stockholm/krebs/3modules/default.nix

{ config, lib, ... }:

with import <stockholm/lib>;
let
  cfg = config.krebs;

  out = {
    imports = [
      ../../kartei
      ../../submodules/disko/module.nix
      ./acl.nix
      ./airdcpp.nix
      ./announce-activation.nix
      ./apt-cacher-ng.nix
      ./backup.nix
      ./bepasty-server.nix
      ./bindfs.nix
      ./brockman.nix
      ./build.nix
      ./cachecache.nix
      ./ci
      ./current.nix
      ./dns.nix
      ./exim-retiolum.nix
      ./exim-smarthost.nix
      ./exim.nix
      ./fetchWallpaper.nix
      ./git.nix
      ./github
      ./go.nix
      ./hidden-ssh.nix
      ./hosts.nix
      ./htgen.nix
      ./iana-etc.nix
      ./iptables.nix
      ./kapacitor.nix
      ./konsens.nix
      ./krebs-pages.nix
      ./monit.nix
      ./nixpkgs.nix
      ./on-failure.nix
      ./os-release.nix
      ./per-user.nix
      ./permown.nix
      ./power-action.nix
      ./reaktor2.nix
      ./realwallpaper.nix
      ./repo-sync.nix
      ./retiolum-bootstrap.nix
      ./secret.nix
      ./setuid.nix
      ./shadow.nix
      ./sitemap.nix
      ./ssl.nix
      ./sync-containers.nix
      ./systemd.nix
      ./tinc.nix
      ./tinc_graphs.nix
      ./upstream
      ./urlwatch.nix
      ./users.nix
      ./xresources.nix
      ./zones.nix
    ];
    options.krebs = api;
    config = lib.mkIf cfg.enable imp;
  };

  api = {
    enable = mkEnableOption "krebs";

    zone-head-config  = mkOption {
      type = with types; attrsOf str;
      description = ''
        The zone configuration head which is being used to create the
        zone files. The string for each key is pre-pended to the zone file.
      '';
      # TODO: configure the default somewhere else,
      # maybe use krebs.dns.providers
      default = {

        # github.io -> 192.30.252.154
        "krebsco.de" = ''
          $TTL 86400
          @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
                                IN NS     ns19.ovh.net.
                                IN NS     dns19.ovh.net.
        '';
      };
    };
  };

  imp = lib.mkMerge [
    {
      services.openssh.hostKeys =
        let inherit (config.krebs.build.host.ssh) privkey; in
        mkIf (privkey != null) [privkey];

      services.openssh.knownHosts =
        filterAttrs
          (knownHostName: knownHost:
            knownHost.publicKey != null &&
            knownHost.hostNames != []
          )
          (mapAttrs
            (hostName: host: {
              hostNames =
                concatLists
                  (mapAttrsToList
                    (netName: net:
                      let
                        aliases =
                          concatLists [
                            shortAliases
                            net.aliases
                            net.addrs
                          ];
                        shortAliases =
                          optionals
                            (cfg.dns.search-domain != null)
                            (map (removeSuffix ".${cfg.dns.search-domain}")
                                 (filter (hasSuffix ".${cfg.dns.search-domain}")
                                         net.aliases));
                        addPort = alias:
                          if net.ssh.port != 22
                            then "[${alias}]:${toString net.ssh.port}"
                            else alias;
                      in
                      map addPort aliases
                    )
                    host.nets);
              publicKey = host.ssh.pubkey;
            })
            (foldl' mergeAttrs {} [
              cfg.hosts
              {
                localhost = {
                  nets.local = {
                    addrs = [ "127.0.0.1" "::1" ];
                    aliases = [ "localhost" ];
                    ssh.port = 22;
                  };
                  ssh.pubkey = config.krebs.build.host.ssh.pubkey;
                };
              }
            ]));

      programs.ssh.extraConfig = concatMapStrings
        (net: ''
          Host ${toString (net.aliases ++ net.addrs)}
            Port ${toString net.ssh.port}
        '')
        (filter
          (net: net.ssh.port != 22)
          (concatMap (host: attrValues host.nets)
            (mapAttrsToList
              (_: host: recursiveUpdate host
                (optionalAttrs (cfg.dns.search-domain != null &&
                                hasAttr cfg.dns.search-domain host.nets) {
                  nets."" = host.nets.${cfg.dns.search-domain} // {
                    aliases = [host.name];
                    addrs = [];
                  };
                }))
              config.krebs.hosts)));
    }
  ];

in out
{2 tv git -> 3 krebs}.users 2015-07-24 20:48:00 +02:00			`{ config, lib, ... }:`

drop config.krebs.lib 2016-10-20 20:54:38 +02:00			`with import <stockholm/lib>;`
{2 tv git -> 3 krebs}.users 2015-07-24 20:48:00 +02:00			`let`
			`cfg = config.krebs;`

			`out = {`
			`imports = [`
kartei: init 2022-11-22 20:15:44 +01:00			`../../kartei`
add disko as submodule 2022-12-27 18:55:23 +01:00			`../../submodules/disko/module.nix`
move acl module to krebs 2022-01-30 10:47:23 +01:00			`./acl.nix`
treewide: makefu.airdcpp -> krebs.airdcpp 2018-09-24 23:32:28 +02:00			`./airdcpp.nix`
krebs.announce-activation: init 2017-09-05 22:58:25 +02:00			`./announce-activation.nix`
apt-cacher-ng is imported by krebs modules 2015-11-17 13:49:29 +01:00			`./apt-cacher-ng.nix`
{tv 2 => krebs 3} backup 2015-12-28 19:43:31 +01:00			`./backup.nix`
krebs 3 modules: bepasty-server is a krebs module 2015-10-22 15:26:54 +02:00			`./bepasty-server.nix`
bindfs: l -> krebs 2021-01-24 11:26:39 +01:00			`./bindfs.nix`
puyak.r: use brockman for news 2020-12-30 09:47:57 +01:00			`./brockman.nix`
*: make eval.config.krebs.build.host.name work everywhere 2016-02-15 16:29:01 +01:00			`./build.nix`
puyak.r: add cache.nsupdate.info 2018-11-21 00:03:49 +01:00			`./cachecache.nix`
ci: move to extra folder, report failed scripts 2022-10-23 18:30:56 +02:00			`./ci`
init krebs.current 2015-10-25 14:15:21 +01:00			`./current.nix`
krebs: move dns stuff to dedicated file 2019-01-21 10:32:15 +01:00			`./dns.nix`
{tv 2 => krebs 3}/exim-retiolum 2015-08-13 11:46:09 +02:00			`./exim-retiolum.nix`
{tv 2 => krebs 3} exim-smarthost 2015-08-14 15:48:17 +02:00			`./exim-smarthost.nix`
krebs modules: reorder main imports 2022-01-27 12:19:47 +01:00			`./exim.nix`
l 3 fetchWallpaper -> k 3 fetchWallpaper 2015-12-12 19:37:13 +01:00			`./fetchWallpaper.nix`
krebs modules: reorder main imports 2022-01-27 12:19:47 +01:00			`./git.nix`
krebs: move github modules to subdir 2022-09-20 11:17:19 +02:00			`./github`
l 3 go -> k 3 go 2015-11-13 01:16:15 +01:00			`./go.nix`
k 3 hidden-ssh: init 2017-04-15 18:04:19 +02:00			`./hidden-ssh.nix`
krebs: move hosts to dedeicated file 2019-01-21 11:04:37 +01:00			`./hosts.nix`
k 3: add htgen 2017-03-16 20:56:28 +01:00			`./htgen.nix`
iana-etc module: init 2017-09-21 20:59:38 +02:00			`./iana-etc.nix`
move iptables.nix to krebs 2015-10-01 22:10:21 +02:00			`./iptables.nix`
move kapacitor to k 3 2017-02-07 17:21:25 +01:00			`./kapacitor.nix`
add konsens module 2018-08-25 16:54:13 +02:00			`./konsens.nix`
krebs.pages: init 2022-12-09 15:50:25 +01:00			`./krebs-pages.nix`
add krebs.monit 2017-02-13 14:31:26 +01:00			`./monit.nix`
krebs.nixpkgs.allowUnfreePredicate: init 2016-02-10 19:06:32 +01:00			`./nixpkgs.nix`
krebs.on-failure: init 2016-03-15 15:58:45 +01:00			`./on-failure.nix`
krebs os-release: init 2016-03-05 12:40:20 +01:00			`./os-release.nix`
{tv => krebs} per-user 2015-11-06 21:37:58 +01:00			`./per-user.nix`
krebs modules: reorder main imports 2022-01-27 12:19:47 +01:00			`./permown.nix`
l 3 power-action -> k 3 power-action 2016-07-26 21:36:47 +02:00			`./power-action.nix`
krebs: import reaktor2 service 2019-01-22 19:35:03 +01:00			`./reaktor2.nix`
move realwallpaper to krebs 3 2015-10-05 14:49:36 +02:00			`./realwallpaper.nix`
krebs modules: reorder main imports 2022-01-27 12:19:47 +01:00			`./repo-sync.nix`
*: make eval.config.krebs.build.host.name work everywhere 2016-02-15 16:29:01 +01:00			`./retiolum-bootstrap.nix`
krebs.secret: init 2016-02-21 05:27:37 +01:00			`./secret.nix`
krebs.setuid: init 2016-02-14 13:26:37 +01:00			`./setuid.nix`
krebs.shadow: init 2019-04-19 16:32:00 +02:00			`./shadow.nix`
krebs: extract sitemap into separate module 2022-11-23 16:43:02 +01:00			`./sitemap.nix`
add ACME ca via ca.r 2021-12-09 11:21:06 +01:00			`./ssl.nix`
sync-containers: lass -> krebs 2021-01-24 10:41:47 +01:00			`./sync-containers.nix`
krebs.systemd.services: restart by LoadCredential 2021-12-23 01:10:22 +01:00			`./systemd.nix`
k3: retiolum.nix -> tinc.nix 2017-05-16 22:06:31 +02:00			`./tinc.nix`
krebs 3 tinc_graphs: mv from makefu 3 tinc_graphs 2015-10-22 15:33:05 +02:00			`./tinc_graphs.nix`
upstream modules: init 2021-01-26 20:20:05 +01:00			`./upstream`
{2 tv git -> 3 krebs}.users 2015-07-24 20:48:00 +02:00			`./urlwatch.nix`
krebs: extract users into separate module 2022-11-23 16:37:32 +01:00			`./users.nix`
services.xresources -> krebs.xresources 2017-12-15 19:55:02 +01:00			`./xresources.nix`
zones module: init (import from default.nix) 2017-11-30 22:35:04 +01:00			`./zones.nix`
{2 tv git -> 3 krebs}.users 2015-07-24 20:48:00 +02:00			`];`
			`options.krebs = api;`
RIP specialArgs.lib 2016-02-14 16:43:44 +01:00			`config = lib.mkIf cfg.enable imp;`
{2 tv git -> 3 krebs}.users 2015-07-24 20:48:00 +02:00			`};`

			`api = {`
krebs.hosts: populate if enable, not via default 2015-07-24 21:27:19 +02:00			`enable = mkEnableOption "krebs";`

add implementation of /etc/zones/ 2015-08-16 23:58:02 +02:00			`zone-head-config = mkOption {`
			`type = with types; attrsOf str;`
			`description = ''`
			`The zone configuration head which is being used to create the`
			`zone files. The string for each key is pre-pended to the zone file.`
krebs zone-head-config: fix style 2021-11-21 20:39:28 +01:00			`'';`
			`# TODO: configure the default somewhere else,`
			`# maybe use krebs.dns.providers`
add implementation of /etc/zones/ 2015-08-16 23:58:02 +02:00			`default = {`
krebs/zones: # is not a comment in dns zones ... 2015-08-17 00:43:44 +02:00
			`# github.io -> 192.30.252.154`
add implementation of /etc/zones/ 2015-08-16 23:58:02 +02:00			`"krebsco.de" = ''`
			`$TTL 86400`
			`@ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)`
			`IN NS ns19.ovh.net.`
			`IN NS dns19.ovh.net.`
			`'';`
krebs zone-head-config: fix style 2021-11-21 20:39:28 +01:00			`};`
add implementation of /etc/zones/ 2015-08-16 23:58:02 +02:00			`};`
krebs.hosts: populate if enable, not via default 2015-07-24 21:27:19 +02:00			`};`

RIP specialArgs.lib 2016-02-14 16:43:44 +01:00			`imp = lib.mkMerge [`
tv.identity -> krebs.build + extraHosts hack 2015-07-25 00:04:04 +02:00			`{`
krebs: set host key for hosts with ssh.privkey 2015-09-27 16:15:53 +02:00			`services.openssh.hostKeys =`
			`let inherit (config.krebs.build.host.ssh) privkey; in`
allow multiple hostKeys 2019-04-30 19:12:00 +02:00			`mkIf (privkey != null) [privkey];`
krebs: set host key for hosts with ssh.privkey 2015-09-27 16:15:53 +02:00
			`services.openssh.knownHosts =`
openssh known hosts: ignore hosts without aliases 2022-07-15 10:27:30 +02:00			`filterAttrs`
			`(knownHostName: knownHost:`
			`knownHost.publicKey != null &&`
			`knownHost.hostNames != []`
			`)`
			`(mapAttrs`
			`(hostName: host: {`
			`hostNames =`
			`concatLists`
			`(mapAttrsToList`
			`(netName: net:`
			`let`
			`aliases =`
			`concatLists [`
			`shortAliases`
			`net.aliases`
			`net.addrs`
			`];`
			`shortAliases =`
			`optionals`
			`(cfg.dns.search-domain != null)`
			`(map (removeSuffix ".${cfg.dns.search-domain}")`
			`(filter (hasSuffix ".${cfg.dns.search-domain}")`
			`net.aliases));`
			`addPort = alias:`
			`if net.ssh.port != 22`
			`then "[${alias}]:${toString net.ssh.port}"`
			`else alias;`
			`in`
			`map addPort aliases`
			`)`
			`host.nets);`
			`publicKey = host.ssh.pubkey;`
			`})`
			`(foldl' mergeAttrs {} [`
			`cfg.hosts`
			`{`
			`localhost = {`
			`nets.local = {`
			`addrs = [ "127.0.0.1" "::1" ];`
			`aliases = [ "localhost" ];`
			`ssh.port = 22;`
			`};`
			`ssh.pubkey = config.krebs.build.host.ssh.pubkey;`
			`};`
			`}`
			`]));`
krebs: programs.ssh.extraConfig += Host ... Port ... 2016-04-17 10:23:01 +02:00
			`programs.ssh.extraConfig = concatMapStrings`
			`(net: ''`
			`Host ${toString (net.aliases ++ net.addrs)}`
			`Port ${toString net.ssh.port}`
			`'')`
			`(filter`
			`(net: net.ssh.port != 22)`
			`(concatMap (host: attrValues host.nets)`
			`(mapAttrsToList`
			`(_: host: recursiveUpdate host`
krebs.dns: allow disabling search-domain 2020-08-16 11:28:27 +02:00			`(optionalAttrs (cfg.dns.search-domain != null &&`
			`hasAttr cfg.dns.search-domain host.nets) {`
krebs: move dns stuff to dedicated file 2019-01-21 10:32:15 +01:00			`nets."" = host.nets.${cfg.dns.search-domain} // {`
krebs: programs.ssh.extraConfig += Host ... Port ... 2016-04-17 10:23:01 +02:00			`aliases = [host.name];`
			`addrs = [];`
			`};`
			`}))`
			`config.krebs.hosts)));`
add implementation of /etc/zones/ 2015-08-16 23:58:02 +02:00			`}`
3 krebs: put imps into user namespaces 2015-07-24 21:38:41 +02:00			`];`

krebs: programs.ssh.extraConfig += Host ... Port ... 2016-04-17 10:23:01 +02:00			`in out`