||||
babycam = {
|
||||
ip-address = "10.0.0.206";
|
||||
mac-address = "08:ea:40:59:5f:9e";
|
||||
};
|
||||
workphone = {
|
||||
ip-address = "10.0.0.211";
|
||||
mac-address = "a8:8e:24:5c:12:67";
|
||||
};
|
||||
chromecast-2 = {
|
||||
ip-address = "10.0.0.215";
|
||||
mac-address = "a4:77:33:59:a2:ba";
|
||||
};
|
||||
front-light = {
|
||||
ip-address = "10.0.0.221";
|
||||
mac-address = "94:10:3e:48:94:ed";
|
||||
};
|
||||
|
||||
# Ceph network
|
||||
srv-1 = {
|
||||
ip-address = "10.0.10.1";
|
||||
mac-address = "02:65:d7:00:7d:1b";
|
||||
};
|
||||
node-1 = {
|
||||
ip-address = "10.0.10.101";
|
||||
mac-address = "00:1e:06:36:81:cf";
|
||||
};
|
||||
node-2 = {
|
||||
ip-address = "10.0.10.102";
|
||||
mac-address = "00:1e:06:36:ec:3e";
|
||||
};
|
||||
node-3 = {
|
||||
ip-address = "10.0.10.103";
|
||||
mac-address = "00:1e:06:36:ec:4b";
|
||||
};
|
||||
node-4 = {
|
||||
ip-address = "10.0.10.104";
|
||||
mac-address = "00:1e:06:36:dd:8c";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -7,6 +7,7 @@ let
|
|||
service = {
|
||||
type = str;
|
||||
description = "Service name of SRV record.";
|
||||
default = service;
|
||||
};
|
||||
|
||||
priority = mkOption {
|
||||
|
@ -15,6 +16,13 @@ let
|
|||
default = 0;
|
||||
};
|
||||
|
||||
weight = mkOption {
|
||||
type = int;
|
||||
description =
|
||||
"Weight to give this record, among records of equivalent priority.";
|
||||
default = 5;
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = port;
|
||||
description = "Port for service on this host.";
|
||||
|
@ -29,7 +37,7 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
hostOpts = { hostname, ... }: {
|
||||
networkHostOpts = { hostname, ... }: {
|
||||
options = with types; {
|
||||
hostname = mkOption {
|
||||
type = str;
|
||||
|
@ -40,22 +48,18 @@ let
|
|||
|
||||
ipv4-address = mkOption {
|
||||
type = nullOr str;
|
||||
description = ''
|
||||
The V4 IP of a given host, if any.
|
||||
'';
|
||||
description = "The V4 IP of a given host, if any.";
|
||||
default = null;
|
||||
};
|
||||
|
||||
ipv6-address = mkOption {
|
||||
type = nullOr str;
|
||||
description = ''
|
||||
The V6 IP of a given host, if any.
|
||||
'';
|
||||
description = "The V6 IP of a given host, if any.";
|
||||
default = null;
|
||||
};
|
||||
|
||||
mac-address = mkOption {
|
||||
type = with types; nullOr types.str;
|
||||
type = nullOr types.str;
|
||||
description =
|
||||
"The MAC address of a given host, if desired for IP reservation.";
|
||||
default = null;
|
||||
|
@ -65,16 +69,22 @@ let
|
|||
|
||||
in {
|
||||
options = with types; {
|
||||
hosts = {
|
||||
type = attrsOf networkHostOpts;
|
||||
hosts = mkOption {
|
||||
type = attrsOf (submodule networkHostOpts);
|
||||
description = "Hosts on the local network, with relevant settings.";
|
||||
example = {
|
||||
my-host = {
|
||||
ipv4-address = "192.168.0.1";
|
||||
mac-address = "aa:aa:aa:aa:aa";
|
||||
};
|
||||
};
|
||||
default = { };
|
||||
};
|
||||
|
||||
srv-records = {
|
||||
type = attrsOf (attrsOf (listOf (submodule protocolSrvRecords)));
|
||||
srv-records = mkOption {
|
||||
type = attrsOf (attrsOf (listOf (submodule srvRecordOpts)));
|
||||
description = "SRV records for the network.";
|
||||
default = {
|
||||
example = {
|
||||
tcp = {
|
||||
kerberos = {
|
||||
port = 88;
|
||||
|
@ -82,6 +92,7 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
default = { };
|
||||
};
|
||||
|
||||
aliases = mkOption {
|
||||
|
@ -121,5 +132,11 @@ in {
|
|||
description = "A list of mail servers serving this domain.";
|
||||
default = [ ];
|
||||
};
|
||||
|
||||
gssapi-realm = mkOption {
|
||||
type = nullOr str;
|
||||
description = "Kerberos GSSAPI realm of the network.";
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue