stockholm/krebs/3modules/default.nix

142 lines
4.3 KiB
Nix
Raw Normal View History

2015-07-24 20:48:00 +02:00
{ config, lib, ... }:
2015-07-28 21:38:22 +02:00
with import ../4lib { inherit lib; };
2015-07-24 20:48:00 +02:00
let
cfg = config.krebs;
out = {
imports = [
2015-10-01 01:48:15 +02:00
./build.nix
2015-08-13 11:46:09 +02:00
./exim-retiolum.nix
2015-08-14 15:48:17 +02:00
./exim-smarthost.nix
2015-07-24 20:48:00 +02:00
./github-hosts-sync.nix
./git.nix
2015-10-01 22:10:21 +02:00
./iptables.nix
2015-07-24 20:48:00 +02:00
./nginx.nix
2015-08-31 14:22:21 +02:00
./Reaktor.nix
2015-07-24 20:48:00 +02:00
./retiolum.nix
./urlwatch.nix
];
options.krebs = api;
2015-07-24 21:38:41 +02:00
config = mkIf cfg.enable imp;
2015-07-24 20:48:00 +02:00
};
api = {
enable = mkEnableOption "krebs";
dns = {
providers = mkOption {
# TODO with types; tree dns.label dns.provider, so we can merge.
# Currently providers can only be merged if aliases occur just once.
type = with types; attrsOf unspecified;
};
};
2015-07-24 21:15:18 +02:00
hosts = mkOption {
type = with types; attrsOf host;
};
users = mkOption {
type = with types; attrsOf user;
};
# XXX is there a better place to define search-domain?
# TODO search-domains :: listOf hostname
search-domain = mkOption {
type = types.hostname;
default = "retiolum";
};
2015-08-16 23:58:02 +02:00
zone-head-config = mkOption {
type = with types; attrsOf str;
description = ''
The zone configuration head which is being used to create the
zone files. The string for each key is pre-pended to the zone file.
'';
# TODO: configure the default somewhere else,
# maybe use krebs.dns.providers
default = {
# github.io -> 192.30.252.154
2015-08-16 23:58:02 +02:00
"krebsco.de" = ''
$TTL 86400
@ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
IN NS ns19.ovh.net.
IN NS dns19.ovh.net.
IN A 192.30.252.154
IN A 192.30.252.153
'';
};
};
};
2015-07-24 21:38:41 +02:00
imp = mkMerge [
{ krebs = import ./lass { inherit lib; }; }
{ krebs = import ./makefu { inherit lib; }; }
{ krebs = import ./tv { inherit lib; }; }
{
krebs.dns.providers = {
2015-08-13 12:02:26 +02:00
de.krebsco = "zones";
internet = "hosts";
retiolum = "hosts";
};
# XXX This overlaps with krebs.retiolum
networking.extraHosts = concatStringsSep "\n" (flatten (
mapAttrsToList (hostname: host:
mapAttrsToList (netname: net:
let
aliases = longs ++ shorts;
providers = dns.split-by-provider net.aliases cfg.dns.providers;
longs = providers.hosts;
shorts =
map (removeSuffix ".${cfg.search-domain}")
(filter (hasSuffix ".${cfg.search-domain}")
longs);
in
map (addr: "${addr} ${toString aliases}") net.addrs
) (filterAttrs (name: host: host.aliases != []) host.nets)
) cfg.hosts
));
2015-08-13 22:28:21 +02:00
2015-08-16 23:58:02 +02:00
# Implements environment.etc."zones/<zone-name>"
environment.etc = let
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
([cfg.zone-head-config] ++ combined-hosts) ;
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones;
services.openssh.hostKeys =
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) (mkForce [privkey]);
services.openssh.knownHosts =
mapAttrs
(name: host: {
hostNames =
concatLists
(mapAttrsToList
(net-name: net:
let
aliases = shorts ++ longs;
longs = net.aliases;
shorts =
map (removeSuffix ".${cfg.search-domain}")
(filter (hasSuffix ".${cfg.search-domain}")
longs);
add-port = a:
if net.ssh.port != null
then "[${a}]:${toString net.ssh.port}"
else a;
in
aliases ++ map add-port net.addrs)
host.nets);
publicKey = host.ssh.pubkey;
})
(filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts);
2015-08-16 23:58:02 +02:00
}
2015-07-24 21:38:41 +02:00
];
2015-07-24 20:48:00 +02:00
in
out