Fixed sea-store:/export/projects, removed unnecesary submodules

This commit is contained in:
niten 2021-10-29 11:40:43 -07:00
parent 08766dfeb6
commit 79b05be7d3
11 changed files with 66 additions and 165 deletions

6
.gitmodules vendored
View File

@ -1,6 +0,0 @@
[submodule "fudo-pkgs"]
path = fudo-pkgs
url = https://git.fudo.org/fudo-public/fudo-pkgs.git
[submodule "nix-home"]
path = nix-home
url = https://git.fudo.org/niten/nix-home.git

View File

@ -31,7 +31,7 @@ in {
exportList = [
"/export/documents 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=10,sec=krb5p)"
"/export/downloads 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=11,sec=krb5i)"
"/export/projects 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=11,sec=krb5p)"
"/export/projects 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=12,sec=krb5p)"
];
in ''
${concatStringsSep "\n" exportList}

@ -1 +0,0 @@
Subproject commit 3304caa8ee5891d05320375b5dc825871e53172d

View File

@ -1,35 +1,34 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, ... } @ toplevel:
with lib;
let
localCopyOpts = { copy, ... }: let
in {
options = with types; {
inherit domain;
user = mkOption {
type = str;
description = "User to which this copy belongs.";
};
# localCopyOpts = { copy, ... }: let
# in {
# options = with types; {
# user = mkOption {
# type = str;
# description = "User to which this copy belongs.";
# };
group = mkOption {
type = nullOr str;
description = "Group to which this copy belongs.";
default = null;
};
# group = mkOption {
# type = nullOr str;
# description = "Group to which this copy belongs.";
# default = null;
# };
path = mkOption {
type = str;
description = "Path at which to store the local copy.";
#default = "/var/run/${toplevel.config.domain}/${copy}";
};
# path = mkOption {
# type = str;
# description = "Path at which to store the local copy.";
# #default = "/var/run/${toplevel.config.domain}/${copy}";
# };
service = mkOption {
type = str;
description = "systemd job to copy certs.";
default = "fudo-${toplevel.config.domain}-${copy}-certs.service";
};
};
};
# service = mkOption {
# type = str;
# description = "systemd job to copy certs.";
# default = "fudo-${toplevel.config.domain}-${copy}-certs.service";
# };
# };
# };
domainOpts = { domain, ... }: {
options = with types; {
@ -44,6 +43,39 @@ let
description = "List of domains to add to this certificate.";
default = [];
};
local-copies = let
localCopyOpts = { copy, ... }: {
options = with types; {
user = mkOption {
type = str;
description = "User to which this copy belongs.";
};
group = mkOption {
type = nullOr str;
description = "Group to which this copy belongs.";
default = null;
};
path = mkOption {
type = str;
description = "Path at which to store the local copy.";
default = "/var/run/${domain}/${copy}";
};
service = mkOption {
type = str;
description = "systemd job to copy certs.";
default = "fudo-${domain}-${copy}-certs.service";
};
};
};
in mkOption {
type = attrsOf (submodule localCopyOpts);
description = "Map of copies to make for use by services.";
default = {};
};
};
};

View File

@ -19,8 +19,6 @@ let
};
};
site-copy = site: "ejabberd-${site}";
concatMapAttrs = f: attrs:
foldr (a: b: a // b) {} (mapAttrs f attrs);
@ -30,7 +28,7 @@ let
host-domains = config.fudo.acme.host-domains.${hostname};
siteCerts = site: let
certPath = config.fudo.acme.local-copies.${site-copy site}.path;
certPath = host-domains.${site}.local-copies.ejabberd.path;
in [
"${certPath}/fullchain.pem"
"${certPath}/privkey.pem"
@ -38,7 +36,7 @@ let
];
siteCertService = site:
config.fudo.acme.local-copies.${site-copy site}.service;
host-domains.${site}.local-copies.ejabberd.service;
config-file-template = let
jabber-config = {
@ -158,13 +156,13 @@ in {
};
};
fudo.acme.local-copies = mapAttrs' (site: siteCfg:
nameValuePair (site-copy site)
mkif siteCfg.enableACME {
domain = site;
fudo.acme.host-domains.${hostname} = mapAttrs (site: siteCfg:
mkIf siteCfg.enableACME {
local-copies.ejabberd = {
user = cfg.user;
group = cfg.group;
}) cfg.sites;
};
}) cfg.sites;
systemd = {
tmpfiles.rules = [

@ -1 +0,0 @@
Subproject commit d40a3ae2c6790afbea81a921b15f465ee63b66d7

View File

@ -1,30 +0,0 @@
let
pkgs = import <nixpkgs> {
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
};
overlays = [
(import ../fudo-pkgs/overlay.nix)
];
};
home-manager-module = import <home-manager/nixos>;
hostlib = import ./lib/hosts.nix {
inherit pkgs home-manager-module;
};
define-host = hostlib.host-config;
in {
network = {
description = "Informis network";
enableRollback = true;
};
procul = define-host "172.86.179.18" "procul";
}

View File

@ -1,17 +0,0 @@
{ pkgs, home-manager-module, ... }:
let
initialize = import ../../initialize.nix;
host-config = ip: hostname:
{ ... }: {
imports = [
(initialize {
inherit hostname home-manager-module pkgs;
})
];
deployment.targetHost = ip;
};
in { host-config = host-config; }

View File

@ -1,18 +0,0 @@
{
description = "sea.fudo.org nixops flake";
inputs = { nixpgks = "nixpkgs:nixos-21.05"; };
outputs = { nixpkgs, ... }:
let
domain = "sea.fudo.org";
system-pkgs = system: import nixpkgs { inherit system; };
in {
nixopsConfigurations.${domain} = {
inherit nixpkgs;
network.description = "${domain} network";
defaults.nixpkgs.pkgs = system-pkgs "x86_64-linux";
defaults._module.args = { inherit domain; };
};
};
}

View File

@ -1,16 +0,0 @@
let
nixos-version = "20.09";
hosts = import ./lib/hosts.nix { inherit nixos-version; };
russell-host = ip: hostname: profile:
let
site = "russell";
domain = "rus.selby.ca";
in hosts.host-config ip { inherit hostname profile domain site; };
in {
network.description = "Russell home network.";
clunk = russell-host "10.0.0.1" "clunk" "server";
plato = russell-host "10.0.0.102" "plato" "server";
}

View File

@ -1,40 +0,0 @@
let
# fudo-pkgs = builtins.fetchGit {
# url = "https://git.fudo.org/fudo-public/fudo-pkgs.git";
# };
pkgs = import <nixpkgs> {
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
};
overlays = [
(import ../fudo-pkgs/overlay.nix)
];
};
home-manager-module = import <home-manager/nixos>;
hostlib = import ./lib/hosts.nix {
inherit pkgs home-manager-module;
};
define-host = hostlib.host-config;
in {
network = {
description = "Seattle home network.";
enableRollback = true;
};
lambda = define-host "10.0.0.11" "lambda";
limina = define-host "10.0.0.1" "limina";
nostromo = define-host "10.0.0.10" "nostromo";
plato = define-host "10.0.0.21" "plato";
socrates = define-host "10.0.0.20" "socrates";
spark = define-host "10.0.0.108" "spark";
system3 = define-host "10.0.0.111" "system3";
zbox = define-host "10.0.0.110" "zbox";
}