nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Seems to be almost working

This commit is contained in:
Niten 2021-03-01 16:43:27 -06:00
parent de56949c14
commit 72cf88bdec
18 changed files with 754 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/default.nix
View File

@ -7,6 +7,7 @@
./domains.nix ./domains.nix
./groups.nix ./groups.nix
./hosts.nix ./hosts.nix
./networks.nix
./sites.nix ./sites.nix
./users.nix ./users.nix
./wireless-networks.nix ./wireless-networks.nix

107
config/hosts.nix
View File

@ -5,30 +5,112 @@
atom = { atom = {
description = "Niten's toy laptop."; description = "Niten's toy laptop.";
enable-gui = false; enable-gui = false;
rp = "niten";
admin-email = "niten@fudo.org";
domain = "sea.fudo.org";
site = "seattle";
profile = "laptop";
}; };
clunk = { clunk = {
description = "rus.selby.ca gateway box."; description = "rus.selby.ca gateway box.";
docker-server = true; docker-server = true;
ssh-fingerprints = [
"1 1 0e23d2156b1f9fca8552a0105c125aed76e51728"
"1 2 6d8dfc355102c9870945c6d79c1d19934d29e8b63303260101df51716963b7f5"
"4 1 c31a6ecaa02210e3ad72a835a072a05f043c2ef4"
"4 2 296ce1b91ac942a8b91e5c6316ea520d0cec14ac819a04bb262af6d4bdced696"
];
rp = "niten";
admin-email = "niten@fudo.org";
domain = "rus.selby.ca";
site = "russell";
profile = "server";
};
downstairs-desktop = {
description = "Downstairs desktop in Russell.";
ssh-fingerprints = [
"1 1 ce704716ec0c3e330a243648531a10a2c78dd1ff"
"1 2 6042bbc9b16122a4b63b1cfb84e179ae65911361e9d88ee3f0cd6659428ba27e"
"3 1 de6dda3f72ee7043c804a7ad382033f3565b3b84"
"3 2 cb611dd503fa15e913a101be15295f9084fa585b3225b6c1084521bff9b2140b"
"4 1 a9a139b92851b3d9df2742a13bfea59c3e6e842e"
"4 2 2260bfab177ab1ffb6a855b02b5a1aa719d765610e6a7bc79b09c340ce7c1236"
];
rp = "niten";
admin-email = "niten@fudo.org";
domain = "rus.selby.ca";
site = "russell";
profile = "desktop";
}; };
france = { france = {
description = "Primary fudo.org server."; description = "Primary fudo.org server.";
docker-server = true; docker-server = true;
ssh-fingerprints = [
"1 1 1b6d62dafae9ebc59169dfb4ef828582a5450d94"
"1 2 079e7a57873542541095bf3d2f97b7350bb457d027b423a6fb56f7f6aa84ac80"
"4 1 c95a198f504a589fc62893a95424b12f0b24732d"
"4 2 3e7dad879d6cab7f7fb6769e156d7988d0c01281618d03b793834eea2f09bc96"
];
rp = "admin";
admin-email = "admin@fudo.org";
domain = "fudo.org";
site = "portage";
profile = "server";
};
google-wifi = {
description = "Google WiFi router.";
rp = "niten";
}; };
lambda = { lambda = {
description = "sea.fudo.org experiment server."; description = "sea.fudo.org experiment server.";
docker-server = true; docker-server = true;
ssh-fingerprints = [
"1 1 128919958a358d44d1c8d76d29b1fa1514f9ad35"
"1 2 cd0ae0bb7e65f4058efdb2d7073de97ac403b1ef6f1527a23c60390d9a6bad88"
"4 1 a689caa9f1e75c6378efed592bc0d623e4b7d199"
"4 2 5856ae661077203fba74a226dd77a17d69d6fda8ab960bfeb22a14c253f4472f"
];
rp = "niten";
admin-email = "niten@fudo.org";
domain = "sea.fudo.org";
site = "seattle";
profile = "server";
}; };
nostromo = { nostromo = {
description = "sea.fudo.org gateway box and primary server."; description = "sea.fudo.org gateway box and primary server.";
docker-server = true; docker-server = true;
ssh-fingerprints = [
"1 1 075ee0ae86debffa6fd61436984b39e4699c93c6"
"1 2 17a555b21fe08841c8dfb0d598dc2da117b94bf5a94cbf2c6b391eafd3e2c15e"
"4 1 ce86eabbe6f015e6422d0f5ef9ae32cc7beb1f42"
"4 2 44a5741825d43e571f6f9eb91e8c102eea75a4632dd8a9c80668e091a5fdf7f5"
];
rp = "niten";
admin-email = "niten@fudo.org";
domain = "sea.fudo.org";
site = "seattle";
profile = "server";
}; };
plato = { plato = {
description = "Niten's toy server."; description = "Niten's toy server.";
ssh-fingerprints = [
"4 1 9cc052ed00cbfd82c60530ebb3a35c25c0aeace9"
"4 2 5938044054e9fa6cf3ad8176ef8e81b86eede598c19388220d4b07587f6f1c3c"
"1 1 eebe1d4a24e0e2dbc46a7cb1107333c06e60d89e"
"1 2 a96609da442372bd73044d823b4b56bbaa597725c846b4326be76c323bb47ab3"
];
rp = "niten";
admin-email = "niten@fudo.org";
domain = "rus.selby.ca";
site = "russell";
profile = "server";
}; };
procul = { procul = {
@ -36,12 +118,27 @@
docker-server = true; docker-server = true;
}; };
spark = { pselby-work = { description = "Google Lenovo work laptop."; };
description = "Niten's backup desktop.";
spark = { description = "Niten's backup desktop."; };
upstairs-desktop = {
description = "Upstairs desktop in Russell.";
ssh-fingerprints = [
"1 1 f927527d712391b57aef6d2e7c3f225a86b62bf4"
"1 2 17aece61156ba14c439aeae2e7b0f86daf97eea904241c35980f974ca1744c3d"
"3 1 70f5f613e66e53a74534d33cd7ebf248cfdc3024"
"3 2 774f1f00614751e51faa0add55183973893313d3a236d269adc3ab3c1f67c952"
"4 1 e81e07d1ae7526c457a46ab1f18af3c016b4f48e"
"4 2 e5af579cfb7f68b22492f5286b5249c5de74debf2a6cac78c070790f424566aa"
];
rp = "niten";
admin-email = "niten@fudo.org";
domain = "rus.selby.ca";
site = "russell";
profile = "desktop";
}; };
zbox = { zbox = { description = "Niten's primary desktop."; };
description = "Niten's primary desktop.";
};
}; };
} }

26
config/hosts/clunk.nix
View File

@ -16,23 +16,22 @@ in {
domain = config.fudo.domains.${domain-name}; domain = config.fudo.domains.${domain-name};
in { in {
# FIXME: think about this -- actual network config?
enable = true; enable = true;
# NOTE: requests go: # NOTE: requests go:
# - local bind instance # - local bind instance
# - pi-hole # - pi-hole
# - DoH resolver # - DoH resolver
domain = domain-name;
dns-servers = [ primary-ip ]; dns-servers = [ primary-ip ];
gateway = primary-ip; gateway = primary-ip;
dhcp-interfaces = [ "intif0" ]; dhcp-interfaces = [ "intif0" ];
dns-serve-ips = [ primary-ip "127.0.0.1" "127.0.1.1" "::1" ]; dns-listen-ips = [ primary-ip "127.0.0.1" "127.0.1.1" "::1" ];
recursive-resolver = "${primary-ip} port 5353"; recursive-resolver = "${primary-ip} port 5353";
server-ip = primary-ip;
domain = "rus.selby.ca";
network = site.network; network = site.network;
dhcp-dynamic-network = site.dynamic-network; dhcp-dynamic-network = site.dynamic-network;
hosts = domain.hosts; search-domains = [ domain-name "selby.ca" ];
enable-reverse-mappings = true;
network-definition = config.fudo.networks."rus.selby.ca";
}; };
networking = { networking = {
@ -43,12 +42,11 @@ in {
}; };
interfaces = { interfaces = {
enp1s0.useDHCP = false;
enp2s0.useDHCP = false; enp2s0.useDHCP = false;
enp3s0.useDHCP = false; enp3s0.useDHCP = false;
enp4s0.useDHCP = false; enp4s0.useDHCP = false;
enp1s0.useDHCP = true;
intif0 = { intif0 = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [ ipv4.addresses = [
@ -132,17 +130,7 @@ in {
"hole" "hole"
]; ];
locations."/" = { locations."/" = { proxyPass = "http://127.0.0.1:3080"; };
proxyPass = "http://127.0.0.1:3080";
# extraConfig = ''
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-By $server_addr:$server_port;
# proxy_set_header X-Forwarded-For $remote_addr;
# proxy_set_header X-Forwarded-Proto $scheme;
# '';
};
}; };
}; };
}; };

8
config/networks.nix Normal file
View File

@ -0,0 +1,8 @@
{ config, lib, pkgs, ... }:
{
config.fudo.networks = {
"rus.selby.ca" = import ./networks/rus.selby.ca.nix { inherit config lib; };
"sea.fudo.org" = import ./networks/rus.selby.ca.nix { inherit config lib; };
};
}

186
config/networks/fudo.org.nix Normal file
View File

@ -0,0 +1,186 @@
{ config, lib, ... }:
{
mx = [ "mail.fudo.org" ];
default-host = "208.81.3.117";
aliases = {
pop = "mail.fudo.org.";
smtp = "mail.fudo.org.";
imap = "mail.fudo.org.";
webmail = "france.fudo.org.";
archiva = "france.fudo.org.";
auth = "france.fudo.org.";
backplane = "france.fudo.org.";
chat = "france.fudo.org.";
de = "germany.fudo.org.";
fr = "france.fudo.org.";
git = "france.fudo.org.";
metrics = "france.fudo.org.";
minecraft = "france.fudo.org.";
monitor = "france.fudo.org.";
user = "paris.fudo.org.";
u = "user.fudo.org.";
w = "www.fudo.org.";
ww = "www.fudo.org.";
www = "hanover.fudo.org.";
wiki = "hanover.fudo.org.";
};
extra-dns-records = [
''@ IN TXT "v=spf1 mx ip4:208.81.3.112/28 ip6:2605:e200:d200::1/48 -all"''
''@ IN SPF "v=spf1 mx ip4:208.81.3.112/28 ip6:2605:e200:d200::1/48 -all"''
];
dmarc-report-address = "dmarc-report@fudo.org";
srv-records = {
tcp = {
domain = [
{
host = "ns1.fudo.org";
port = 53;
}
{
host = "ns2.fudo.org";
port = 53;
}
{
host = "ns3.fudo.org";
port = 53;
}
{
host = "ns4.fudo.org";
port = 53;
}
];
ssh = [{
host = "france.fudo.org";
port = 22;
}];
smtp = [{
host = "mail.fudo.org";
port = 25;
}];
submission = [{
host = "mail.fudo.org";
port = 587;
}];
kerberos = [{
host = "france.fudo.org";
port = 88;
}];
imaps = [{
host = "mail.fudo.org";
port = 993;
}];
ldap = [{
host = "france.fudo.org";
port = 389;
}];
ldaps = [{
host = "france.fudo.org";
port = 636;
}];
pop3s = [{
host = "mail.fudo.org";
port = 995;
}];
http = [{
host = "wiki.fudo.org";
port = 80;
}];
https = [{
host = "wiki.fudo.org";
port = 80;
}];
xmpp-server = [{
host = "fudo.im";
port = 5269;
}];
xmpp-client = [{
host = "fudo.im";
port = 5222;
}];
};
udp = {
domain = [
{
host = "ns1.fudo.org";
port = 53;
}
{
host = "ns2.fudo.org";
port = 53;
}
{
host = "ns3.fudo.org";
port = 53;
}
{
host = "ns4.fudo.org";
port = 53;
}
];
kerberos = [{
host = "france.fudo.org";
port = 88;
}];
kerberos-master = [{
host = "france.fudo.org";
port = 88;
}];
kpasswd = [{
host = "france.fudo.org";
port = 464;
}];
xmpp-server = [{
host = "fudo.im";
port = 5269;
}];
};
};
hosts = {
cisco = { ipv4-address = "198.163.150.211"; };
cisco-int = { ipv4-address = "10.73.77.10"; };
cupid = { ipv4-address = "208.38.36.100"; };
docker = { ipv4-address = "208.81.3.126"; };
france = { ipv4-address = "208.81.3.117"; };
frankfurt = {
ipv4-address = "208.81.3.120";
ipv6-address = "2605:e200:d200:1:5054:ff:fe8c:9738";
};
germany = {
ipv4-address = "208.81.3.116";
ipv6-address = "2605:e200:d200:1:78d9:d8ff:fe0f:dd88";
};
hanover = {
ipv4-address = "208.81.1.130";
ipv6-address = "2605:e200:d100:1:5054:ff:fe61:ac8b";
};
localhost = { ipv4-address = "127.0.0.1"; };
lsbb-gba = { ipv4-address = "199.101.56.34"; };
lsbb-abg = { ipv4-address = "199.101.56.38"; };
lsbb-hwd = { ipv4-address = "199.101.56.106"; };
lsbb-hcl = { ipv4-address = "199.101.56.110"; };
procul = { ipv4-address = "172.86.179.18"; };
prunel = { ipv4-address = "208.81.3.123"; };
mbix = { ipv4-address = "208.81.7.146"; };
ns3-fudo = { ipv4-address = "208.75.74.205"; };
ns3-dair = { ipv4-address = "208.75.74.205"; };
ns4-fudo = { ipv4-address = "208.75.75.157"; };
ns4-dair = { ipv4-address = "208.75.75.157"; };
paris = {
ipv4-address = "208.81.3.125";
ipv6-address = "2605:e200:d200:1:5054:ff:fe67:d0c1";
};
probe = { ipv4-address = "208.81.3.119"; };
tours = {
ipv4-address = "208.81.3.121";
ipv6-address = "2605:e200:d200:1:5054:ff:fe95:34e5";
};
};
}

82
config/local-network/rus.selby.ca.nix → config/networks/rus.selby.ca.nix
View File

@ -1,12 +1,52 @@
{ config, lib, ... }:
let local-domain = "rus.selby.ca"; let local-domain = "rus.selby.ca";
in { in {
domain = "${local-domain}"; default-host = "10.0.0.1";
network = "10.0.0.0/16"; mx = [ "mail.fudo.org" ];
dhcp-dynamic-network = "10.0.1.0/24"; gssapi-realm = "FUDO.ORG";
enable-reverse-mappings = true; hosts = {
clunk = {
ipv4-address = "10.0.0.1";
mac-address = "02:44:d1:eb:c3:6b";
};
dns-proxy = {
ipv4-address = "10.0.0.2";
# This is just an alias for clunk's primary interface
};
google-wifi = {
ipv4-address = "10.0.0.11";
mac-address = "70:3a:cb:c0:3b:09";
};
pselby-work = {
ipv4-address = "10.0.0.151";
mac-address = "00:50:b6:aa:bd:b3";
};
downstairs-desktop = {
ipv4-address = "10.0.0.100";
mac-address = "90:b1:1c:8e:29:cf";
};
upstairs-desktop = {
ipv4-address = "10.0.0.101";
mac-address = "80:e8:2c:22:65:c2";
};
};
aliases = {
dns-hole = "clunk";
gateway = "clunk";
upstairs = "upstairs-desktop";
downstairs = "downstairs-desktop";
};
srv-records = { srv-records = {
tcp = { tcp = {
@ -47,38 +87,4 @@ in {
}]; }];
}; };
}; };
aliases = { dns-hole = "clunk"; };
hosts = {
clunk = {
ip-address = "10.0.0.1";
mac-address = "02:44:d1:eb:c3:6b";
};
dns-proxy = {
ip-address = "10.0.0.2";
# This is just an alias for clunk's primary interface
};
google-wifi = {
ip-address = "10.0.0.11";
mac-address = "70:3a:cb:c0:3b:09";
};
pselby-work = {
ip-address = "10.0.0.151";
mac-address = "00:50:b6:aa:bd:b3";
};
downstairs-desktop = {
ip-address = "10.0.0.100";
mac-address = "90:b1:1c:8e:29:cf";
};
upstairs-desktop = {
ip-address = "10.0.0.101";
mac-address = "80:e8:2c:22:65:c2";
};
};
} }

0
config/local-network/sea.fudo.org.nix → config/networks/sea.fudo.org.nix
View File

2
config/profiles/server.nix
View File

@ -48,7 +48,7 @@ in {
emacs-nox emacs-nox
ldns ldns
ldns.examples ldns.examples
jdk14_headless jdk12_headless
racket-minimal racket-minimal
reboot-if-necessary reboot-if-necessary
test-config test-config

2
configuration.nix
View File

@ -13,7 +13,7 @@ in {
domain = local.domain; domain = local.domain;
home-manager-package = builtins.fetchGit { home-manager-package = builtins.fetchGit {
url = "https://github.com/nix-community/home-manager.git"; url = "https://github.com/nix-community/home-manager.git";
ref = "release-20.09"; ref = "release-20.03";
}; };
}) })
]; ];

1
lib/default.nix
View File

@ -29,6 +29,7 @@ with lib; {
./fudo/mail-container.nix ./fudo/mail-container.nix
./fudo/minecraft-server.nix ./fudo/minecraft-server.nix
./fudo/netinfo-email.nix ./fudo/netinfo-email.nix
./fudo/networks.nix
./fudo/node-exporter.nix ./fudo/node-exporter.nix
./fudo/password.nix ./fudo/password.nix
./fudo/postgres.nix ./fudo/postgres.nix

3
lib/fudo/dns.nix
View File

@ -123,6 +123,9 @@ in {
$TTL 6h $TTL 6h
${optionalString (dom-cfg.gssapi-realm != null)
''_kerberos IN TXT "${dom-cfg.gssapi-realm}"''}
${nsRecords dom cfg.nameservers} ${nsRecords dom cfg.nameservers}
${join-lines (mapAttrsToList hostRecords cfg.nameservers)} ${join-lines (mapAttrsToList hostRecords cfg.nameservers)}

4
lib/fudo/domains.nix
View File

@ -33,8 +33,8 @@ let
local-groups = mkOption { local-groups = mkOption {
type = with types; listOf str; type = with types; listOf str;
description = "List of groups which should exist within this domain."; description = "List of groups which should exist within this domain.";
default = [ ]; default = [ ];
}; };
admin-email = mkOption { admin-email = mkOption {

40
lib/fudo/hosts.nix
View File

@ -3,7 +3,7 @@
with lib; with lib;
let let
hostOpts = { hostname, ... }: { hostOpts = { hostname, ... }: {
options = { options = with types; {
hostname = mkOption { hostname = mkOption {
type = types.str; type = types.str;
description = "Hostname (without domain name)."; description = "Hostname (without domain name).";
@ -23,7 +23,7 @@ let
}; };
local-networks = mkOption { local-networks = mkOption {
type = with types; listof str; type = listof str;
description = description =
"A list of networks to be considered trusted by this host."; "A list of networks to be considered trusted by this host.";
default = [ "127.0.0.0/8" ]; default = [ "127.0.0.0/8" ];
@ -31,25 +31,19 @@ let
profile = mkOption { profile = mkOption {
# FIXME: get this list from profiles directly # FIXME: get this list from profiles directly
type = with types; listof (enum "desktop" "laptop" "server"); type = listof (enum "desktop" "laptop" "server");
description = description =
"The profile to be applied to the host, determining what software is included."; "The profile to be applied to the host, determining what software is included.";
}; };
admin-email = mkOption { admin-email = mkOption {
type = with types; nullOr str; type = nullOr str;
description = "Email for the administrator of this host."; description = "Email for the administrator of this host.";
default = null; default = null;
}; };
hardware-configuration = mkOption {
type = types.attrs;
description =
"The hardware configuration of the host (i.e. the contents of hardware-configuration.nix)";
};
local-users = mkOption { local-users = mkOption {
type = with types; listOf str; type = listOf str;
description = description =
"List of users who should have local (i.e. login) access to the host."; "List of users who should have local (i.e. login) access to the host.";
default = [ ]; default = [ ];
@ -62,25 +56,20 @@ let
}; };
local-admins = mkOption { local-admins = mkOption {
type = with types; listOf str; type = listOf str;
description = description =
"A list of users who should have admin access to this host."; "A list of users who should have admin access to this host.";
default = [ ]; default = [ ];
}; };
local-groups = mkOption { local-groups = mkOption {
type = with types; listOf str; type = listOf str;
description = "List of groups which should exist on this host."; description = "List of groups which should exist on this host.";
default = [ ]; default = [ ];
}; };
hardware-config = mkOption {
type = types.str;
description = "Path to the hardware configuration for this host.";
};
ssh-fingerprints = mkOption { ssh-fingerprints = mkOption {
type = with types; listOf str; type = listOf str;
description = '' description = ''
A list of DNS SSHFP records for this host. A list of DNS SSHFP records for this host.
''; '';
@ -88,7 +77,7 @@ let
}; };
rp = mkOption { rp = mkOption {
type = with types; nullOr str; type = nullOr str;
description = "Responsible person."; description = "Responsible person.";
default = null; default = null;
}; };
@ -100,11 +89,12 @@ let
}; };
in { in {
options.fudo.hosts = mkOption { options.fudo.hosts = with types;
type = with types; attrsOf (submodule hostOpts); mkOption {
description = "Host configurations for all hosts known to the system."; type = attrsOf (submodule hostOpts);
default = { }; description = "Host configurations for all hosts known to the system.";
}; default = { };
};
config = let config = let
hostname = config.instance.hostname; hostname = config.instance.hostname;

73
lib/fudo/local-network.nix
View File

@ -12,12 +12,6 @@ let
traceout = out: builtins.trace out out; traceout = out: builtins.trace out out;
hosts = let
existingHosts = filterAttrs (host: hostOpts: hasAttr host cfg.fudo.hosts)
cfg.network-definition.hosts;
in mapAttrs (host: hostAttrs: hostAttrs // cfg.fudo.hosts.${host})
existingHosts;
in { in {
options.fudo.local-network = with types; { options.fudo.local-network = with types; {
@ -31,7 +25,7 @@ in {
dns-servers = mkOption { dns-servers = mkOption {
type = listOf str; type = listOf str;
description = "A list of domain name servers to pass to local clients.."; description = "A list of domain name servers to pass to local clients.";
}; };
dhcp-interfaces = mkOption { dhcp-interfaces = mkOption {
@ -74,12 +68,7 @@ in {
recursive-resolver = mkOption { recursive-resolver = mkOption {
type = str; type = str;
description = "DNS nameserver to use for recursive resolution."; description = "DNS nameserver to use for recursive resolution.";
default = "1.1.1.1"; default = "1.1.1.1 port 53";
};
dns-server-ip = mkOption {
type = str;
description = "IP of the DNS server.";
}; };
search-domains = mkOption { search-domains = mkOption {
@ -89,15 +78,18 @@ in {
default = [ ]; default = [ ];
}; };
network-definition = mkOption { network-definition =
type = let networkOpts = import ../types/network-definition.nix { inherit lib; };
submodule (import ../types/network-definition.nix { inherit lib; }); in mkOption {
description = "Definition of network to be served by local server."; type = submodule networkOpts;
}; description = "Definition of network to be served by local server.";
default = { };
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.dhcpd4 = { services.dhcpd4 = let network = cfg.network-definition;
in {
enable = true; enable = true;
machines = mapAttrsToList (hostname: hostOpts: { machines = mapAttrsToList (hostname: hostOpts: {
@ -105,7 +97,8 @@ in {
hostName = hostname; hostName = hostname;
ipAddress = hostOpts.ipv4-address; ipAddress = hostOpts.ipv4-address;
}) (filterAttrs (host: hostOpts: }) (filterAttrs (host: hostOpts:
hostOpts.mac-address != null && hostOpts.ipv4-address != null) hosts); hostOpts.mac-address != null && hostOpts.ipv4-address != null)
network.hosts);
interfaces = cfg.dhcp-interfaces; interfaces = cfg.dhcp-interfaces;
@ -137,7 +130,7 @@ in {
file = let file = let
# We should add these...but need a domain to assign them to. # We should add these...but need a domain to assign them to.
# ip-last-el = ip: toInt (last (splitString "." ip)); # ip-last-el = ip: toInt (last (splitString "." ip));
# used-els = map (host-data: ip-last-el host-data.ip-address) hosts-data; # used-els = map (host-data: ip-last-el host-data.ipv4-address) hosts-data;
# unused-els = subtractLists used-els (map toString (range 1 255)); # unused-els = subtractLists used-els (map toString (range 1 255));
in pkgs.writeText "db.${block}-zone" '' in pkgs.writeText "db.${block}-zone" ''
@ -160,22 +153,31 @@ in {
ipToBlock = ip: ipToBlock = ip:
concatStringsSep "." (reverseList (take 3 (splitString "." ip))); concatStringsSep "." (reverseList (take 3 (splitString "." ip)));
compactHosts = compactHosts =
mapAttrsToList (host: data: data // { host = host; }) hosts; mapAttrsToList (host: data: data // { host = host; }) network.hosts;
hostsByBlock = hostsByBlock =
groupBy (host-data: ipToBlock host-data.ip-address) compactHosts; groupBy (host-data: ipToBlock host-data.ipv4-address) compactHosts;
hostPtrRecord = host-data: hostPtrRecord = host-data:
"${ "${
last (splitString "." host-data.ip-address) last (splitString "." host-data.ipv4-address)
} IN PTR ${host-data.host}.${cfg.domain}."; } IN PTR ${host-data.host}.${cfg.domain}.";
blockZones = mapAttrsToList blockHostsToZone hostsByBlock; blockZones = mapAttrsToList blockHostsToZone hostsByBlock;
hostARecord = host: data: "${host} IN A ${data.ip-address}"; hostARecord = host: data: "${host} IN A ${data.ipv4-address}";
hostSshFpRecords = host: data: hostSshFpRecords = host: data:
join-lines let
(map (sshfp: "${host} IN SSHFP ${sshfp}") data.ssh-fingerprints); ssh-fingerprints = if (hasAttr host known-hosts) then
known-hosts.${host}.ssh-fingerprints
else
[ ];
in join-lines
(map (sshfp: "${host} IN SSHFP ${sshfp}") ssh-fingerprints);
cnameRecord = alias: host: "${alias} IN CNAME ${host}"; cnameRecord = alias: host: "${alias} IN CNAME ${host}";
network = cfg.network-definition;
known-hosts = config.fudo.hosts;
in { in {
enable = true; enable = true;
cacheNetworks = [ cfg.network "localhost" "localnets" ]; cacheNetworks = [ cfg.network "localhost" "localnets" ];
@ -207,12 +209,17 @@ in {
$TTL 30m $TTL 30m
ns1 IN A ${cfg.server-ip} ${optionalString (network.gssapi-realm != null)
${join-lines (mapAttrsToList hostARecord cfg.hosts)} ''_kerberos IN TXT "${network.gssapi-realm}"''}
${join-lines (mapAttrsToList hostSshFpRecords cfg.hosts)}
${join-lines (mapAttrsToList cnameRecord cfg.aliases)} ${join-lines
${join-lines cfg.extra-dns-records} (imap1 (i: server-ip: "ns${toString i} IN A ${server-ip}")
${dns.srvRecordsToBindZone cfg.srv-records} cfg.dns-servers)}
${join-lines (mapAttrsToList hostARecord network.hosts)}
${join-lines (mapAttrsToList hostSshFpRecords network.hosts)}
${join-lines (mapAttrsToList cnameRecord network.aliases)}
${join-lines network.verbatim-dns-records}
${dns.srvRecordsToBindZone network.srv-records}
''; '';
}] ++ blockZones; }] ++ blockZones;
}; };

13
lib/fudo/networks.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, lib, pkgs, ... }:
with lib;
with types;
let networkOpts = import ../types/network-definition.nix { inherit lib; };
in {
options.fudo.networks = mkOption {
type = attrsOf (submodule networkOpts);
description = "A map of networks to network definitions.";
default = { };
};
}

86
lib/fudo/networks/rus.selby.ca.nix Normal file
View File

@ -0,0 +1,86 @@
{ config, lib, ... }:
{
default-host = "10.0.0.1";
mx = [ "mail.fudo.org" ];
hosts = {
clunk = {
ipv4-address = "10.0.0.1";
mac-address = "02:44:d1:eb:c3:6b";
};
dns-proxy = {
ipv4-address = "10.0.0.2";
# This is just a second IP on clunk, for the pihole
};
google-wifi = {
ipv4-address = "10.0.0.11";
mac-address = "70:3a:cb:c0:3b:09";
};
pselby-work = {
ipv4-address = "10.0.0.151";
mac-address = "00:50:b6:aa:bd:b3";
};
downstairs-desktop = {
ipv4-address = "10.0.0.100";
mac-address = "90:b1:1c:8e:29:cf";
};
upstairs-desktop = {
ipv4-address = "10.0.0.101";
mac-address = "80:e8:2c:22:65:c2";
};
};
aliases = {
dns-hole = "clunk";
gateway = "clunk";
upstairs = "upstairs-desktop";
downstairs = "downstairs-desktop";
};
srv-records = {
tcp = {
domain = [{
port = 53;
host = "clunk.${local-domain}";
}];
kerberos = [{
port = 88;
host = "france.fudo.org";
}];
kerberos-adm = [{
port = 88;
host = "france.fudo.org";
}];
ssh = [{
port = 22;
host = "clunk.${local-domain}";
}];
};
udp = {
domain = [{
port = 53;
host = "clunk.${local-domain}";
}];
kerberos = [{
port = 88;
host = "france.fudo.org";
}];
kerboros-master = [{
port = 88;
host = "france.fudo.org";
}];
kpasswd = [{
port = 464;
host = "france.fudo.org";
}];
};
};
}

214
lib/fudo/networks/sea.fudo.org.nix Normal file
View File

@ -0,0 +1,214 @@
{ config, lib, ... }:
{
default-host = "10.0.0.1";
mx = [ "mail.fudo.org" ];
aliases = {
kadmin = "nostromo";
kdc = "nostromo";
photo = "doraemon";
music = "doraemon";
panopticon = "lambda";
panopticon-od = "lambda";
ipfs = "nostromo";
hole = "nostromo";
pihole = "nostromo";
dns-hole = "nostromo";
mon-1 = "srv-1";
};
srv-records = {
tcp = {
domain = [{
port = 53;
host = "nostromo.sea.fudo.org";
}];
kerberos = [{
port = 88;
host = "france.fudo.org";
}];
kerberos-adm = [{
port = 88;
host = "france.fudo.org";
}];
ssh = [{
port = 22;
host = "nostromo.sea.fudo.org";
}];
ldap = [{
port = 389;
host = "france.fudo.org";
}];
};
udp = {
domain = [{
port = 53;
host = "nostromo.sea.fudo.org";
}];
kerberos = [{
port = 88;
host = "france.fudo.org";
}];
kerboros-master = [{
port = 88;
host = "france.fudo.org";
}];
kpasswd = [{
port = 464;
host = "france.fudo.org";
}];
};
};
hosts = {
nostromo = {
ip-address = "10.0.0.1";
mac-address = "46:54:76:06:f1:10";
};
lm = {
ip-address = "10.0.0.2";
mac-address = "00:23:7d:e6:d9:ea";
};
lambda = {
ip-address = "10.0.0.3";
mac-address = "02:50:f6:52:9f:9d";
};
switch-master = {
ip-address = "10.0.0.5";
mac-address = "00:14:1C:B6:BB:40";
};
google-wifi = {
ip-address = "10.0.0.7";
mac-address = "7C:D9:5C:9F:6F:E9";
};
cam-entrance = {
ip-address = "10.0.0.31";
mac-address = "9c:8e:cd:0e:99:7b";
};
cam-driveway = {
ip-address = "10.0.0.32";
mac-address = "9c:8e:cd:0d:3b:09";
};
cam-deck = {
ip-address = "10.0.0.33";
mac-address = "9c:8e:cd:0e:98:c8";
};
cargo = {
ip-address = "10.0.0.50";
mac-address = "00:11:32:75:d8:b7";
};
whitedwarf = {
ip-address = "10.0.0.51";
mac-address = "00:11:32:12:14:1d";
};
doraemon = {
ip-address = "10.0.0.52";
mac-address = "00:11:32:0a:06:c5";
};
android = {
ip-address = "10.0.0.81";
mac-address = "00:16:3e:43:39:fc";
};
retro-wired = {
ip-address = "10.0.0.82";
mac-address = "dc:a6:32:6b:57:43";
};
retro = {
ip-address = "10.0.0.83";
mac-address = "dc:a6:32:6b:57:45";
};
monolith = {
ip-address = "10.0.0.100";
mac-address = "6c:62:6d:c8:b0:d8";
};
taipan = {
ip-address = "10.0.0.107";
mac-address = "52:54:00:34:c4:78";
};
spark = {
ip-address = "10.0.0.108";
mac-address = "78:24:af:04:f7:dd";
};
hyperion = {
ip-address = "10.0.0.109";
mac-address = "52:54:00:33:46:de";
};
zbox = {
ip-address = "10.0.0.110";
mac-address = "02:dd:80:52:83:9b";
};
ubiquiti-wifi = {
ip-address = "10.0.0.126";
mac-address = "04:18:d6:20:48:fb";
};
generator-wireless = {
ip-address = "10.0.0.130";
mac-address = "B8:27:EB:A6:32:26";
};
brother-wireless = {
ip-address = "10.0.0.160";
mac-address = "c0:38:96:64:49:65";
};
nest = {
ip-address = "10.0.0.176";
mac-address = "18:b4:30:16:7c:5a";
};
xixi-phone = {
ip-address = "10.0.0.193";
mac-address = "48:43:7c:75:89:42";
};
ipad = {
ip-address = "10.0.0.202";
mac-address = "9c:35:eb:48:6e:71";
};
cam-front = {
ip-address = "10.0.0.203";
mac-address = "c4:d6:55:3e:b4:c3";
};
family-tv = {
ip-address = "10.0.0.205";
mac-address = "84:a4:66:3a:b1:f8";
};
babycam = {
ip-address = "10.0.0.206";
mac-address = "08:ea:40:59:5f:9e";
};
workphone = {
ip-address = "10.0.0.211";
mac-address = "a8:8e:24:5c:12:67";
};
chromecast-2 = {
ip-address = "10.0.0.215";
mac-address = "a4:77:33:59:a2:ba";
};
front-light = {
ip-address = "10.0.0.221";
mac-address = "94:10:3e:48:94:ed";
};
# Ceph network
srv-1 = {
ip-address = "10.0.10.1";
mac-address = "02:65:d7:00:7d:1b";
};
node-1 = {
ip-address = "10.0.10.101";
mac-address = "00:1e:06:36:81:cf";
};
node-2 = {
ip-address = "10.0.10.102";
mac-address = "00:1e:06:36:ec:3e";
};
node-3 = {
ip-address = "10.0.10.103";
mac-address = "00:1e:06:36:ec:4b";
};
node-4 = {
ip-address = "10.0.10.104";
mac-address = "00:1e:06:36:dd:8c";
};
};
}

43
lib/types/network-definition.nix
View File

@ -7,6 +7,7 @@ let
service = { service = {
type = str; type = str;
description = "Service name of SRV record."; description = "Service name of SRV record.";
default = service;
}; };
priority = mkOption { priority = mkOption {
@ -15,6 +16,13 @@ let
default = 0; default = 0;
}; };
weight = mkOption {
type = int;
description =
"Weight to give this record, among records of equivalent priority.";
default = 5;
};
port = mkOption { port = mkOption {
type = port; type = port;
description = "Port for service on this host."; description = "Port for service on this host.";
@ -29,7 +37,7 @@ let
}; };
}; };
hostOpts = { hostname, ... }: { networkHostOpts = { hostname, ... }: {
options = with types; { options = with types; {
hostname = mkOption { hostname = mkOption {
type = str; type = str;
@ -40,22 +48,18 @@ let
ipv4-address = mkOption { ipv4-address = mkOption {
type = nullOr str; type = nullOr str;
description = '' description = "The V4 IP of a given host, if any.";
The V4 IP of a given host, if any.
'';
default = null; default = null;
}; };
ipv6-address = mkOption { ipv6-address = mkOption {
type = nullOr str; type = nullOr str;
description = '' description = "The V6 IP of a given host, if any.";
The V6 IP of a given host, if any.
'';
default = null; default = null;
}; };
mac-address = mkOption { mac-address = mkOption {
type = with types; nullOr types.str; type = nullOr types.str;
description = description =
"The MAC address of a given host, if desired for IP reservation."; "The MAC address of a given host, if desired for IP reservation.";
default = null; default = null;
@ -65,16 +69,22 @@ let
in { in {
options = with types; { options = with types; {
hosts = { hosts = mkOption {
type = attrsOf networkHostOpts; type = attrsOf (submodule networkHostOpts);
description = "Hosts on the local network, with relevant settings."; description = "Hosts on the local network, with relevant settings.";
example = {
my-host = {
ipv4-address = "192.168.0.1";
mac-address = "aa:aa:aa:aa:aa";
};
};
default = { }; default = { };
}; };
srv-records = { srv-records = mkOption {
type = attrsOf (attrsOf (listOf (submodule protocolSrvRecords))); type = attrsOf (attrsOf (listOf (submodule srvRecordOpts)));
description = "SRV records for the network."; description = "SRV records for the network.";
default = { example = {
tcp = { tcp = {
kerberos = { kerberos = {
port = 88; port = 88;
@ -82,6 +92,7 @@ in {
}; };
}; };
}; };
default = { };
}; };
aliases = mkOption { aliases = mkOption {
@ -121,5 +132,11 @@ in {
description = "A list of mail servers serving this domain."; description = "A list of mail servers serving this domain.";
default = [ ]; default = [ ];
}; };
gssapi-realm = mkOption {
type = nullOr str;
description = "Kerberos GSSAPI realm of the network.";
default = null;
};
}; };
} }