nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed sea-store:/export/projects, removed unnecesary submodules

This commit is contained in:
niten 2021-10-29 11:40:43 -07:00
parent 08766dfeb6
commit 79b05be7d3
11 changed files with 66 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitmodules vendored
View File

@ -1,6 +0,0 @@
[submodule "fudo-pkgs"]
path = fudo-pkgs
url = https://git.fudo.org/fudo-public/fudo-pkgs.git
[submodule "nix-home"]
path = nix-home
url = https://git.fudo.org/niten/nix-home.git

2
config/host-config/nostromo.nix
View File

@ -31,7 +31,7 @@ in {
exportList = [ exportList = [
"/export/documents 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=10,sec=krb5p)" "/export/documents 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=10,sec=krb5p)"
"/export/downloads 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=11,sec=krb5i)" "/export/downloads 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=11,sec=krb5i)"
"/export/projects 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=11,sec=krb5p)" "/export/projects 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=12,sec=krb5p)"
]; ];
in '' in ''
${concatStringsSep "\n" exportList} ${concatStringsSep "\n" exportList}

1
fudo-pkgs

@ -1 +0,0 @@
Subproject commit 3304caa8ee5891d05320375b5dc825871e53172d

84
lib/fudo/acme-certs.nix
View File

@ -1,35 +1,34 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... } @ toplevel:
with lib; with lib;
let let
localCopyOpts = { copy, ... }: let # localCopyOpts = { copy, ... }: let
in { # in {
options = with types; { # options = with types; {
inherit domain; # user = mkOption {
user = mkOption { # type = str;
type = str; # description = "User to which this copy belongs.";
description = "User to which this copy belongs."; # };
};
group = mkOption { # group = mkOption {
type = nullOr str; # type = nullOr str;
description = "Group to which this copy belongs."; # description = "Group to which this copy belongs.";
default = null; # default = null;
}; # };
path = mkOption { # path = mkOption {
type = str; # type = str;
description = "Path at which to store the local copy."; # description = "Path at which to store the local copy.";
#default = "/var/run/${toplevel.config.domain}/${copy}"; # #default = "/var/run/${toplevel.config.domain}/${copy}";
}; # };
service = mkOption { # service = mkOption {
type = str; # type = str;
description = "systemd job to copy certs."; # description = "systemd job to copy certs.";
default = "fudo-${toplevel.config.domain}-${copy}-certs.service"; # default = "fudo-${toplevel.config.domain}-${copy}-certs.service";
}; # };
}; # };
}; # };
domainOpts = { domain, ... }: { domainOpts = { domain, ... }: {
options = with types; { options = with types; {
@ -44,6 +43,39 @@ let
description = "List of domains to add to this certificate."; description = "List of domains to add to this certificate.";
default = []; default = [];
}; };
local-copies = let
localCopyOpts = { copy, ... }: {
options = with types; {
user = mkOption {
type = str;
description = "User to which this copy belongs.";
};
group = mkOption {
type = nullOr str;
description = "Group to which this copy belongs.";
default = null;
};
path = mkOption {
type = str;
description = "Path at which to store the local copy.";
default = "/var/run/${domain}/${copy}";
};
service = mkOption {
type = str;
description = "systemd job to copy certs.";
default = "fudo-${domain}-${copy}-certs.service";
};
};
};
in mkOption {
type = attrsOf (submodule localCopyOpts);
description = "Map of copies to make for use by services.";
default = {};
};
}; };
}; };

16
lib/fudo/jabber.nix
View File

@ -19,8 +19,6 @@ let
}; };
}; };
site-copy = site: "ejabberd-${site}";
concatMapAttrs = f: attrs: concatMapAttrs = f: attrs:
foldr (a: b: a // b) {} (mapAttrs f attrs); foldr (a: b: a // b) {} (mapAttrs f attrs);
@ -30,7 +28,7 @@ let
host-domains = config.fudo.acme.host-domains.${hostname}; host-domains = config.fudo.acme.host-domains.${hostname};
siteCerts = site: let siteCerts = site: let
certPath = config.fudo.acme.local-copies.${site-copy site}.path; certPath = host-domains.${site}.local-copies.ejabberd.path;
in [ in [
"${certPath}/fullchain.pem" "${certPath}/fullchain.pem"
"${certPath}/privkey.pem" "${certPath}/privkey.pem"
@ -38,7 +36,7 @@ let
]; ];
siteCertService = site: siteCertService = site:
config.fudo.acme.local-copies.${site-copy site}.service; host-domains.${site}.local-copies.ejabberd.service;
config-file-template = let config-file-template = let
jabber-config = { jabber-config = {
@ -158,13 +156,13 @@ in {
}; };
}; };
fudo.acme.local-copies = mapAttrs' (site: siteCfg: fudo.acme.host-domains.${hostname} = mapAttrs (site: siteCfg:
nameValuePair (site-copy site) mkIf siteCfg.enableACME {
mkif siteCfg.enableACME { local-copies.ejabberd = {
domain = site;
user = cfg.user; user = cfg.user;
group = cfg.group; group = cfg.group;
}) cfg.sites; };
}) cfg.sites;
systemd = { systemd = {
tmpfiles.rules = [ tmpfiles.rules = [

1
nix-home

@ -1 +0,0 @@
Subproject commit d40a3ae2c6790afbea81a921b15f465ee63b66d7

30
nixops/informis.nix
View File

@ -1,30 +0,0 @@
let
pkgs = import <nixpkgs> {
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
};
overlays = [
(import ../fudo-pkgs/overlay.nix)
];
};
home-manager-module = import <home-manager/nixos>;
hostlib = import ./lib/hosts.nix {
inherit pkgs home-manager-module;
};
define-host = hostlib.host-config;
in {
network = {
description = "Informis network";
enableRollback = true;
};
procul = define-host "172.86.179.18" "procul";
}

17
nixops/lib/hosts.nix
View File

@ -1,17 +0,0 @@
{ pkgs, home-manager-module, ... }:
let
initialize = import ../../initialize.nix;
host-config = ip: hostname:
{ ... }: {
imports = [
(initialize {
inherit hostname home-manager-module pkgs;
})
];
deployment.targetHost = ip;
};
in { host-config = host-config; }

18
nixops/networks/sea.fudo.org.nix
View File

@ -1,18 +0,0 @@
{
description = "sea.fudo.org nixops flake";
inputs = { nixpgks = "nixpkgs:nixos-21.05"; };
outputs = { nixpkgs, ... }:
let
domain = "sea.fudo.org";
system-pkgs = system: import nixpkgs { inherit system; };
in {
nixopsConfigurations.${domain} = {
inherit nixpkgs;
network.description = "${domain} network";
defaults.nixpkgs.pkgs = system-pkgs "x86_64-linux";
defaults._module.args = { inherit domain; };
};
};
}

16
nixops/russell.nix
View File

@ -1,16 +0,0 @@
let
nixos-version = "20.09";
hosts = import ./lib/hosts.nix { inherit nixos-version; };
russell-host = ip: hostname: profile:
let
site = "russell";
domain = "rus.selby.ca";
in hosts.host-config ip { inherit hostname profile domain site; };
in {
network.description = "Russell home network.";
clunk = russell-host "10.0.0.1" "clunk" "server";
plato = russell-host "10.0.0.102" "plato" "server";
}

40
nixops/seattle.nix
View File

@ -1,40 +0,0 @@
let
# fudo-pkgs = builtins.fetchGit {
# url = "https://git.fudo.org/fudo-public/fudo-pkgs.git";
# };
pkgs = import <nixpkgs> {
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
};
overlays = [
(import ../fudo-pkgs/overlay.nix)
];
};
home-manager-module = import <home-manager/nixos>;
hostlib = import ./lib/hosts.nix {
inherit pkgs home-manager-module;
};
define-host = hostlib.host-config;
in {
network = {
description = "Seattle home network.";
enableRollback = true;
};
lambda = define-host "10.0.0.11" "lambda";
limina = define-host "10.0.0.1" "limina";
nostromo = define-host "10.0.0.10" "nostromo";
plato = define-host "10.0.0.21" "plato";
socrates = define-host "10.0.0.20" "socrates";
spark = define-host "10.0.0.108" "spark";
system3 = define-host "10.0.0.111" "system3";
zbox = define-host "10.0.0.110" "zbox";
}