nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Working again having folded in france's changes.

This commit is contained in:
root 2020-06-07 14:32:19 -07:00
parent 9eb6609c7a
commit f62239b7a1
6 changed files with 430 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/fudo/common.nix
View File

@ -16,7 +16,7 @@ with lib;
domain = mkOption { domain = mkOption {
type = types.str; type = types.str;
description = '' description = ''
Domain of the Domain of the local network.
''; '';
}; };

276
config/fudo/local-network.nix
View File

@ -1,96 +1,276 @@
# UNFINISHED!
#
# The plan is to bootstrap a local network config: DNS, DHCP, etc.
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
with lib; with lib;
let let
hostOpts = { config, ... }: { cfg = config.fudo.local-network;
options = {
ipv6Address = mkOption {
type = types.str;
description = ''
The V6 IP of a given host, if any.
'';
};
ipv4Address = mkOption { join-lines = concatStringsSep "\n";
ip = import ../../lib/ip.nix { lib = lib; };
hostOpts = { hostname, ... }: {
options = {
ip-address = mkOption {
type = types.str; type = types.str;
description = '' description = ''
The V4 IP of a given host, if any. The V4 IP of a given host, if any.
''; '';
}; };
macAddress = mkOption { mac-address = mkOption {
type = types.str; type = types.str;
description = '' description = ''
The MAC address of a given host, if desired for IP reservation. The MAC address of a given host, if desired for IP reservation.
''; '';
}; };
ssh-fingerprints = mkOption {
type = with types; listOf str;
description = "A list of DNS SSHFP records for this host.";
default = [];
};
}; };
}; };
localNameServerOpts = { config, ... }: { traceout = out: builtins.trace out out;
srvRecordOpts = with types; {
options = { options = {
ipv6Address = mkOption { weight = mkOption {
type = types.str; type = int;
description = '' description = "Weight relative to other records.";
The V6 IP of this nameserver, if any. default = 1;
'';
}; };
ipv4Address = mkOption { priority = mkOption {
type = types.str; type = int;
description = '' description = "Priority to give this record.";
The V4 IP of this nameserver, if any. default = 0;
'';
}; };
ipv4ReverseDomain = mkOption { port = mkOption {
type = types.str; type = port;
description = '' description = "Port to use when connecting.";
The domain of the IPv4 address range for which this nameserver is responsible. };
Eg: 0.10.in-addr.arpa host = mkOption {
''; type = str;
description = "Host to contact for this service.";
example = "my-host.my-domain.com.";
}; };
}; };
}; };
in { in {
options = { options.fudo.local-network = {
fudo.localNetwork.hosts = mkOption { enable = mkEnableOption "Enable local network configuration (DHCP & DNS).";
type = types.listOf (submodule hostOpts);
hosts = mkOption {
type = with types; loaOf (submodule hostOpts);
default = {}; default = {};
description = '' description = "A map of hostname => { host_attributes }.";
A map of hostname => { host_attributes }.
'';
}; };
fudo.localNetwork.domain = mkOption { domain = mkOption {
type = types.str;
description = "The domain to use for the local network.";
};
dns-servers = mkOption {
type = with types; listOf str;
description = "A list of domain name server to use for the local network.";
};
dhcp-interfaces = mkOption {
type = with types; listOf str;
description = "A list of interfaces on which to serve DHCP.";
};
dns-serve-ips = mkOption {
type = with types; listOf str;
description = "A list of IPs on which to server DNS queries.";
};
gateway = mkOption {
type = types.str;
description = "The gateway to use for the local network.";
};
aliases = mkOption {
type = with types; loaOf str;
default = {};
description = "A mapping of host-alias => hostname to use on the local network.";
};
network = mkOption {
type = types.str;
description = "Network to treat as local.";
};
enable-reverse-mappings = mkOption {
type = types.bool;
description = "Genereate PTR reverse lookup records.";
default = false;
};
dhcp-dynamic-network = mkOption {
type = types.str; type = types.str;
description = '' description = ''
The domain to use for the local network. The network from which to dynamically allocate IPs via DHCP.
Must be a subnet of <network>.
''; '';
}; };
fudo.localNetwork.hostAliases = mkOption { recursive-resolver = mkOption {
type = types.attrsOf types.str; type = types.str;
description = "DNS nameserver to use for recursive resolution.";
};
server-ip = mkOption {
type = types.str;
description = "IP of the DNS server.";
};
extra-dns-records = mkOption {
type = with types; listOf str;
description = "Records to be inserted verbatim into the DNS zone.";
example = ["some-host IN CNAME other-host"];
default = [];
};
srv-records = mkOption {
type = with types; attrsOf (attrsOf (listOf (submodule srvRecordOpts)));
description = "Map of traffic type to srv records.";
default = {}; default = {};
description = '' example = {
A mapping of hostAlias => hostName to use on the local network. tcp = {
kerberos = {
port = 88;
host = "auth-host.my-domain.com";
};
};
};
};
search-domains = mkOption {
type = with types; listOf str;
description = "A list of domains to search for DNS names.";
example = ["my-domain.com" "other-domain.com"];
default = [];
};
# TODO: srv records
};
config = mkIf cfg.enable {
services.dhcpd4 = {
enable = true;
machines = mapAttrsToList (hostname: hostOpts: {
ethernetAddress = hostOpts.mac-address;
hostName = hostname;
ipAddress = hostOpts.ip-address;
}) cfg.hosts;
interfaces = cfg.dhcp-interfaces;
extraConfig = ''
subnet ${ip.getNetworkBase cfg.network} netmask ${ip.maskFromV32Network cfg.network} {
authoritative;
option subnet-mask ${ip.maskFromV32Network cfg.network};
option broadcast-address ${ip.networkMaxIp cfg.network};
option routers ${cfg.gateway};
option domain-name-servers ${concatStringsSep " " cfg.dns-servers};
option domain-name "${cfg.domain}";
option domain-search ${join-lines (map (dom: "\"${dom}\"") ([cfg.domain] ++ cfg.search-domains))};
range ${ip.networkMinIp cfg.dhcp-dynamic-network} ${ip.networkMaxButOneIp cfg.dhcp-dynamic-network};
}
''; '';
}; };
fudo.localNetwork.localNameServer = mkOption { services.bind = let
type = (submodule localNameServerOpts); blockHostsToZone = block: hosts-data: {
description = '' master = true;
The master nameserver of the local network. name = "${block}.in-addr.arpa";
''; file = let
# We should add these...but need a domain to assign them to.
# ip-last-el = ip: toInt (last (splitString "." ip));
# used-els = map (host-data: ip-last-el host-data.ip-address) hosts-data;
# unused-els = subtractLists used-els (map toString (range 1 255));
in pkgs.writeText "db.${block}-zone" ''
$ORIGIN ${block}.in-addr.arpa.
$TTL 1h
@ IN SOA ns1.${cfg.domain}. hostmaster.${cfg.domain}. (
${toString builtins.currentTime}
1800
900
604800
1800)
@ IN NS ns1.${cfg.domain}.
${join-lines (map hostPtrRecord hosts-data)}
'';
};
ipToBlock = ip: concatStringsSep "." (reverseList (take 3 (splitString "." ip)));
compactHosts = mapAttrsToList (host: data: data // { host = host; }) cfg.hosts;
hostsByBlock = groupBy (host-data: ipToBlock host-data.ip-address) compactHosts;
hostPtrRecord = host-data:
"${last (splitString "." host-data.ip-address)} IN PTR ${host-data.host}.${cfg.domain}.";
blockZones = mapAttrsToList blockHostsToZone hostsByBlock;
hostARecord = host: data: "${host} IN A ${data.ip-address}";
hostSshFpRecords = host: data: join-lines (map (sshfp: "${host} IN SSHFP ${sshfp}") data.ssh-fingerprints);
cnameRecord = alias: host: "${alias} IN CNAME ${host}";
makeSrvRecords = protocol: type: records:
join-lines (map (record: "_${type}._${protocol} IN SRV ${toString record.priority} ${toString record.weight} ${toString record.port} ${record.host}.")
records);
makeSrvProtocolRecords = protocol: types: join-lines (mapAttrsToList (makeSrvRecords protocol) types);
in {
enable = true;
cacheNetworks = [ cfg.network "localhost" "localnets" ];
forwarders = [ cfg.recursive-resolver ];
listenOn = cfg.dns-serve-ips;
zones = [
{
master = true;
name = cfg.domain;
file = pkgs.writeText "${cfg.domain}-zone" ''
@ IN SOA ns1.${cfg.domain}. hostmaster.${cfg.domain}. (
${toString builtins.currentTime}
5m
2m
6w
5m)
$TTL 1h
@ IN NS ns1.${cfg.domain}.
$ORIGIN ${cfg.domain}.
$TTL 30m
ns1 IN A ${cfg.server-ip}
${join-lines (mapAttrsToList hostARecord cfg.hosts)}
${join-lines (mapAttrsToList hostSshFpRecords cfg.hosts)}
${join-lines (mapAttrsToList cnameRecord cfg.aliases)}
${join-lines cfg.extra-dns-records}
${join-lines (mapAttrsToList makeSrvProtocolRecords cfg.srv-records)}
'';
}
] ++ blockZones;
}; };
}; };
} }

1
config/local.nix
View File

@ -11,6 +11,7 @@ with lib;
./fudo/grafana.nix ./fudo/grafana.nix
./fudo/kdc.nix ./fudo/kdc.nix
./fudo/ldap.nix ./fudo/ldap.nix
./fudo/local-network.nix
./fudo/mail.nix ./fudo/mail.nix
./fudo/mail-container.nix ./fudo/mail-container.nix
./fudo/minecraft-server.nix ./fudo/minecraft-server.nix

2
fudo/profiles/desktop.nix
View File

@ -72,6 +72,8 @@ with lib;
# Splash screen # Splash screen
boot.plymouth.enable = true; boot.plymouth.enable = true;
networking.networkmanager.enable = mkForce false;
services.avahi = { services.avahi = {
enable = true; enable = true;
browseDomains = [config.fudo.common.domain]; browseDomains = [config.fudo.common.domain];

304
fudo/sites/seattle.nix
View File

@ -6,12 +6,20 @@ let
local-domain = "sea.fudo.org"; local-domain = "sea.fudo.org";
gateway = "10.0.0.1";
nameservers = ["10.0.0.1"];
in { in {
config = mkIf (config.fudo.common.site == "seattle") { config = mkIf (config.fudo.common.site == "seattle") {
time.timeZone = "America/Los_Angeles"; time.timeZone = "America/Los_Angeles";
services.printing = {
enable = true;
};
services.cron = { services.cron = {
mailto = admin; mailto = admin;
}; };
@ -20,7 +28,9 @@ in {
domain = local-domain; domain = local-domain;
search = [local-domain "fudo.org"]; search = [local-domain "fudo.org"];
firewall.enable = false; firewall.enable = false;
networkmanager.enable = pkgs.lib.mkForce false; nameservers = nameservers;
defaultGateway = gateway;
# Until Comcast gets it's shit together... :( # Until Comcast gets it's shit together... :(
enableIPv6 = false; enableIPv6 = false;
@ -84,118 +94,190 @@ in {
fsType = "nfs4"; fsType = "nfs4";
}; };
# Should use this eventually... fudo.common.domain = "sea.fudo.org";
# fudo.localNetwork = {
# masterNameServer = {
# ip = "10.0.0.1";
# ipReverseDomain = "0.10.in-addr.arpa";
# };
# domain = "${local-domain}"; fudo.local-network = {
# hostAliases = { domain = "${local-domain}";
# kadmin = "slab";
# kdc = "slab";
# photo = "doraemon";
# music = "doraemon";
# panopticon = "hyperion";
# hole = "dnshole";
# ipfs = "nostromo";
# };
# hosts = { aliases = {
# slab = { kadmin = "slab";
# ipv4Address = "10.0.0.1"; kdc = "slab";
# }; photo = "doraemon";
# volsung = { music = "doraemon";
# ipv4Address = "10.0.0.106"; panopticon = "hyperion";
# macAddress = "ac:bc:32:7b:75:a5"; hole = "dnshole";
# }; ipfs = "nostromo";
# nest = { };
# ipv4Address = "10.0.0.176";
# macAddress = "18:b4:30:16:7c:5a"; network = "10.0.0.0/16";
# };
# monolith = { dhcp-dynamic-network = "10.0.1.0/24";
# ipv4Address = "10.0.0.100";
# macAddress = "6c:62:6d:c8:b0:d8"; enable-reverse-mappings = true;
# };
# brother-wireless = { srv-records = {
# ipv4Address = "10.0.0.160"; tcp = {
# macAddress = "c0:38:96:64:49:65"; domain = [{
# }; port = 53;
# doraemon = { host = "nostromo.sea.fudo.org";
# ipv4Address = "10.0.0.52"; }];
# macAddress = "00:11:32:0a:06:c5"; kerberos = [{
# }; port = 88;
# lm = { host = "france.fudo.org";
# ipv4Address = "10.0.0.21"; }];
# macAddress = "52:54:00:D8:34:92"; kerberos-adm = [{
# }; port = 88;
# ubiquiti-wifi = { host = "france.fudo.org";
# ipv4Address = "10.0.0.126"; }];
# macAddress = "04:18:d6:20:48:fb"; ssh = [{
# }; port = 22;
# front-light = { host = "nostromo.sea.fudo.org";
# ipv4Address = "10.0.0.221"; }];
# macAddress = "94:10:3e:48:94:ed"; ldap = [{
# }; port = 389;
# ipad = { host = "france.fudo.org";
# ipv4Address = "10.0.0.202"; }];
# macAddress = "9c:35:eb:48:6e:71"; };
# };
# chromecast-2 = { udp = {
# ipv4Address = "10.0.0.215"; domain = [{
# macAddress = "a4:77:33:59:a2:ba"; port = 53;
# }; host = "nostromo.sea.fudo.org";
# taipan = { }];
# ipv4Address = "10.0.0.107"; kerberos = [{
# macAddress = "52:54:00:34:c4:78"; port = 88;
# }; host = "france.fudo.org";
# dns-hole = { }];
# ipv4Address = "10.0.0.185"; kerboros-master = [{
# macAddress = "b8:27:eb:b2:95:fd"; port = 88;
# }; host = "france.fudo.org";
# family-tv = { }];
# ipv4Address = "10.0.0.205"; kpasswd = [{
# macAddress = "84:a4:66:3a:b1:f8"; port = 464;
# }; host = "france.fudo.org";
# spark = { }];
# ipv4Address = "10.0.0.108"; };
# macAddress = "78:24:af:04:f7:dd"; };
# };
# babycam = { hosts = {
# ipv4Address = "10.0.0.206"; nostromo = {
# macAddress = "08:ea:40:59:5f:9e"; ip-address = "10.0.0.1";
# }; mac-address = "46:54:76:06:f1:10";
# hyperion = { };
# ipv4Address = "10.0.0.109"; lm = {
# macAddress = "52:54:00:33:46:de"; ip-address = "10.0.0.2";
# }; mac-address = "00:23:7d:e6:d9:ea";
# cargo = { };
# ipv4Address = "10.0.0.50"; # lm = {
# macAddress = "00:11:32:75:d8:b7"; # ip-address = "10.0.0.21";
# }; # mac-address = "52:54:00:D8:34:92";
# cam-entrance = { # };
# ipv4Address = "10.0.0.31"; cam-entrance = {
# macAddress = "9c:8e:cd:0e:99:7b"; ip-address = "10.0.0.31";
# }; mac-address = "9c:8e:cd:0e:99:7b";
# cam-driveway = { };
# ipv4Address = "10.0.0.32"; cam-driveway = {
# macAddress = "9c:8e:cd:0d:3b:09"; ip-address = "10.0.0.32";
# }; mac-address = "9c:8e:cd:0d:3b:09";
# cam-deck = { };
# ipv4Address = "10.0.0.33"; cam-deck = {
# macAddress = "9c:8e:cd:0e:98:c8"; ip-address = "10.0.0.33";
# }; mac-address = "9c:8e:cd:0e:98:c8";
# nostromo = { };
# ipv4Address = "10.0.0.2"; cargo = {
# macAddress = "14:fe:b5:ca:a2:c9"; ip-address = "10.0.0.50";
# }; mac-address = "00:11:32:75:d8:b7";
# zbox = { };
# ipv4Address = "10.0.0.110"; whitedwarf = {
# macAddress = "18:60:24:91:CC:27"; ip-address = "10.0.0.51";
# }; mac-address = "00:11:32:12:14:1d";
# }; };
# }; doraemon = {
ip-address = "10.0.0.52";
mac-address = "00:11:32:0a:06:c5";
};
monolith = {
ip-address = "10.0.0.100";
mac-address = "6c:62:6d:c8:b0:d8";
};
taipan = {
ip-address = "10.0.0.107";
mac-address = "52:54:00:34:c4:78";
};
spark = {
ip-address = "10.0.0.108";
mac-address = "78:24:af:04:f7:dd";
};
hyperion = {
ip-address = "10.0.0.109";
mac-address = "52:54:00:33:46:de";
};
zbox = {
ip-address = "10.0.0.110";
mac-address = "18:60:24:91:CC:27";
};
ubiquiti-wifi = {
ip-address = "10.0.0.126";
mac-address = "04:18:d6:20:48:fb";
};
brother-wireless = {
ip-address = "10.0.0.160";
mac-address = "c0:38:96:64:49:65";
};
nest = {
ip-address = "10.0.0.176";
mac-address = "18:b4:30:16:7c:5a";
};
dns-hole = {
ip-address = "10.0.0.185";
mac-address = "b8:27:eb:b2:95:fd";
};
xixi-phone = {
ip-address = "10.0.0.193";
mac-address = "48:43:7c:75:89:42";
};
ipad = {
ip-address = "10.0.0.202";
mac-address = "9c:35:eb:48:6e:71";
};
cam-front = {
ip-address = "10.0.0.203";
mac-address = "c4:d6:55:3e:b4:c3";
};
family-tv = {
ip-address = "10.0.0.205";
mac-address = "84:a4:66:3a:b1:f8";
};
babycam = {
ip-address = "10.0.0.206";
mac-address = "08:ea:40:59:5f:9e";
};
workphone = {
ip-address = "10.0.0.211";
mac-address = "a8:8e:24:5c:12:67";
};
chromecast-2 = {
ip-address = "10.0.0.215";
mac-address = "a4:77:33:59:a2:ba";
};
front-light = {
ip-address = "10.0.0.221";
mac-address = "94:10:3e:48:94:ed";
};
node-1 = {
ip-address = "10.0.10.101";
mac-address = "00:1e:06:36:81:cf";
};
node-2 = {
ip-address = "10.0.10.102";
mac-address = "00:1e:06:36:ec:3e";
};
node-3 = {
ip-address = "10.0.10.103";
mac-address = "00:1e:06:36:ec:4b";
};
};
};
}; };
} }

9
packages/local.nix
View File

@ -25,16 +25,17 @@
postgresql_11_gssapi = pkgs.postgresql_11.overrideAttrs (oldAttrs: rec { postgresql_11_gssapi = pkgs.postgresql_11.overrideAttrs (oldAttrs: rec {
configureFlags = oldAttrs.configureFlags ++ [ "--with-gssapi" ]; configureFlags = oldAttrs.configureFlags ++ [ "--with-gssapi" ];
buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ]; buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ];
sbcl-with-libs = pkgs.sbcl.overrideAttrs (oldAttrs: rec {
extraLibs = with pkgs; [
openssl_1_1.dev
];
}); });
postgresql_12_gssapi = pkgs.postgresql_12.overrideAttrs (oldAttrs: rec { postgresql_12_gssapi = pkgs.postgresql_12.overrideAttrs (oldAttrs: rec {
configureFlags = oldAttrs.configureFlags ++ [ "--with-gssapi" ]; configureFlags = oldAttrs.configureFlags ++ [ "--with-gssapi" ];
buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ]; buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ];
}); });
sbcl-with-libs = pkgs.sbcl.overrideAttrs (oldAttrs: rec {
extraLibs = with pkgs; [
openssl_1_1.dev
];
});
hll2380dw-cups = import ./hll2380dw-cups.nix { hll2380dw-cups = import ./hll2380dw-cups.nix {
inherit (pkgs) stdenv fetchurl makeWrapper cups dpkg a2ps ghostscript gnugrep gnused coreutils file perl which; inherit (pkgs) stdenv fetchurl makeWrapper cups dpkg a2ps ghostscript gnugrep gnused coreutils file perl which;