2015-07-24 18:48:00 +00:00
|
|
|
{ config, lib, ... }:
|
|
|
|
|
2015-07-28 19:38:22 +00:00
|
|
|
with import ../4lib { inherit lib; };
|
2015-07-24 18:48:00 +00:00
|
|
|
let
|
|
|
|
cfg = config.krebs;
|
|
|
|
|
|
|
|
out = {
|
|
|
|
imports = [
|
2015-09-30 23:48:15 +00:00
|
|
|
./build.nix
|
2015-08-13 09:46:09 +00:00
|
|
|
./exim-retiolum.nix
|
2015-08-14 13:48:17 +00:00
|
|
|
./exim-smarthost.nix
|
2015-07-24 18:48:00 +00:00
|
|
|
./github-hosts-sync.nix
|
|
|
|
./git.nix
|
2015-10-01 20:10:21 +00:00
|
|
|
./iptables.nix
|
2015-07-24 18:48:00 +00:00
|
|
|
./nginx.nix
|
2015-08-31 12:22:21 +00:00
|
|
|
./Reaktor.nix
|
2015-07-24 18:48:00 +00:00
|
|
|
./retiolum.nix
|
|
|
|
./urlwatch.nix
|
|
|
|
];
|
|
|
|
options.krebs = api;
|
2015-07-24 19:38:41 +00:00
|
|
|
config = mkIf cfg.enable imp;
|
2015-07-24 18:48:00 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
api = {
|
2015-07-24 19:27:19 +00:00
|
|
|
enable = mkEnableOption "krebs";
|
|
|
|
|
2015-07-26 19:04:13 +00:00
|
|
|
dns = {
|
|
|
|
providers = mkOption {
|
|
|
|
# TODO with types; tree dns.label dns.provider, so we can merge.
|
|
|
|
# Currently providers can only be merged if aliases occur just once.
|
|
|
|
type = with types; attrsOf unspecified;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2015-07-24 19:15:18 +00:00
|
|
|
hosts = mkOption {
|
|
|
|
type = with types; attrsOf host;
|
2015-07-24 19:27:19 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
users = mkOption {
|
|
|
|
type = with types; attrsOf user;
|
|
|
|
};
|
2015-07-24 22:04:04 +00:00
|
|
|
|
|
|
|
# XXX is there a better place to define search-domain?
|
|
|
|
# TODO search-domains :: listOf hostname
|
|
|
|
search-domain = mkOption {
|
|
|
|
type = types.hostname;
|
2015-07-27 14:05:41 +00:00
|
|
|
default = "retiolum";
|
2015-07-24 22:04:04 +00:00
|
|
|
};
|
2015-08-16 21:58:02 +00:00
|
|
|
zone-head-config = mkOption {
|
|
|
|
type = with types; attrsOf str;
|
|
|
|
description = ''
|
|
|
|
The zone configuration head which is being used to create the
|
|
|
|
zone files. The string for each key is pre-pended to the zone file.
|
|
|
|
'';
|
|
|
|
# TODO: configure the default somewhere else,
|
|
|
|
# maybe use krebs.dns.providers
|
|
|
|
default = {
|
2015-08-16 22:43:44 +00:00
|
|
|
|
|
|
|
# github.io -> 192.30.252.154
|
2015-08-16 21:58:02 +00:00
|
|
|
"krebsco.de" = ''
|
|
|
|
$TTL 86400
|
|
|
|
@ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
|
|
|
|
IN NS ns19.ovh.net.
|
|
|
|
IN NS dns19.ovh.net.
|
|
|
|
IN A 192.30.252.154
|
|
|
|
IN A 192.30.252.153
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2015-07-24 19:27:19 +00:00
|
|
|
};
|
|
|
|
|
2015-07-24 19:38:41 +00:00
|
|
|
imp = mkMerge [
|
2015-10-01 16:56:41 +00:00
|
|
|
{ krebs = import ./lass { inherit lib; }; }
|
|
|
|
{ krebs = import ./makefu { inherit lib; }; }
|
|
|
|
{ krebs = import ./tv { inherit lib; }; }
|
2015-07-24 22:04:04 +00:00
|
|
|
{
|
2015-07-26 19:04:13 +00:00
|
|
|
krebs.dns.providers = {
|
2015-08-13 10:02:26 +00:00
|
|
|
de.krebsco = "zones";
|
2015-07-26 19:04:13 +00:00
|
|
|
internet = "hosts";
|
|
|
|
retiolum = "hosts";
|
|
|
|
};
|
2015-07-24 22:04:04 +00:00
|
|
|
|
2015-07-26 19:04:13 +00:00
|
|
|
# XXX This overlaps with krebs.retiolum
|
|
|
|
networking.extraHosts = concatStringsSep "\n" (flatten (
|
|
|
|
mapAttrsToList (hostname: host:
|
|
|
|
mapAttrsToList (netname: net:
|
|
|
|
let
|
2015-09-27 13:19:59 +00:00
|
|
|
aliases = longs ++ shorts;
|
2015-07-26 19:04:13 +00:00
|
|
|
providers = dns.split-by-provider net.aliases cfg.dns.providers;
|
|
|
|
longs = providers.hosts;
|
2015-09-27 13:19:59 +00:00
|
|
|
shorts =
|
|
|
|
map (removeSuffix ".${cfg.search-domain}")
|
|
|
|
(filter (hasSuffix ".${cfg.search-domain}")
|
|
|
|
longs);
|
2015-07-26 19:04:13 +00:00
|
|
|
in
|
2015-09-27 13:19:59 +00:00
|
|
|
map (addr: "${addr} ${toString aliases}") net.addrs
|
|
|
|
) (filterAttrs (name: host: host.aliases != []) host.nets)
|
2015-07-26 19:04:13 +00:00
|
|
|
) cfg.hosts
|
|
|
|
));
|
2015-08-13 20:28:21 +00:00
|
|
|
|
2015-08-16 21:58:02 +00:00
|
|
|
# Implements environment.etc."zones/<zone-name>"
|
|
|
|
environment.etc = let
|
|
|
|
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
|
|
|
|
([cfg.zone-head-config] ++ combined-hosts) ;
|
|
|
|
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
|
|
|
|
in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones;
|
2015-09-27 13:24:41 +00:00
|
|
|
|
2015-10-05 01:01:21 +00:00
|
|
|
krebs.exim-smarthost.internet-aliases = let
|
|
|
|
format = from: to:
|
|
|
|
# TODO assert is-retiolum-mail-address to;
|
|
|
|
{ inherit from;
|
|
|
|
to = if typeOf to == "list"
|
|
|
|
then concatMapStringsSep "," (getAttr "mail") to
|
|
|
|
else to.mail; };
|
|
|
|
in mapAttrsToList format (with config.krebs.users; let
|
|
|
|
spam-ml = [
|
|
|
|
lass
|
|
|
|
makefu
|
|
|
|
tv
|
|
|
|
];
|
|
|
|
in {
|
2015-10-05 01:03:51 +00:00
|
|
|
"postmaster@krebsco.de" = spam-ml; # RFC 822
|
2015-10-05 01:01:21 +00:00
|
|
|
"spam@krebsco.de" = spam-ml;
|
2015-10-05 01:06:04 +00:00
|
|
|
# XXX These are no internet aliases
|
|
|
|
# XXX exim-retiolum hosts should be able to relay to retiolum addresses
|
|
|
|
"lass@retiolum" = lass;
|
|
|
|
"makefu@retiolum" = makefu;
|
|
|
|
"spam@retiolum" = spam-ml;
|
|
|
|
"tv@retiolum" = tv;
|
2015-10-05 01:01:21 +00:00
|
|
|
});
|
|
|
|
|
2015-09-27 14:15:53 +00:00
|
|
|
services.openssh.hostKeys =
|
|
|
|
let inherit (config.krebs.build.host.ssh) privkey; in
|
|
|
|
mkIf (privkey != null) (mkForce [privkey]);
|
|
|
|
|
|
|
|
services.openssh.knownHosts =
|
2015-09-27 13:24:41 +00:00
|
|
|
mapAttrs
|
|
|
|
(name: host: {
|
|
|
|
hostNames =
|
|
|
|
concatLists
|
|
|
|
(mapAttrsToList
|
|
|
|
(net-name: net:
|
|
|
|
let
|
|
|
|
aliases = shorts ++ longs;
|
|
|
|
longs = net.aliases;
|
|
|
|
shorts =
|
|
|
|
map (removeSuffix ".${cfg.search-domain}")
|
|
|
|
(filter (hasSuffix ".${cfg.search-domain}")
|
|
|
|
longs);
|
|
|
|
add-port = a:
|
|
|
|
if net.ssh.port != null
|
|
|
|
then "[${a}]:${toString net.ssh.port}"
|
|
|
|
else a;
|
|
|
|
in
|
|
|
|
aliases ++ map add-port net.addrs)
|
|
|
|
host.nets);
|
|
|
|
|
|
|
|
publicKey = host.ssh.pubkey;
|
|
|
|
})
|
|
|
|
(filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts);
|
2015-08-16 21:58:02 +00:00
|
|
|
}
|
2015-07-24 19:38:41 +00:00
|
|
|
];
|
|
|
|
|
2015-07-24 18:48:00 +00:00
|
|
|
in
|
|
|
|
out
|