2015-07-24 20:48:00 +02:00
|
|
|
{ config, lib, ... }:
|
|
|
|
|
2016-10-20 20:54:38 +02:00
|
|
|
with import <stockholm/lib>;
|
2015-07-24 20:48:00 +02:00
|
|
|
let
|
|
|
|
cfg = config.krebs;
|
|
|
|
|
|
|
|
out = {
|
|
|
|
imports = [
|
2018-09-24 23:32:28 +02:00
|
|
|
./airdcpp.nix
|
2017-09-05 22:58:25 +02:00
|
|
|
./announce-activation.nix
|
2015-11-17 13:49:29 +01:00
|
|
|
./apt-cacher-ng.nix
|
2015-12-28 19:43:31 +01:00
|
|
|
./backup.nix
|
2015-10-22 15:26:54 +02:00
|
|
|
./bepasty-server.nix
|
2021-01-24 11:26:39 +01:00
|
|
|
./bindfs.nix
|
2020-12-30 09:47:57 +01:00
|
|
|
./brockman.nix
|
2015-12-22 19:36:19 +01:00
|
|
|
./buildbot/master.nix
|
|
|
|
./buildbot/slave.nix
|
2016-02-15 16:29:01 +01:00
|
|
|
./build.nix
|
2018-11-21 00:03:49 +01:00
|
|
|
./cachecache.nix
|
2018-09-09 20:01:51 +02:00
|
|
|
./ci.nix
|
2015-10-25 14:15:21 +01:00
|
|
|
./current.nix
|
2019-01-21 10:32:15 +01:00
|
|
|
./dns.nix
|
2021-06-08 17:41:21 +02:00
|
|
|
./ergo.nix
|
2016-04-27 01:10:25 +02:00
|
|
|
./exim.nix
|
2015-08-13 11:46:09 +02:00
|
|
|
./exim-retiolum.nix
|
2015-08-14 15:48:17 +02:00
|
|
|
./exim-smarthost.nix
|
2015-12-12 19:37:13 +01:00
|
|
|
./fetchWallpaper.nix
|
2015-07-24 20:48:00 +02:00
|
|
|
./github-hosts-sync.nix
|
2019-01-21 10:09:16 +01:00
|
|
|
./github-known-hosts.nix
|
2015-07-24 20:48:00 +02:00
|
|
|
./git.nix
|
2015-11-13 01:16:15 +01:00
|
|
|
./go.nix
|
2017-04-15 18:04:19 +02:00
|
|
|
./hidden-ssh.nix
|
2019-01-21 11:04:37 +01:00
|
|
|
./hosts.nix
|
2017-03-16 20:56:28 +01:00
|
|
|
./htgen.nix
|
2017-09-21 20:59:38 +02:00
|
|
|
./iana-etc.nix
|
2015-10-01 22:10:21 +02:00
|
|
|
./iptables.nix
|
2017-02-07 17:21:25 +01:00
|
|
|
./kapacitor.nix
|
2018-08-25 16:54:13 +02:00
|
|
|
./konsens.nix
|
2017-02-13 14:31:26 +01:00
|
|
|
./monit.nix
|
2016-02-10 19:06:32 +01:00
|
|
|
./nixpkgs.nix
|
2016-03-15 15:58:45 +01:00
|
|
|
./on-failure.nix
|
2016-03-05 12:40:20 +01:00
|
|
|
./os-release.nix
|
2019-04-17 20:45:33 +02:00
|
|
|
./permown.nix
|
2015-11-06 21:37:58 +01:00
|
|
|
./per-user.nix
|
2016-07-26 21:36:47 +02:00
|
|
|
./power-action.nix
|
2019-01-22 19:35:03 +01:00
|
|
|
./reaktor2.nix
|
2015-10-05 14:49:36 +02:00
|
|
|
./realwallpaper.nix
|
2016-02-15 16:29:01 +01:00
|
|
|
./retiolum-bootstrap.nix
|
2016-08-24 17:51:22 +02:00
|
|
|
./rtorrent.nix
|
2016-02-21 05:27:37 +01:00
|
|
|
./secret.nix
|
2016-02-14 13:26:37 +01:00
|
|
|
./setuid.nix
|
2019-04-19 16:32:00 +02:00
|
|
|
./shadow.nix
|
2021-01-24 10:41:47 +01:00
|
|
|
./sync-containers.nix
|
2017-05-16 22:06:31 +02:00
|
|
|
./tinc.nix
|
2015-10-22 15:33:05 +02:00
|
|
|
./tinc_graphs.nix
|
2021-01-26 20:20:05 +01:00
|
|
|
./upstream
|
2015-07-24 20:48:00 +02:00
|
|
|
./urlwatch.nix
|
2016-02-15 14:01:20 +01:00
|
|
|
./repo-sync.nix
|
2017-12-15 19:55:02 +01:00
|
|
|
./xresources.nix
|
2017-11-30 22:35:04 +01:00
|
|
|
./zones.nix
|
2015-07-24 20:48:00 +02:00
|
|
|
];
|
|
|
|
options.krebs = api;
|
2016-02-14 16:43:44 +01:00
|
|
|
config = lib.mkIf cfg.enable imp;
|
2015-07-24 20:48:00 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
api = {
|
2015-07-24 21:27:19 +02:00
|
|
|
enable = mkEnableOption "krebs";
|
|
|
|
|
|
|
|
users = mkOption {
|
|
|
|
type = with types; attrsOf user;
|
|
|
|
};
|
2015-07-25 00:04:04 +02:00
|
|
|
|
2017-08-01 11:27:03 +02:00
|
|
|
sitemap = mkOption {
|
|
|
|
default = {};
|
|
|
|
type = types.attrsOf types.sitemap.entry;
|
|
|
|
};
|
|
|
|
|
2015-08-16 23:58:02 +02:00
|
|
|
zone-head-config = mkOption {
|
|
|
|
type = with types; attrsOf str;
|
|
|
|
description = ''
|
|
|
|
The zone configuration head which is being used to create the
|
|
|
|
zone files. The string for each key is pre-pended to the zone file.
|
|
|
|
'';
|
|
|
|
# TODO: configure the default somewhere else,
|
|
|
|
# maybe use krebs.dns.providers
|
|
|
|
default = {
|
2015-08-17 00:43:44 +02:00
|
|
|
|
|
|
|
# github.io -> 192.30.252.154
|
2015-08-16 23:58:02 +02:00
|
|
|
"krebsco.de" = ''
|
|
|
|
$TTL 86400
|
|
|
|
@ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
|
|
|
|
IN NS ns19.ovh.net.
|
|
|
|
IN NS dns19.ovh.net.
|
2021-01-18 21:00:08 +01:00
|
|
|
IN A 185.199.108.153
|
|
|
|
IN A 185.199.109.153
|
|
|
|
IN A 185.199.110.153
|
|
|
|
IN A 185.199.111.153
|
2015-08-16 23:58:02 +02:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2015-07-24 21:27:19 +02:00
|
|
|
};
|
|
|
|
|
2016-02-14 16:43:44 +01:00
|
|
|
imp = lib.mkMerge [
|
2018-12-05 16:06:32 +01:00
|
|
|
{ krebs = import ./external { inherit config; }; }
|
2017-12-15 13:32:32 +01:00
|
|
|
{ krebs = import ./jeschli { inherit config; }; }
|
2017-07-14 00:17:58 +02:00
|
|
|
{ krebs = import ./krebs { inherit config; }; }
|
2017-12-15 13:32:32 +01:00
|
|
|
{ krebs = import ./lass { inherit config; }; }
|
2016-11-10 22:28:00 +01:00
|
|
|
{ krebs = import ./makefu { inherit config; }; }
|
2019-02-08 09:43:33 +01:00
|
|
|
{ krebs = import ./external/palo.nix { inherit config; }; }
|
2020-01-03 11:25:06 +01:00
|
|
|
{ krebs = import ./external/mic92.nix { inherit config; }; }
|
2016-11-10 22:28:00 +01:00
|
|
|
{ krebs = import ./tv { inherit config; }; }
|
2015-07-25 00:04:04 +02:00
|
|
|
{
|
2015-07-26 21:04:13 +02:00
|
|
|
krebs.dns.providers = {
|
2016-02-21 20:04:45 +01:00
|
|
|
"krebsco.de" = "zones";
|
2015-11-17 22:15:07 +01:00
|
|
|
shack = "hosts";
|
2016-02-06 16:21:30 +01:00
|
|
|
i = "hosts";
|
|
|
|
r = "hosts";
|
2018-12-09 16:52:32 +01:00
|
|
|
w = "hosts";
|
2015-07-26 21:04:13 +02:00
|
|
|
};
|
2015-07-25 00:04:04 +02:00
|
|
|
|
2019-01-21 10:32:15 +01:00
|
|
|
krebs.dns.search-domain = mkDefault "r";
|
|
|
|
|
2016-02-21 07:39:24 +01:00
|
|
|
krebs.users = {
|
|
|
|
krebs = {
|
|
|
|
home = "/krebs";
|
|
|
|
mail = "spam@krebsco.de";
|
|
|
|
};
|
|
|
|
root = {
|
|
|
|
home = "/root";
|
|
|
|
pubkey = config.krebs.build.host.ssh.pubkey;
|
|
|
|
uid = 0;
|
|
|
|
};
|
2016-02-21 07:18:13 +01:00
|
|
|
};
|
|
|
|
|
2015-09-27 16:15:53 +02:00
|
|
|
services.openssh.hostKeys =
|
|
|
|
let inherit (config.krebs.build.host.ssh) privkey; in
|
2019-04-30 19:12:00 +02:00
|
|
|
mkIf (privkey != null) [privkey];
|
2015-09-27 16:15:53 +02:00
|
|
|
|
2016-02-07 15:58:49 +01:00
|
|
|
# TODO use imports for merging
|
2015-09-27 16:15:53 +02:00
|
|
|
services.openssh.knownHosts =
|
2016-02-07 15:58:49 +01:00
|
|
|
(let inherit (config.krebs.build.host.ssh) pubkey; in
|
|
|
|
optionalAttrs (pubkey != null) {
|
|
|
|
localhost = {
|
|
|
|
hostNames = ["localhost" "127.0.0.1" "::1"];
|
|
|
|
publicKey = pubkey;
|
|
|
|
};
|
|
|
|
})
|
|
|
|
//
|
2015-09-27 15:24:41 +02:00
|
|
|
mapAttrs
|
|
|
|
(name: host: {
|
|
|
|
hostNames =
|
|
|
|
concatLists
|
|
|
|
(mapAttrsToList
|
|
|
|
(net-name: net:
|
|
|
|
let
|
|
|
|
longs = net.aliases;
|
|
|
|
shorts =
|
2020-08-16 11:28:27 +02:00
|
|
|
optionals
|
|
|
|
(cfg.dns.search-domain != null)
|
|
|
|
(map (removeSuffix ".${cfg.dns.search-domain}")
|
|
|
|
(filter (hasSuffix ".${cfg.dns.search-domain}")
|
|
|
|
longs));
|
2015-09-27 15:24:41 +02:00
|
|
|
add-port = a:
|
2016-04-17 04:13:32 +02:00
|
|
|
if net.ssh.port != 22
|
2015-09-27 15:24:41 +02:00
|
|
|
then "[${a}]:${toString net.ssh.port}"
|
|
|
|
else a;
|
|
|
|
in
|
2016-02-07 06:43:26 +01:00
|
|
|
map add-port (shorts ++ longs ++ net.addrs))
|
2015-09-27 15:24:41 +02:00
|
|
|
host.nets);
|
|
|
|
|
|
|
|
publicKey = host.ssh.pubkey;
|
|
|
|
})
|
|
|
|
(filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts);
|
2016-04-17 10:23:01 +02:00
|
|
|
|
|
|
|
programs.ssh.extraConfig = concatMapStrings
|
|
|
|
(net: ''
|
|
|
|
Host ${toString (net.aliases ++ net.addrs)}
|
|
|
|
Port ${toString net.ssh.port}
|
|
|
|
'')
|
|
|
|
(filter
|
|
|
|
(net: net.ssh.port != 22)
|
|
|
|
(concatMap (host: attrValues host.nets)
|
|
|
|
(mapAttrsToList
|
|
|
|
(_: host: recursiveUpdate host
|
2020-08-16 11:28:27 +02:00
|
|
|
(optionalAttrs (cfg.dns.search-domain != null &&
|
|
|
|
hasAttr cfg.dns.search-domain host.nets) {
|
2019-01-21 10:32:15 +01:00
|
|
|
nets."" = host.nets.${cfg.dns.search-domain} // {
|
2016-04-17 10:23:01 +02:00
|
|
|
aliases = [host.name];
|
|
|
|
addrs = [];
|
|
|
|
};
|
|
|
|
}))
|
|
|
|
config.krebs.hosts)));
|
2015-08-16 23:58:02 +02:00
|
|
|
}
|
2015-07-24 21:38:41 +02:00
|
|
|
];
|
|
|
|
|
2016-04-17 10:23:01 +02:00
|
|
|
in out
|