diff options
| author | tv <tv@krebsco.de> | 2016-04-08 03:53:34 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2016-04-08 03:53:34 +0200 |
| commit | 46e818ebbc5446b4215ad9524089d9b2dc91cbd3 (patch) | |
| tree | 13d7021f55991559d17f3eb51e7ffb8957d093e5 | |
| parent | 827f1790803bda906ed71c56138cfdbf108ee730 (diff) | |
retiolum: don't hardcode routing prefixes
28 files changed, 228 insertions, 247 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3d54900e4..b4686894e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -8,15 +8,15 @@ with config.krebs.lib; cores = 4; nets = rec { internet = { - addrs4 = ["144.76.172.188"]; + ip4.addr = "144.76.172.188"; aliases = [ "dishfire.internet" ]; }; retiolum = { via = internet; - addrs4 = ["10.243.133.99"]; - addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"]; + ip4.addr = "10.243.133.99"; + ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1233"; aliases = [ "dishfire.retiolum" "dishfire.r" @@ -40,15 +40,15 @@ with config.krebs.lib; cores = 2; nets = rec { internet = { - addrs4 = ["162.252.241.33"]; + ip4.addr = "162.252.241.33"; aliases = [ "echelon.internet" ]; }; retiolum = { via = internet; - addrs4 = ["10.243.206.103"]; - addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"]; + ip4.addr = "10.243.206.103"; + ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763"; aliases = [ "echelon.retiolum" "echelon.r" @@ -75,15 +75,15 @@ with config.krebs.lib; cores = 4; nets = rec { internet = { - addrs4 = ["213.239.205.240"]; + ip4.addr = "213.239.205.240"; aliases = [ "prism.internet" ]; }; retiolum = { via = internet; - addrs4 = ["10.243.0.103"]; - addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"]; + ip4.addr = "10.243.0.103"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:15ab"; aliases = [ "prism.retiolum" "prism.r" @@ -107,15 +107,15 @@ with config.krebs.lib; fastpoke = { nets = rec { internet = { - addrs4 = ["193.22.164.36"]; + ip4.addr = "193.22.164.36"; aliases = [ "fastpoke.internet" ]; }; retiolum = { via = internet; - addrs4 = ["10.243.253.152"]; - addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"]; + ip4.addr = "10.243.253.152"; + ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00"; aliases = [ "fastpoke.retiolum" "fastpoke.r" @@ -139,15 +139,15 @@ with config.krebs.lib; cores = 1; nets = rec { internet = { - addrs4 = ["104.167.113.104"]; + ip4.addr = "104.167.113.104"; aliases = [ "cloudkrebs.internet" ]; }; retiolum = { via = internet; - addrs4 = ["10.243.206.102"]; - addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"]; + ip4.addr = "10.243.206.102"; + ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f762"; aliases = [ "cloudkrebs.retiolum" "cloudkrebs.r" @@ -172,12 +172,12 @@ with config.krebs.lib; cores = 1; nets = { gg23 = { - addrs4 = ["10.23.1.12"]; + ip4.addr = "10.23.1.12"; aliases = ["uriel.gg23"]; }; retiolum = { - addrs4 = ["10.243.81.176"]; - addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"]; + ip4.addr = "10.243.81.176"; + ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"; aliases = [ "uriel.retiolum" "uriel.r" @@ -203,12 +203,12 @@ with config.krebs.lib; cores = 2; nets = { gg23 = { - addrs4 = ["10.23.1.11"]; + ip4.addr = "10.23.1.11"; aliases = ["mors.gg23"]; }; retiolum = { - addrs4 = ["10.243.0.2"]; - addrs6 = ["42:0:0:0:0:0:0:dea7"]; + ip4.addr = "10.243.0.2"; + ip6.addr = "42:0:0:0:0:0:0:dea7"; aliases = [ "mors.retiolum" "mors.r" @@ -234,8 +234,8 @@ with config.krebs.lib; cores = 2; nets = { retiolum = { - addrs4 = ["10.243.0.3"]; - addrs6 = ["42:0:0:0:0:0:0:7105"]; + ip4.addr = "10.243.0.3"; + ip6.addr = "42:0:0:0:0:0:0:7105"; aliases = [ "helios.retiolum" "helios.r" diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index bd7c0db48..b93b34d24 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -8,8 +8,8 @@ with config.krebs.lib; cores = 1; nets = { retiolum = { - addrs4 = ["10.243.0.210"]; - addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0001"]; + ip4.addr = "10.243.0.210"; + ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0001"; aliases = [ "pnp.retiolum" "cgit.pnp.retiolum" @@ -31,8 +31,8 @@ with config.krebs.lib; cores = 4; nets = { retiolum = { - addrs4 = ["10.243.0.84"]; - addrs6 = ["42:ff6b:5f0b:460d:2cee:4d05:73f7:5566"]; + ip4.addr = "10.243.0.84"; + ip6.addr = "42:ff6b:5f0b:460d:2cee:4d05:73f7:5566"; aliases = [ "darth.retiolum" "darth.r" @@ -54,8 +54,8 @@ with config.krebs.lib; cores = 1; nets = { retiolum = { - addrs4 = ["10.243.0.212"]; - addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0002"]; + ip4.addr = "10.243.0.212"; + ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0002"; aliases = [ "tsp.retiolum" ]; @@ -81,8 +81,8 @@ with config.krebs.lib; cores = 2; nets = { retiolum = { - addrs4 = ["10.243.0.91"]; - addrs6 = ["42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"]; + ip4.addr = "10.243.0.91"; + ip6.addr = "42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"; aliases = [ "pornocauster.retiolum" "pornocauster.r" @@ -108,8 +108,8 @@ with config.krebs.lib; cores = 2; nets = { retiolum = { - addrs4 = ["10.243.1.91"]; - addrs6 = ["42:0b2c:d90e:e717:03dd:9ac1:0000:a400"]; + ip4.addr = "10.243.1.91"; + ip6.addr = "42:0b2c:d90e:e717:03dd:9ac1:0000:a400"; aliases = [ "vbob.retiolum" ]; @@ -135,22 +135,22 @@ with config.krebs.lib; extraZones = { "krebsco.de" = '' euer IN MX 1 aspmx.l.google.com. - pigstarter IN A ${head nets.internet.addrs4} - gold IN A ${head nets.internet.addrs4} - boot IN A ${head nets.internet.addrs4} + pigstarter IN A ${nets.internet.ip4.addr} + gold IN A ${nets.internet.ip4.addr} + boot IN A ${nets.internet.ip4.addr} ''; }; nets = { internet = { - addrs4 = ["192.40.56.122"]; - addrs6 = ["2604:2880::841f:72c"]; + ip4.addr = "192.40.56.122"; + ip6.addr = "2604:2880::841f:72c"; aliases = [ "pigstarter.internet" ]; }; retiolum = { - addrs4 = ["10.243.0.153"]; - addrs6 = ["42:9143:b4c0:f981:6030:7aa2:8bc5:4110"]; + ip4.addr = "10.243.0.153"; + ip6.addr = "42:9143:b4c0:f981:6030:7aa2:8bc5:4110"; aliases = [ "pigstarter.retiolum" ]; @@ -171,18 +171,18 @@ with config.krebs.lib; cores = 1; extraZones = { "krebsco.de" = '' - euer IN A ${head nets.internet.addrs4} - wiki.euer IN A ${head nets.internet.addrs4} - wry IN A ${head nets.internet.addrs4} + euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} + wry IN A ${nets.internet.ip4.addr} io IN NS wry.krebsco.de. - graphs IN A ${head nets.internet.addrs4} - paste 60 IN A ${head nets.internet.addrs4} - tinc IN A ${head nets.internet.addrs4} + graphs IN A ${nets.internet.ip4.addr} + paste 60 IN A ${nets.internet.ip4.addr} + tinc IN A ${nets.internet.ip4.addr} ''; }; nets = rec { internet = { - addrs4 = ["104.233.87.86"]; + ip4.addr = "104.233.87.86"; aliases = [ "wry.internet" "paste.internet" @@ -190,8 +190,8 @@ with config.krebs.lib; }; retiolum = { via = internet; - addrs4 = ["10.243.29.169"]; - addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"]; + ip4.addr = "10.243.29.169"; + ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "graphs.wry.retiolum" "graphs.retiolum" @@ -228,8 +228,8 @@ with config.krebs.lib; nets = { retiolum = { - addrs4 = ["10.243.153.102"]; - addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"]; + ip4.addr = "10.243.153.102"; + ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; aliases = [ "filepimp.retiolum" ]; @@ -252,8 +252,8 @@ with config.krebs.lib; nets = { retiolum = { - addrs4 = ["10.243.0.89"]; - addrs6 = ["42:f9f0::10"]; + ip4.addr = "10.243.0.89"; + ip6.addr = "42:f9f0::10"; aliases = [ "omo.retiolum" "omo.r" @@ -277,8 +277,8 @@ with config.krebs.lib; cores = 1; nets = { retiolum = { - addrs4 = ["10.243.214.15"]; - addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"]; + ip4.addr = "10.243.214.15"; + ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; aliases = [ "wbob.retiolum" ]; @@ -301,24 +301,24 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB extraZones = { "krebsco.de" = '' - share.euer IN A ${head nets.internet.addrs4} - mattermost.euer IN A ${head nets.internet.addrs4} - git.euer IN A ${head nets.internet.addrs4} - gum IN A ${head nets.internet.addrs4} - cgit.euer IN A ${head nets.internet.addrs4} + share.euer IN A ${nets.internet.ip4.addr} + mattermost.euer IN A ${nets.internet.ip4.addr} + git.euer IN A ${nets.internet.ip4.addr} + gum IN A ${nets.internet.ip4.addr} + cgit.euer IN A ${nets.internet.ip4.addr} ''; }; nets = rec { internet = { - addrs4 = ["195.154.108.70"]; + ip4.addr = "195.154.108.70"; aliases = [ "gum.internet" ]; }; retiolum = { via = internet; - addrs4 = ["10.243.0.211"]; - addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"]; + ip4.addr = "10.243.0.211"; + ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2"; aliases = [ "gum.r" "gum.retiolum" @@ -346,20 +346,20 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; extraZones = { "krebsco.de" = '' - mediengewitter IN A ${head nets.internet.addrs4} - flap IN A ${head nets.internet.addrs4} + mediengewitter IN A ${nets.internet.ip4.addr} + flap IN A ${nets.internet.ip4.addr} ''; }; nets = { internet = { - addrs4 = ["162.248.11.162"]; + ip4.addr = "162.248.11.162"; aliases = [ "flap.internet" ]; }; retiolum = { - addrs4 = ["10.243.211.172"]; - addrs6 = ["42:472a:3d01:bbe4:4425:567e:592b:065d"]; + ip4.addr = "10.243.211.172"; + ip6.addr = "42:472a:3d01:bbe4:4425:567e:592b:065d"; aliases = [ "flap.retiolum" "flap.r" @@ -382,8 +382,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { retiolum = { - addrs4 = ["10.243.231.219"]; - addrs6 = ["42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72"]; + ip4.addr = "10.243.231.219"; + ip6.addr = "42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72"; aliases = [ "nukular.r" ]; @@ -405,8 +405,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { retiolum = { - addrs4 = ["10.243.124.21"]; - addrs6 = ["42:9898:a8be:ce56:0ee3:b99c:42c5:109e"]; + ip4.addr = "10.243.124.21"; + ip6.addr = "42:9898:a8be:ce56:0ee3:b99c:42c5:109e"; aliases = [ "heidi.r" ]; @@ -428,7 +428,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { retiolum = { - addrs4 = ["10.243.69.184"]; + ip4.addr = "10.243.69.184"; aliases = [ "soundflower.r" ]; @@ -450,7 +450,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { retiolum = { - addrs4 = ["10.243.120.19"]; + ip4.addr = "10.243.120.19"; aliases = [ "falk.r" ]; @@ -472,8 +472,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 4; nets = { retiolum = { - addrs4 = ["10.243.189.130"]; - addrs6 = ["42:c64e:011f:9755:31e1:c3e6:73c0:af2d"]; + ip4.addr = "10.243.189.130"; + ip6.addr = "42:c64e:011f:9755:31e1:c3e6:73c0:af2d"; aliases = [ "filebitch.r" ]; @@ -495,8 +495,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { retiolum = { - addrs4 = ["10.243.26.29"]; - addrs6 = ["42:927a:3d59:1cb3:29d6:1a08:78d3:812e"]; + ip4.addr = "10.243.26.29"; + ip6.addr = "42:927a:3d59:1cb3:29d6:1a08:78d3:812e"; aliases = [ "excobridge.r" ]; @@ -518,14 +518,14 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { internet = { - addrs4 = ["148.251.47.69"]; + ip4.addr = "148.251.47.69"; aliases = [ "wooki.internet" ]; }; retiolum = { - addrs4 = ["10.243.57.85"]; - addrs6 = ["42:2f06:b899:a3b5:1dcf:51a4:a02b:8731"]; + ip4.addr = "10.243.57.85"; + ip6.addr = "42:2f06:b899:a3b5:1dcf:51a4:a02b:8731"; aliases = [ "wooki.r" ]; @@ -547,8 +547,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 2; nets = { retiolum = { - addrs4 = ["10.243.0.163"]; - addrs6 = ["42:b67b:5752:a730:5f28:d80d:6b37:5bda/128"]; + ip4.addr = "10.243.0.163"; + ip6.addr = "42:b67b:5752:a730:5f28:d80d:6b37:5bda/128"; aliases = [ "senderechner.r" ]; @@ -570,14 +570,14 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { internet = { - addrs4 = ["217.160.206.154"]; + ip4.addr = "217.160.206.154"; aliases = [ "muhbaasu.internet" ]; }; retiolum = { - addrs4 = ["10.243.139.184"]; - addrs6 = ["42:d568:6106:ba30:753b:0f2a:8225:b1fb"]; + ip4.addr = "10.243.139.184"; + ip6.addr = "42:d568:6106:ba30:753b:0f2a:8225:b1fb"; aliases = [ "muhbaasu.r" ]; diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix index 9a5866294..a03f7ff4d 100644 --- a/krebs/3modules/miefda/default.nix +++ b/krebs/3modules/miefda/default.nix @@ -8,8 +8,8 @@ with config.krebs.lib; cores = 4; nets = { retiolum = { - addrs4 = ["10.243.111.112"]; - addrs6 = ["42:0:0:0:0:0:111:112"]; + ip4.addr = "10.243.111.112"; + ip6.addr = "42:0:0:0:0:0:111:112"; aliases = [ "bobby.retiolum" "cgit.bobby.retiolum" diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix index 3b4001e7a..20118c61f 100644 --- a/krebs/3modules/mv/default.nix +++ b/krebs/3modules/mv/default.nix @@ -8,8 +8,8 @@ with config.krebs.lib; cores = 4; nets = { retiolum = { - addrs4 = ["10.243.111.111"]; - addrs6 = ["42:0:0:0:0:0:111:111"]; + ip4.addr = "10.243.111.111"; + ip6.addr = "42:0:0:0:0:0:111:111"; aliases = [ "stro.retiolum" "cgit.stro.retiolum" diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 61b4473e1..fe4dbd50c 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -11,26 +11,13 @@ let api = { enable = mkEnableOption "krebs.retiolum"; - name = mkOption { - type = types.str; - default = config.networking.hostName; - # Description stolen from tinc.conf(5). - description = '' - This is the name which identifies this tinc daemon. It must - be unique for the virtual private network this daemon will - connect to. The Name may only consist of alphanumeric and - underscore characters. If Name starts with a $, then the - contents of the environment variable that follows will be - used. In that case, invalid characters will be converted to - underscores. If Name is $HOST, but no such environment - variable exist, the hostname will be read using the - gethostnname() system call This is the name which identifies - the this tinc daemon. - ''; + host = mkOption { + type = types.host; + default = config.krebs.build.host; }; netname = mkOption { - type = types.str; + type = types.hostname; default = "retiolum"; description = '' The tinc network name. @@ -157,46 +144,34 @@ let uid = genid name; }; + net = cfg.host.nets.${cfg.netname}; + tinc = cfg.tincPackage; iproute = cfg.iproutePackage; - confDir = pkgs.runCommand "retiolum" { - # TODO text - executable = true; - preferLocalBuild = true; - } '' - set -euf - - mkdir -p $out - - ln -s ${cfg.hostsPackage} $out/hosts - - cat > $out/tinc.conf <<EOF - Name = ${cfg.name} - Device = /dev/net/tun - Interface = ${cfg.netname} - ${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)} - PrivateKeyFile = /tmp/retiolum-rsa_key.priv - ${cfg.extraConfig} - EOF - - # source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up - cat > $out/tinc-up <<EOF - host=$out/hosts/${cfg.name} - ${iproute}/sbin/ip link set \$INTERFACE up - - addr4=\$(sed -n 's|^ *Subnet *= *\(10[.][^ ]*\) *$|\1|p' \$host) - if [ -n "\$addr4" ];then - ${iproute}/sbin/ip -4 addr add \$addr4 dev \$INTERFACE - ${iproute}/sbin/ip -4 route add 10.243.0.0/16 dev \$INTERFACE - fi - addr6=\$(sed -n 's|^ *Subnet *= *\(42[:][^ ]*\) *$|\1|p' \$host) - ${iproute}/sbin/ip -6 addr add \$addr6 dev \$INTERFACE - ${iproute}/sbin/ip -6 route add 42::/16 dev \$INTERFACE - EOF - - chmod +x $out/tinc-up - ''; + confDir = let + namePathPair = name: path: { inherit name path; }; + in pkgs.linkFarm "${cfg.netname}-etc-tinc" (mapAttrsToList namePathPair { + "hosts" = cfg.hostsPackage; + "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" '' + Name = ${cfg.host.name} + Interface = ${cfg.netname} + ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)} + PrivateKeyFile = /tmp/retiolum-rsa_key.priv + ${cfg.extraConfig} + ''; + "tinc-up" = pkgs.writeScript "${cfg.netname}-tinc-up" '' + ${iproute}/sbin/ip link set ${cfg.netname} up + ${optionalString (net.ip4 != null) '' + ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname} + ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname} + ''} + ${optionalString (net.ip6 != null) '' + ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname} + ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname} + ''} + ''; + }); in out diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index ccd15b569..47767d370 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -12,8 +12,8 @@ let cores = 1; nets = { retiolum = { - addrs4 = ["10.243.111.111"]; - addrs6 = ["42:0:0:0:0:0:0:7357"]; + ip4.addr = "10.243.111.111"; + ip6.addr = "42:0:0:0:0:0:0:7357"; aliases = [ "test.r" "test.retiolum" @@ -36,7 +36,7 @@ in { wolf = { nets = { shack = { - addrs4 = [ "10.42.2.150" ]; + ip4.addr = "10.42.2.150" ; aliases = [ "wolf.shack" "graphite.shack" @@ -45,8 +45,8 @@ in { ]; }; retiolum = { - addrs4 = ["10.243.77.1"]; - addrs6 = ["42:0:0:0:0:0:77:1"]; + ip4.addr = "10.243.77.1"; + ip6.addr = "42:0:0:0:0:0:77:1"; aliases = [ "wolf.retiolum" "cgit.wolf.retiolum" diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index f0f0c5e79..b0f0ce547 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -13,15 +13,15 @@ with config.krebs.lib; # TODO generate krebsco.de zone from nets and don't use extraZones at all "krebsco.de" = '' krebsco.de. 60 IN MX 5 mx23 - mx23 60 IN A ${elemAt nets.internet.addrs4 0} - cd 60 IN A ${elemAt nets.internet.addrs4 0} - cgit 60 IN A ${elemAt nets.internet.addrs4 0} - cgit.cd 60 IN A ${elemAt nets.internet.addrs4 0} + mx23 60 IN A ${nets.internet.ip4.addr} + cd 60 IN A ${nets.internet.ip4.addr} + cgit 60 IN A ${nets.internet.ip4.addr} + cgit.cd 60 IN A ${nets.internet.ip4.addr} ''; }; nets = rec { internet = { - addrs4 = ["162.219.7.216"]; + ip4.addr = "162.219.7.216"; aliases = [ "cd.i" "cd.internet" @@ -34,8 +34,8 @@ with config.krebs.lib; }; retiolum = { via = internet; - addrs4 = ["10.243.113.222"]; - addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"]; + ip4.addr = "10.243.113.222"; + ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af3"; aliases = [ "cd.r" "cd.retiolum" @@ -66,7 +66,7 @@ with config.krebs.lib; cores = 2; nets = rec { internet = { - addrs4 = ["45.62.237.203"]; + ip4.addr = "45.62.237.203"; aliases = [ "doppelbock.i" "doppelbock.internet" @@ -74,8 +74,8 @@ with config.krebs.lib; }; retiolum = { via = internet; - addrs4 = ["10.243.113.224"]; - addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"]; + ip4.addr = "10.243.113.224"; + ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af5"; aliases = [ "doppelbock.r" "doppelbock.retiolum" @@ -101,7 +101,7 @@ with config.krebs.lib; cores = 1; nets = rec { internet = { - addrs4 = ["104.167.114.142"]; + ip4.addr = "104.167.114.142"; aliases = [ "mkdir.i" "mkdir.internet" @@ -109,8 +109,8 @@ with config.krebs.lib; }; retiolum = { via = internet; - addrs4 = ["10.243.113.223"]; - addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"]; + ip4.addr = "10.243.113.223"; + ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af4"; aliases = [ "mkdir.r" "mkdir.retiolum" @@ -136,12 +136,12 @@ with config.krebs.lib; extraZones = { # TODO generate krebsco.de zone from nets and don't use extraZones at all "krebsco.de" = '' - ire 60 IN A ${elemAt nets.internet.addrs4 0} + ire 60 IN A ${nets.internet.ip4.addr} ''; }; nets = rec { internet = { - addrs4 = ["198.147.22.115"]; + ip4.addr = "198.147.22.115"; aliases = [ "ire.i" "ire.internet" @@ -151,8 +151,8 @@ with config.krebs.lib; }; retiolum = { via = internet; - addrs4 = ["10.243.231.66"]; - addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"]; + ip4.addr = "10.243.231.66"; + ip6.addr = "42:b912:0f42:a82d:0d27:8610:e89b:490c"; aliases = [ "ire.r" "ire.retiolum" @@ -175,7 +175,7 @@ with config.krebs.lib; kaepsele = { nets = { internet = { - addrs4 = ["92.222.10.169"]; + ip4.addr = "92.222.10.169"; aliases = [ "kaepsele.i" "kaepsele.internet" @@ -183,8 +183,8 @@ with config.krebs.lib; ]; }; retiolum = { - addrs4 = ["10.243.166.2"]; - addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"]; + ip4.addr = "10.243.166.2"; + ip6.addr = "42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"; aliases = [ "kaepsele.r" "kaepsele.retiolum" @@ -207,8 +207,8 @@ with config.krebs.lib; cores = 2; nets = { retiolum = { - addrs4 = ["10.243.20.1"]; - addrs6 = ["42:0:0:0:0:0:0:2001"]; + ip4.addr = "10.243.20.1"; + ip6.addr = "42:0:0:0:0:0:0:2001"; aliases = [ "mu.r" "mu.retiolum" @@ -232,13 +232,13 @@ with config.krebs.lib; cores = 2; nets = rec { gg23 = { - addrs4 = ["10.23.1.110"]; + ip4.addr = "10.23.1.110"; aliases = ["nomic.gg23"]; ssh.port = 11423; }; retiolum = { - addrs4 = ["10.243.0.110"]; - addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"]; + ip4.addr = "10.243.0.110"; + ip6.addr = "42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"; aliases = [ "nomic.r" "nomic.retiolum" @@ -264,7 +264,7 @@ with config.krebs.lib; ok = { nets = { gg23 = { - addrs4 = ["10.23.1.1"]; + ip4.addr = "10.23.1.1"; aliases = ["ok.gg23"]; }; }; @@ -273,7 +273,7 @@ with config.krebs.lib; cores = 1; nets = rec { internet = { - addrs4 = ["167.88.34.182"]; + ip4.addr = "167.88.34.182"; aliases = [ "rmdir.i" "rmdir.internet" @@ -281,8 +281,8 @@ with config.krebs.lib; }; retiolum = { via = internet; - addrs4 = ["10.243.113.224"]; - addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"]; + ip4.addr = "10.243.113.224"; + ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af5"; aliases = [ "rmdir.r" "rmdir.retiolum" @@ -307,7 +307,7 @@ with config.krebs.lib; schnabeldrucker = { nets = { gg23 = { - addrs4 = ["10.23.1.21"]; + ip4.addr = "10.23.1.21"; aliases = ["schnabeldrucker.gg23"]; }; }; @@ -315,7 +315,7 @@ with config.krebs.lib; schnabelscanner = { nets = { gg23 = { - addrs4 = ["10.23.1.22"]; + ip4.addr = "10.23.1.22"; aliases = ["schnabelscanner.gg23"]; }; }; @@ -324,7 +324,7 @@ with config.krebs.lib; cores = 4; nets = { gg23 = { - addrs4 = ["10.23.1.37"]; + ip4.addr = "10.23.1.37"; aliases = [ "wu.gg23" "cache.wu.gg23" @@ -332,8 +332,8 @@ with config.krebs.lib; ssh.port = 11423; }; retiolum = { - addrs4 = ["10.243.13.37"]; - addrs6 = ["42:0:0:0:0:0:0:1337"]; + ip4.addr = "10.243.13.37"; + ip6.addr = "42:0:0:0:0:0:0:1337"; aliases = [ "wu.r" "wu.retiolum" @@ -360,13 +360,13 @@ with config.krebs.lib; cores = 4; nets = { gg23 = { - addrs4 = ["10.23.1.38"]; + ip4.addr = "10.23.1.38"; aliases = ["xu.gg23"]; ssh.port = 11423; }; retiolum = { - addrs4 = ["10.243.13.38"]; - addrs6 = ["42:0:0:0:0:0:0:1338"]; + ip4.addr = "10.243.13.38"; + ip6.addr = "42:0:0:0:0:0:0:1338"; aliases = [ "xu.r" "xu.retiolum" diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 7255dc3e1..24b4e14b1 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -63,28 +63,56 @@ types // rec { net = submodule ({ config, ... }: { options = { + name = mkOption { + type = label; + default = config._module.args.name; + }; via = mkOption { type = nullOr net; default = null; }; addrs = mkOption { type = listOf addr; - default = config.addrs4 ++ config.addrs6; - # TODO only default addrs make sense - }; - addrs4 = mkOption { - type = listOf addr4; - default = []; - }; - addrs6 = mkOption { - type = listOf addr6; - default = []; + default = + optional (config.ip4 != null) config.ip4.addr ++ + optional (config.ip6 != null) config.ip6.addr; + readOnly = true; }; aliases = mkOption { # TODO nonEmptyListOf hostname type = listOf hostname; default = []; }; + ip4 = mkOption { + type = nullOr (submodule { + options = { + addr = mkOption { + type = addr4; + }; + prefix = mkOption ({ + type = str; # TODO routing prefix (CIDR) + } // optionalAttrs (config.name == "retiolum") { + default = "10.243.0.0/16"; + }); + }; + }); + default = null; + }; + ip6 = mkOption { + type = nullOr (submodule { + options = { + addr = mkOption { + type = addr6; + }; + prefix = mkOption ({ + type = str; # TODO routing prefix (CIDR) + } // optionalAttrs (config.name == "retiolum") { + default = "42::/16"; + }); + }; + }); + default = null; + }; ssh = mkOption { type = submodule { options = { diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index 98f509050..6cfba567a 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -2,9 +2,8 @@ let inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - inherit (lib) head; - ip = (head config.krebs.build.host.nets.internet.addrs4); + ip = config.krebs.build.host.nets.internet.ip4.addr; in { imports = [ ../. diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 2ff6dba70..80611ee80 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -2,9 +2,8 @@ let inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - inherit (lib) head; - ip = (head config.krebs.build.host.nets.internet.addrs4); + ip = config.krebs.build.host.nets.internet.ip4.addr; in { imports = [ ../. diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 4d40c8d59..20c919b9b 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -1,9 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) head; - - ip = (head config.krebs.build.host.nets.internet.addrs4); + ip = config.krebs.build.host.nets.internet.ip4.addr; in { imports = [ ../. diff --git a/lass/2configs/privoxy-retiolum.nix b/lass/2configs/privoxy-retiolum.nix index 3a3641ad8..9059bbac8 100644 --- a/lass/2configs/privoxy-retiolum.nix +++ b/lass/2configs/privoxy-retiolum.nix @@ -1,8 +1,7 @@ { config, lib, ... }: let - r_ip = (head config.krebs.build.host.nets.retiolum.addrs4); - inherit (lib) head; + r_ip = config.krebs.build.host.nets.retiolum.ip4.addr; in { imports = [ diff --git a/lass/3modules/static_nginx.nix b/lass/3modules/static_nginx.nix index 6e87e9853..6b5d19615 100644 --- a/lass/3modules/static_nginx.nix +++ b/lass/3modules/static_nginx.nix @@ -54,7 +54,7 @@ let user = config.services.nginx.user; group = config.services.nginx.group; - external-ip = head config.krebs.build.host.nets.internet.addrs4; + external-ip = config.krebs.build.host.nets.internet.ip4.addr; imp = { krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: { diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 710421659..7bac4398c 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -2,8 +2,8 @@ with config.krebs.lib; let - external-ip = head config.krebs.build.host.nets.internet.addrs4; - internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; in { imports = [ ../. diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index edaf1b803..d9f8ded83 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -3,8 +3,8 @@ with config.krebs.lib; let - external-ip = head config.krebs.build.host.nets.internet.addrs4; - internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; in { imports = [ ../. diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix index 125b3dfff..8f51c91dd 100644 --- a/makefu/2configs/deployment/mycube.connector.one.nix +++ b/makefu/2configs/deployment/mycube.connector.one.nix @@ -3,7 +3,7 @@ with config.krebs.lib; let hostname = config.krebs.build.host.name; - external-ip = head config.krebs.build.host.nets.internet.addrs4; + external-ip = config.krebs.build.host.nets.internet.ip4.addr; wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; in { services.redis.enable = true; diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix index 2e69d167c..d57c91ce8 100644 --- a/makefu/2configs/iodined.nix +++ b/makefu/2configs/iodined.nix @@ -10,7 +10,7 @@ in { enable = true; domain = domain; ip = "172.16.10.1/24"; - extraConfig = "-P ${pw} -l ${pkgs.lib.head config.krebs.build.host.nets.internet.addrs4}"; + extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; }; } diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix index 9d08f4b9a..137c0b0e3 100644 --- a/makefu/2configs/nginx/euer.blog.nix +++ b/makefu/2configs/nginx/euer.blog.nix @@ -8,8 +8,8 @@ let hostname = config.krebs.build.host.name; user = config.services.nginx.user; group = config.services.nginx.group; - external-ip = head config.krebs.build.host.nets.internet.addrs4; - internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; base-dir = "/var/www/blog.euer"; in { # Prepare Blog directory diff --git a/makefu/2configs/nginx/euer.test.nix b/makefu/2configs/nginx/euer.test.nix index f7214e613..84b9bacda 100644 --- a/makefu/2configs/nginx/euer.test.nix +++ b/makefu/2configs/nginx/euer.test.nix @@ -5,8 +5,8 @@ let hostname = config.krebs.build.host.name; user = config.services.nginx.user; group = config.services.nginx.group; - external-ip = head config.krebs.build.host.nets.internet.addrs4; - internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; in { krebs.nginx = { enable = mkDefault true; diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index a5572a519..10985c833 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -18,8 +18,8 @@ let # user1 = pass1 # userN = passN tw-pass-file = "${sec}/tw-pass.ini"; - external-ip = head config.krebs.build.host.nets.internet.addrs4; - internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; in { services.phpfpm = { # phpfpm does not have an enable option diff --git a/makefu/2configs/nginx/update.connector.one.nix b/makefu/2configs/nginx/update.connector.one.nix index ac5e6b17b..dde3e3a64 100644 --- a/makefu/2configs/nginx/update.connector.one.nix +++ b/makefu/2configs/nginx/update.connector.one.nix @@ -3,7 +3,7 @@ with config.krebs.lib; let hostname = config.krebs.build.host.name; - external-ip = head config.krebs.build.host.nets.internet.addrs4; + external-ip = config.krebs.build.host.nets.internet.ip4.addr; in { krebs.nginx = { enable = mkDefault true; diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix index 3a4dd456f..c943e3d9a 100644 --- a/makefu/2configs/omo-share.nix +++ b/makefu/2configs/omo-share.nix @@ -5,7 +5,7 @@ let hostname = config.krebs.build.host.name; # TODO local-ip from the nets config local-ip = "192.168.1.11"; - # local-ip = head config.krebs.build.host.nets.retiolum.addrs4; + # local-ip = config.krebs.build.host.nets.retiolum.ip4.addr; in { krebs.nginx = { enable = mkDefault true; diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index f0323dc2f..53334d6f1 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -1,8 +1,8 @@ { config, lib, pkgs, ... }: let - shack-ip = lib.head config.krebs.build.host.nets.shack.addrs4; - internal-ip = lib.head config.krebs.build.host.nets.retiolum.addrs4; + shack-ip = config.krebs.build.host.nets.shack.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; in { imports = [ diff --git a/tv/1systems/doppelbock.nix b/tv/1systems/doppelbock.nix index 9a8d5b05d..ec85a7772 100644 --- a/tv/1systems/doppelbock.nix +++ b/tv/1systems/doppelbock.nix @@ -13,8 +13,8 @@ with config.krebs.lib; networking = { interfaces.enp2s1.ip4 = singleton { address = let - addr4 = "45.62.237.203"; - in assert config.krebs.build.host.nets.internet.addrs4 == [addr4]; addr4; + addr = "45.62.237.203"; + in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; prefixLength = 24; }; defaultGateway = "45.62.237.1"; diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix index 58a8fdcb2..f46ed9547 100644 --- a/tv/1systems/mkdir.nix +++ b/tv/1systems/mkdir.nix @@ -7,12 +7,7 @@ let getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - - primary-addr4 = - builtins.elemAt config.krebs.build.host.nets.internet.addrs4 0; - - #secondary-addr4 = - # builtins.elemAt config.krebs.build.host.nets.internet.addrs4 1; + primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr; in { @@ -55,10 +50,6 @@ in address = primary-addr4; prefixLength = 24; } - #{ - # address = secondary-addr4; - # prefixLength = 24; - #} ]; # TODO define gateway in krebs/3modules/default.nix diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix index c54caa649..25fae2c36 100644 --- a/tv/1systems/rmdir.nix +++ b/tv/1systems/rmdir.nix @@ -7,12 +7,7 @@ let getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - - primary-addr4 = - builtins.elemAt config.krebs.build.host.nets.internet.addrs4 0; - - #secondary-addr4 = - # builtins.elemAt config.krebs.build.host.nets.internet.addrs4 1; + primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr; in { diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 280d8572b..8a90639b6 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -13,7 +13,7 @@ with config.krebs.lib; "shackspace.de" "viljetic.de" ]; - relay_from_hosts = concatMap (host: host.nets.retiolum.addrs4) [ + relay_from_hosts = concatMap (host: host.nets.retiolum.ip4.addr) [ config.krebs.hosts.nomic config.krebs.hosts.wu config.krebs.hosts.xu diff --git a/tv/3modules/charybdis/config.nix b/tv/3modules/charybdis/config.nix index e4d754ff3..1b160926c 100644 --- a/tv/3modules/charybdis/config.nix +++ b/tv/3modules/charybdis/config.nix @@ -56,9 +56,9 @@ in toFile "charybdis.conf" '' /* On multi-homed hosts you may need the following. These define * the addresses we connect from to other servers. */ /* for IPv4 */ - vhost = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs4}; + vhost = ${toJSON config.krebs.build.host.nets.retiolum.ip4.addr}; /* for IPv6 */ - vhost6 = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs6}; + vhost6 = ${toJSON config.krebs.build.host.nets.retiolum.ip6.addr}; /* ssl_private_key: our ssl private key */ ssl_private_key = ${toJSON cfg.ssl_private_key.path}; @@ -160,10 +160,7 @@ in toFile "charybdis.conf" '' /* If you want to listen on a specific IP only, specify host. * host definitions apply only to the following port line. */ - # XXX This is stupid because only one host is allowed[?] - #host = ''${concatMapStringsSep ", " toJSON ( - # config.krebs.build.host.nets.retiolum.addrs - #)}; + #host = ${toJSON config.krebs.build.host.nets.retiolum.ip4.addr}; port = ${toString cfg.port}; sslport = ${toString cfg.sslport}; }; |