From 5b2ceb1f1d6809578b77db6527dde2afaee8ba54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Fri, 9 Jun 2023 13:51:32 +0200 Subject: [PATCH] modules: move krebs.enable option to separate module --- krebs/3modules/default.nix | 226 ++++++++++--------------------------- krebs/3modules/krebs.nix | 111 ++++++++++++++++++ 2 files changed, 170 insertions(+), 167 deletions(-) create mode 100644 krebs/3modules/krebs.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 4a127fbb1..e1fa10ada 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -1,169 +1,61 @@ { config, lib, ... }: - -with lib; -let - cfg = config.krebs; - - out = { - imports = [ - ../../kartei - ./acl.nix - ./airdcpp.nix - ./announce-activation.nix - ./apt-cacher-ng.nix - ./backup.nix - ./bepasty-server.nix - ./bindfs.nix - ./brockman.nix - ./build.nix - ./cachecache.nix - ./ci - ./current.nix - ./dns.nix - ./exim-retiolum.nix - ./exim-smarthost.nix - ./exim.nix - ./fetchWallpaper.nix - ./git.nix - ./github - ./go.nix - ./hidden-ssh.nix - ./hosts.nix - ./htgen.nix - ./iana-etc.nix - ./iptables.nix - ./kapacitor.nix - ./konsens.nix - ./krebs-pages.nix - ./monit.nix - ./nixpkgs.nix - ./on-failure.nix - ./os-release.nix - ./per-user.nix - ./permown.nix - ./power-action.nix - ./reaktor2.nix - ./realwallpaper.nix - ./repo-sync.nix - ./retiolum-bootstrap.nix - ./secret.nix - ./setuid.nix - ./shadow.nix - ./sitemap.nix - ./ssl.nix - ./sync-containers.nix - ./sync-containers3.nix - ./systemd.nix - ./tinc.nix - ./tinc_graphs.nix - ./upstream - ./urlwatch.nix - ./users.nix - ./xresources.nix - ./zones.nix - ]; - options.krebs = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "krebs"; - - zone-head-config = mkOption { - type = with types; attrsOf str; - description = '' - The zone configuration head which is being used to create the - zone files. The string for each key is pre-pended to the zone file. - ''; - # TODO: configure the default somewhere else, - # maybe use krebs.dns.providers - default = { - - # github.io -> 192.30.252.154 - "krebsco.de" = '' - $TTL 86400 - @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400) - IN NS ns19.ovh.net. - IN NS dns19.ovh.net. - ''; - }; - }; - }; - - imp = lib.mkMerge [ - { - services.openssh.hostKeys = - let inherit (config.krebs.build.host.ssh) privkey; in - mkIf (privkey != null) [privkey]; - - services.openssh.knownHosts = - filterAttrs - (knownHostName: knownHost: - knownHost.publicKey != null && - knownHost.hostNames != [] - ) - (mapAttrs - (hostName: host: { - hostNames = - concatLists - (mapAttrsToList - (netName: net: - let - aliases = - concatLists [ - shortAliases - net.aliases - net.addrs - ]; - shortAliases = - optionals - (cfg.dns.search-domain != null) - (map (removeSuffix ".${cfg.dns.search-domain}") - (filter (hasSuffix ".${cfg.dns.search-domain}") - net.aliases)); - addPort = alias: - if net.ssh.port != 22 - then "[${alias}]:${toString net.ssh.port}" - else alias; - in - map addPort aliases - ) - host.nets); - publicKey = host.ssh.pubkey; - }) - (foldl' mergeAttrs {} [ - cfg.hosts - { - localhost = { - nets.local = { - addrs = [ "127.0.0.1" "::1" ]; - aliases = [ "localhost" ]; - ssh.port = 22; - }; - ssh.pubkey = config.krebs.build.host.ssh.pubkey; - }; - } - ])); - - programs.ssh.extraConfig = concatMapStrings - (net: '' - Host ${toString (net.aliases ++ net.addrs)} - Port ${toString net.ssh.port} - '') - (filter - (net: net.ssh.port != 22) - (concatMap (host: attrValues host.nets) - (mapAttrsToList - (_: host: recursiveUpdate host - (optionalAttrs (cfg.dns.search-domain != null && - hasAttr cfg.dns.search-domain host.nets) { - nets."" = host.nets.${cfg.dns.search-domain} // { - aliases = [host.name]; - addrs = []; - }; - })) - config.krebs.hosts))); - } +{ + imports = [ + ../../kartei + ./acl.nix + ./airdcpp.nix + ./announce-activation.nix + ./apt-cacher-ng.nix + ./backup.nix + ./bepasty-server.nix + ./bindfs.nix + ./brockman.nix + ./build.nix + ./cachecache.nix + ./ci + ./current.nix + ./dns.nix + ./exim-retiolum.nix + ./exim-smarthost.nix + ./exim.nix + ./fetchWallpaper.nix + ./git.nix + ./github + ./go.nix + ./hidden-ssh.nix + ./hosts.nix + ./htgen.nix + ./iana-etc.nix + ./iptables.nix + ./kapacitor.nix + ./konsens.nix + ./krebs.nix + ./krebs-pages.nix + ./monit.nix + ./nixpkgs.nix + ./on-failure.nix + ./os-release.nix + ./per-user.nix + ./permown.nix + ./power-action.nix + ./reaktor2.nix + ./realwallpaper.nix + ./repo-sync.nix + ./retiolum-bootstrap.nix + ./secret.nix + ./setuid.nix + ./shadow.nix + ./sitemap.nix + ./ssl.nix + ./sync-containers.nix + ./sync-containers3.nix + ./systemd.nix + ./tinc.nix + ./tinc_graphs.nix + ./upstream + ./urlwatch.nix + ./users.nix + ./xresources.nix + ./zones.nix ]; - -in out +} diff --git a/krebs/3modules/krebs.nix b/krebs/3modules/krebs.nix new file mode 100644 index 000000000..9d509275e --- /dev/null +++ b/krebs/3modules/krebs.nix @@ -0,0 +1,111 @@ +{ config, lib, ... }: +with lib; +let + cfg = config.krebs; + + out = { + options.krebs = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "krebs"; + + zone-head-config = mkOption { + type = with types; attrsOf str; + description = '' + The zone configuration head which is being used to create the + zone files. The string for each key is pre-pended to the zone file. + ''; + # TODO: configure the default somewhere else, + # maybe use krebs.dns.providers + default = { + + # github.io -> 192.30.252.154 + "krebsco.de" = '' + $TTL 86400 + @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400) + IN NS ns19.ovh.net. + IN NS dns19.ovh.net. + ''; + }; + }; + }; + + imp = lib.mkMerge [ + { + services.openssh.hostKeys = + let inherit (config.krebs.build.host.ssh) privkey; in + mkIf (privkey != null) [privkey]; + + services.openssh.knownHosts = + filterAttrs + (knownHostName: knownHost: + knownHost.publicKey != null && + knownHost.hostNames != [] + ) + (mapAttrs + (hostName: host: { + hostNames = + concatLists + (mapAttrsToList + (netName: net: + let + aliases = + concatLists [ + shortAliases + net.aliases + net.addrs + ]; + shortAliases = + optionals + (cfg.dns.search-domain != null) + (map (removeSuffix ".${cfg.dns.search-domain}") + (filter (hasSuffix ".${cfg.dns.search-domain}") + net.aliases)); + addPort = alias: + if net.ssh.port != 22 + then "[${alias}]:${toString net.ssh.port}" + else alias; + in + map addPort aliases + ) + host.nets); + publicKey = host.ssh.pubkey; + }) + (foldl' mergeAttrs {} [ + cfg.hosts + { + localhost = { + nets.local = { + addrs = [ "127.0.0.1" "::1" ]; + aliases = [ "localhost" ]; + ssh.port = 22; + }; + ssh.pubkey = config.krebs.build.host.ssh.pubkey; + }; + } + ])); + + programs.ssh.extraConfig = concatMapStrings + (net: '' + Host ${toString (net.aliases ++ net.addrs)} + Port ${toString net.ssh.port} + '') + (filter + (net: net.ssh.port != 22) + (concatMap (host: attrValues host.nets) + (mapAttrsToList + (_: host: recursiveUpdate host + (optionalAttrs (cfg.dns.search-domain != null && + hasAttr cfg.dns.search-domain host.nets) { + nets."" = host.nets.${cfg.dns.search-domain} // { + aliases = [host.name]; + addrs = []; + }; + })) + config.krebs.hosts))); + } + ]; + +in out