stockholm/krebs/3modules/default.nix

189 lines
5.1 KiB
Nix
Raw Normal View History

2015-07-24 18:48:00 +00:00
{ config, lib, ... }:
2016-10-20 18:54:38 +00:00
with import <stockholm/lib>;
2015-07-24 18:48:00 +00:00
let
cfg = config.krebs;
out = {
imports = [
./airdcpp.nix
2017-09-05 20:58:25 +00:00
./announce-activation.nix
./apt-cacher-ng.nix
2015-12-28 18:43:31 +00:00
./backup.nix
./bepasty-server.nix
2015-12-22 18:36:19 +00:00
./buildbot/master.nix
./buildbot/slave.nix
./build.nix
2018-11-20 23:03:49 +00:00
./cachecache.nix
./charybdis.nix
2018-09-09 18:01:51 +00:00
./ci.nix
2015-10-25 13:15:21 +00:00
./current.nix
./dns.nix
2016-04-26 23:10:25 +00:00
./exim.nix
2015-08-13 09:46:09 +00:00
./exim-retiolum.nix
2015-08-14 13:48:17 +00:00
./exim-smarthost.nix
./fetchWallpaper.nix
2015-07-24 18:48:00 +00:00
./github-hosts-sync.nix
./github-known-hosts.nix
2015-07-24 18:48:00 +00:00
./git.nix
2015-11-13 00:16:15 +00:00
./go.nix
2017-04-15 16:04:19 +00:00
./hidden-ssh.nix
2019-01-21 10:04:37 +00:00
./hosts.nix
2017-03-16 19:56:28 +00:00
./htgen.nix
2017-09-21 18:59:38 +00:00
./iana-etc.nix
2015-10-01 20:10:21 +00:00
./iptables.nix
2017-02-07 16:21:25 +00:00
./kapacitor.nix
2018-08-25 14:54:13 +00:00
./konsens.nix
2017-02-13 13:31:26 +00:00
./monit.nix
2016-03-15 13:37:46 +00:00
./newsbot-js.nix
./nixpkgs.nix
2016-03-15 14:58:45 +00:00
./on-failure.nix
2016-03-05 11:40:20 +00:00
./os-release.nix
2015-11-06 20:37:58 +00:00
./per-user.nix
2016-07-26 19:36:47 +00:00
./power-action.nix
2015-08-31 12:22:21 +00:00
./Reaktor.nix
2019-01-22 18:35:03 +00:00
./reaktor2.nix
2015-10-05 12:49:36 +00:00
./realwallpaper.nix
./retiolum-bootstrap.nix
2016-08-24 15:51:22 +00:00
./rtorrent.nix
2016-02-21 04:27:37 +00:00
./secret.nix
2016-02-14 12:26:37 +00:00
./setuid.nix
2019-03-22 06:57:34 +00:00
./syncthing.nix
2017-05-16 20:06:31 +00:00
./tinc.nix
./tinc_graphs.nix
2015-07-24 18:48:00 +00:00
./urlwatch.nix
./repo-sync.nix
./xresources.nix
./zones.nix
2015-07-24 18:48:00 +00:00
];
options.krebs = api;
2016-02-14 15:43:44 +00:00
config = lib.mkIf cfg.enable imp;
2015-07-24 18:48:00 +00:00
};
api = {
enable = mkEnableOption "krebs";
users = mkOption {
type = with types; attrsOf user;
};
2017-08-01 09:27:03 +00:00
sitemap = mkOption {
default = {};
type = types.attrsOf types.sitemap.entry;
};
2015-08-16 21:58:02 +00:00
zone-head-config = mkOption {
type = with types; attrsOf str;
description = ''
The zone configuration head which is being used to create the
zone files. The string for each key is pre-pended to the zone file.
'';
# TODO: configure the default somewhere else,
# maybe use krebs.dns.providers
default = {
# github.io -> 192.30.252.154
2015-08-16 21:58:02 +00:00
"krebsco.de" = ''
$TTL 86400
@ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
IN NS ns19.ovh.net.
IN NS dns19.ovh.net.
IN A 192.30.252.154
IN A 192.30.252.153
'';
};
};
};
2016-02-14 15:43:44 +00:00
imp = lib.mkMerge [
{ krebs = import ./external { inherit config; }; }
{ krebs = import ./jeschli { inherit config; }; }
2017-07-13 22:17:58 +00:00
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
2016-11-10 21:28:00 +00:00
{ krebs = import ./makefu { inherit config; }; }
2019-02-08 08:43:33 +00:00
{ krebs = import ./external/palo.nix { inherit config; }; }
2016-11-10 21:28:00 +00:00
{ krebs = import ./tv { inherit config; }; }
{
krebs.dns.providers = {
"krebsco.de" = "zones";
2015-10-18 14:12:14 +00:00
gg23 = "hosts";
2015-11-17 21:15:07 +00:00
shack = "hosts";
2016-02-06 15:21:30 +00:00
i = "hosts";
r = "hosts";
2018-12-09 15:52:32 +00:00
w = "hosts";
};
krebs.dns.search-domain = mkDefault "r";
2016-02-21 06:39:24 +00:00
krebs.users = {
krebs = {
home = "/krebs";
mail = "spam@krebsco.de";
};
root = {
home = "/root";
pubkey = config.krebs.build.host.ssh.pubkey;
uid = 0;
};
};
services.openssh.hostKeys =
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) (mkForce [privkey]);
2016-02-07 14:58:49 +00:00
# TODO use imports for merging
services.openssh.knownHosts =
2016-02-07 14:58:49 +00:00
(let inherit (config.krebs.build.host.ssh) pubkey; in
optionalAttrs (pubkey != null) {
localhost = {
hostNames = ["localhost" "127.0.0.1" "::1"];
publicKey = pubkey;
};
})
//
mapAttrs
(name: host: {
hostNames =
concatLists
(mapAttrsToList
(net-name: net:
let
longs = net.aliases;
shorts =
map (removeSuffix ".${cfg.dns.search-domain}")
(filter (hasSuffix ".${cfg.dns.search-domain}")
longs);
add-port = a:
if net.ssh.port != 22
then "[${a}]:${toString net.ssh.port}"
else a;
in
2016-02-07 05:43:26 +00:00
map add-port (shorts ++ longs ++ net.addrs))
host.nets);
publicKey = host.ssh.pubkey;
})
(filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts);
programs.ssh.extraConfig = concatMapStrings
(net: ''
Host ${toString (net.aliases ++ net.addrs)}
Port ${toString net.ssh.port}
'')
(filter
(net: net.ssh.port != 22)
(concatMap (host: attrValues host.nets)
(mapAttrsToList
(_: host: recursiveUpdate host
(optionalAttrs (hasAttr cfg.dns.search-domain host.nets) {
nets."" = host.nets.${cfg.dns.search-domain} // {
aliases = [host.name];
addrs = [];
};
}))
config.krebs.hosts)));
2015-08-16 21:58:02 +00:00
}
2015-07-24 19:38:41 +00:00
];
in out