Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse Source
This commit is contained in:
makefu 2021-11-24 08:27:30 +01:00
commit d2776a87a5
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
30 changed files with 217 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
krebs/2configs/default.nix
View File

@ -54,6 +54,9 @@ with import <stockholm/lib>;
config.krebs.users.tv.pubkey
];
# enable documentation for our modules
documentation.nixos.includeAllModules = true;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
}

2
krebs/3modules/airdcpp.nix
View File

@ -45,7 +45,7 @@ let
Nick Name for hub
'';
type = str;
default = cfg.Nick;
default = cfg.dcpp.Nick;
};
Password = mkOption {
description = ''

3
krebs/3modules/backup.nix
View File

@ -14,7 +14,7 @@ let
default = {};
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
enable = mkEnableOption "krebs.backup.${config.name}" // {
enable = mkEnableOption "krebs.backup.${config._module.args.name}" // {
default = true;
};
method = mkOption {
@ -23,6 +23,7 @@ let
name = mkOption {
type = types.str;
default = config._module.args.name;
defaultText = "name";
};
src = mkOption {
type = types.krebs.file-location;

2
krebs/3modules/bepasty-server.nix
View File

@ -58,6 +58,7 @@ let
permissions will be set to 755
'';
default = config.users.extraUsers.bepasty.home;
defaultText = "<literal>\${config.users.extraUsers.bepasty.home}</literal>";
};
dataDir = mkOption {
@ -67,6 +68,7 @@ let
/var/lib/bepasty-server/data
'';
default = "${config.users.extraUsers.bepasty.home}/data";
defaultText = "<literal>\${config.users.extraUsers.bepasty.home}/data</literal>";
};
extraConfig = mkOption {

2
krebs/3modules/build.nix
View File

@ -10,7 +10,7 @@ with import <stockholm/lib>;
};
profile = mkOption {
type = types.absolute-path;
type = types.absolute-pathname;
default = "/nix/var/nix/profiles/system";
};

2
krebs/3modules/buildbot/master.nix
View File

@ -137,7 +137,7 @@ let
type = types.listOf types.str;
example = [ "cac.json" ];
description = ''
List of all the secrets in <secrets> which should be copied into the
List of all the secrets in secrets which should be copied into the
buildbot master directory.
'';
};

1
krebs/3modules/exim-smarthost.nix
View File

@ -31,6 +31,7 @@ let
owner.name = "exim";
source-path = toString <secrets> + "/${config.domain}.dkim.priv";
};
defaultText = "secrets/domain.dkim.priv";
};
selector = mkOption {
type = types.str;

9
krebs/3modules/git.nix
View File

@ -53,7 +53,7 @@ let
control system, using a built in cache to decrease pressure on the
git server.
cgit in this module is being served via fastcgi nginx.This module
deploys a http://cgit.<hostname> nginx configuration and enables nginx
deploys a http://cgit.hostname nginx configuration and enables nginx
if not yet enabled.
'';
};
@ -207,7 +207,7 @@ let
List of users that should be able to do everything with this repo.
This option is currently not used by krebs.git but instead can be
used to create rules. See e.g. <stockholm/lass/2configs/git.nix> for
used to create rules. See e.g. stockholm/lass/2configs/git.nix for
an example.
'';
};
@ -222,6 +222,7 @@ let
path = mkOption {
type = types.str;
default = "${cfg.dataDir}/${config.name}";
defaultText = "${cfg.dataDir}/reponame";
description = ''
An absolute path to the repository directory. For non-bare
repositories this is the .git-directory.
@ -237,6 +238,7 @@ let
url = mkOption {
type = types.str;
default = config.name;
defaultText = "reponame";
description = ''
The relative url used to access the repository.
'';
@ -249,7 +251,7 @@ let
List of users that should be able to fetch from this repo.
This option is currently not used by krebs.git but instead can be
used to create rules. See e.g. <stockholm/tv/2configs/git.nix> for
used to create rules. See e.g. stockholm/tv/2configs/git.nix for
an example.
'';
};
@ -258,6 +260,7 @@ let
description = ''
Repository name.
'';
defaultText = "reponame";
};
hooks = mkOption {
type = types.attrsOf types.str;

2
krebs/3modules/github-hosts-sync.nix
View File

@ -18,10 +18,12 @@ let
srcDir = mkOption {
type = types.str;
default = "${config.krebs.tinc.retiolum.confDir}/hosts";
defaultText = "\${config.krebs.tinc.retiolum.confDir}/hosts";
};
ssh-identity-file = mkOption {
type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"];
default = toString <secrets/github-hosts-sync.ssh.id_ed25519>;
defaultText = "secrets/github-hosts-sync.ssh.id_ed25519";
};
url = mkOption {
type = types.str;

26
krebs/3modules/github-known-hosts.nix
View File

@ -2,8 +2,8 @@
services.openssh.knownHosts.github = {
hostNames = [
"github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R .
# List generated with (IPv6 addresses are currently ignored):
# curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | nix-shell -p cidr2glob --run cidr2glob | jq -R .
"192.30.252.*"
"192.30.253.*"
"192.30.254.*"
@ -28,6 +28,22 @@
"140.82.125.*"
"140.82.126.*"
"140.82.127.*"
"143.55.64.*"
"143.55.65.*"
"143.55.66.*"
"143.55.67.*"
"143.55.68.*"
"143.55.69.*"
"143.55.70.*"
"143.55.71.*"
"143.55.72.*"
"143.55.73.*"
"143.55.74.*"
"143.55.75.*"
"143.55.76.*"
"143.55.77.*"
"143.55.78.*"
"143.55.79.*"
"13.114.40.48"
"52.192.72.89"
"52.69.186.44"
@ -44,6 +60,9 @@
"18.228.52.138"
"18.228.67.229"
"18.231.5.6"
"20.201.28.151"
"20.205.243.166"
"102.133.202.242"
"18.181.13.223"
"54.238.117.237"
"54.168.17.15"
@ -60,6 +79,9 @@
"54.233.131.104"
"18.231.104.233"
"18.228.167.86"
"20.201.28.152"
"20.205.243.160"
"102.133.202.246"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};

6
krebs/3modules/htgen.nix
View File

@ -13,7 +13,7 @@ let
default = {};
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
enable = mkEnableOption "krebs.htgen-${config.name}";
enable = mkEnableOption "krebs.htgen-${config._module.args.name}";
name = mkOption {
type = types.username;
@ -38,6 +38,10 @@ let
name = "htgen-${config.name}";
home = "/var/lib/htgen-${config.name}";
};
defaultText = {
name = "htgen-name";
home = "/var/lib/htgen-name";
};
};
};
}));

6
krebs/3modules/krebs/default.nix
View File

@ -39,7 +39,10 @@ in {
cores = 4;
nets = {
shack = {
ip4.addr = "10.42.0.50" ;
ip4 = {
addr = "10.42.0.50" ;
prefix = "10.42.0.0/16";
};
aliases = [
"filebitch.shack"
];
@ -158,6 +161,7 @@ in {
};
puyak = {
ci = true;
cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.77.2";

47
krebs/3modules/lass/default.nix
View File

@ -14,7 +14,47 @@ in {
dns.providers = {
"lassul.us" = "zones";
};
hosts = mapAttrs hostDefaults {
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass;
ci = true;
monitoring = true;
}) {
dishfire = {
cores = 4;
nets = rec {
internet = {
ip4 = rec {
addr = "157.90.232.92";
prefix = "${addr}/32";
};
aliases = [
"dishfire.i"
];
ssh.port = 45621;
};
retiolum = {
via = internet;
ip4.addr = "10.243.133.99";
ip6.addr = r6 "d15f:1233";
aliases = [
"dishfire.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
-----END RSA PUBLIC KEY-----
'';
tinc.port = 655;
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
};
prism = rec {
cores = 4;
extraZones = {
@ -54,7 +94,10 @@ in {
};
nets = rec {
internet = {
ip4.addr = "95.216.1.150";
ip4 = {
addr = "95.216.1.150";
prefix = "0.0.0.0/0";
};
aliases = [
"prism.i"
"paste.i"

3
krebs/3modules/reaktor2.nix
View File

@ -26,11 +26,13 @@ with import <stockholm/lib>;
};
stateDir = mkOption {
default = "/var/lib/${self.config.username}";
defaultText = "/var/lib/username";
readOnly = true;
type = types.absolute-pathname;
};
systemd-service-name = mkOption {
default = "reaktor2${optionalString (name != "default") "-${name}"}";
defaultText = "reaktor2-name or just reaktor2 if name is \"default\"";
type = types.filename;
};
sendDelaySec = mkOption {
@ -39,6 +41,7 @@ with import <stockholm/lib>;
};
username = mkOption {
default = self.config.systemd-service-name;
defaultText = "systemd-service-name";
type = types.username;
};
useTLS = mkOption {

2
krebs/3modules/rtorrent.nix
View File

@ -96,7 +96,7 @@ let
basic authentication to be used. If unset, no authentication will be
enabled.
Refer to `services.nginx.virtualHosts.<name>.basicAuth`
Refer to `services.nginx.virtualHosts.name.basicAuth`
'';
default = {};
};

4
krebs/3modules/shadow.nix
View File

@ -55,11 +55,11 @@ in {
The overrides file may contain either regular shadow(5) entries like:
<code>&lt;login-name&gt;:&lt;hashed-password&gt;:1::::::</code>
<code>login-name:hashed-password:1::::::</code>
Or shortened entries only containing login name and password like:
<code>&lt;login-name&gt;:&lt;hashed-password&gt</code>
<code>login-name:hashed-password</code>
'';
type = types.nullOr (types.either types.path types.absolute-pathname);
};

27
krebs/3modules/tinc.nix
View File

@ -81,9 +81,16 @@ let
''}
${tinc.config.tincUpExtra}
'';
defaultText = ''
ip -4 addr add net.ip4.addr dev ${netname}
ip -4 route add net.ip4.prefix dev ${netname}
ip -6 addr add net.ip6.addr dev ${netname}
ip -6 route add net.ip6.prefix dev ${netname}
${tinc.config.tincUpExtra}
'';
description = ''
tinc-up script to be used. Defaults to setting the
krebs.host.nets.<netname>.ip4 and ip6 for the new ips and
krebs.host.nets.netname.ip4 and ip6 for the new ips and
configures forwarding of the respecitive netmask as subnet.
'';
};
@ -103,6 +110,7 @@ let
type = with types; attrsOf host;
default =
filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts;
defaultText = "all-hosts-of-netname";
description = ''
Hosts to generate <literal>config.krebs.tinc.retiolum.hostsPackage</literal>.
Note that these hosts must have a network named
@ -138,9 +146,10 @@ let
'') tinc.config.hosts)}
'';
};
defaultText = "netname-tinc-hosts";
description = ''
Package of tinc host configuration files. By default, a package will
be generated from <literal>config.krebs.${tinc.config.netname}.hosts</literal>. This
be generated from <literal>config.krebs.netname.hosts</literal>. This
option's main purpose is to expose the generated hosts package to other
modules, like <literal>config.krebs.tinc_graphs</literal>. But it can
also be used to provide a custom hosts directory.
@ -168,6 +177,7 @@ let
owner = tinc.config.user;
source-path = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv";
};
defaultText = "secrets/netname.rsa_key.priv";
};
privkey_ed25519 = mkOption {
@ -179,11 +189,12 @@ let
owner = tinc.config.user;
source-path = toString <secrets> + "/${tinc.config.netname}.ed25519_key.priv";
};
defaultText = "secrets/netname.ed25519_key.priv";
};
connectTo = mkOption {
type = types.listOf types.str;
${if tinc.config.netname == "retiolum" then "default" else null} = [
${if netname == "retiolum" then "default" else null} = [
"gum"
"ni"
"prism"
@ -194,8 +205,10 @@ let
routeable IPv4 or IPv6 address.
In stockholm this can be done by configuring:
krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip
krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655;
{
krebs.hosts.host.nets.netname.via.ip4.addr = external-ip;
krebs.hosts.host.nets.netname.tinc.port = 1655;
}
'';
};
@ -205,6 +218,10 @@ let
name = tinc.config.netname;
home = "/var/lib/${tinc.config.user.name}";
};
defaultText = {
name = "netname";
home = "/var/lib/netname";
};
};
};
}));

2
krebs/3modules/tinc_graphs.nix
View File

@ -24,6 +24,7 @@ let
type = types.str;
description = "Path to Hosts directory";
default = "${config.krebs.tinc.retiolum.hostsPackage}";
defaultText = "\${config.krebs.tinc.retiolum.hostsPackage}";
};
network = mkOption {
@ -68,6 +69,7 @@ let
Defaults to the new users home dir which defaults to
/var/cache/tinc_graphs'';
default = config.users.extraUsers.tinc_graphs.home;
defaultText = "<literal>\${config.users.extraUsers.tinc_graphs.home}</literal>";
};
timerConfig = mkOption {

2
krebs/5pkgs/override/default.nix
View File

@ -20,7 +20,7 @@ self: super: {
"0.10.1" = [
./flameshot/flameshot_imgur_0.9.0.patch
];
}.${old.version};
}.${old.version} or [];
});
# https://github.com/proot-me/PRoot/issues/106

2
krebs/5pkgs/simple/ircaids/default.nix
View File

@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
pkgs.netcat
pkgs.nettools
pkgs.openssl
pkgs.utillinux
pkgs.unixtools.getopt
]};
' $out/bin/ircsink
'';

9
krebs/nixpkgs-unstable.json
View File

@ -1,9 +1,10 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175",
"date": "2021-11-01T19:42:18+01:00",
"path": "/nix/store/ccfd4ijkp4rn018sjghkhn4a7gkdq84l-nixpkgs",
"sha256": "1q7n9rk4i8ky2xxiymm72cfq1xra3ss3vkhbwf60rhiblslldgqg",
"rev": "715f63411952c86c8f57ab9e3e3cb866a015b5f2",
"date": "2021-11-17T14:17:56+01:00",
"path": "/nix/store/85yrz3ygrzkgw87fp3j42i1i9f4vf0n0-nixpkgs",
"sha256": "152kxfk11mgwg8gx0s1rgykyydfb7s746yfylvbwk5mk5cv4z9nv",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false

9
krebs/nixpkgs.json
View File

@ -1,9 +1,10 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f",
"date": "2021-10-31T15:33:08-07:00",
"path": "/nix/store/60dqlv3rf8dyf041qwx2bblmpd7mp7q6-nixpkgs",
"sha256": "150rrksrjf6w9m3c1ll04xilpglysklfpi636rxwyy318g5xss55",
"rev": "24528474d2b3370f2f23879a557ae2cc92a5d50b",
"date": "2021-11-19T11:04:27+01:00",
"path": "/nix/store/f435816nqq7y14ar1haadw228nbxnh33-nixpkgs",
"sha256": "0pdmqzk1l7cwwfp005kzv0dwnmg8xnskzc745052gdxp8pzh1w45",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false

10
lass/1systems/dishfire/config.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
];
krebs.build.host = config.krebs.hosts.dishfire;
}

21
lass/1systems/dishfire/physical.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
./config.nix
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.loader.grub.devices = [ "/dev/sda" ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd";
fsType = "ext4";
};
swapDevices = [ ];
}

29
lass/1systems/mors/config.nix
View File

@ -183,35 +183,6 @@ with import <stockholm/lib>;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
lass.restic = genAttrs [
"daedalus"
"icarus"
"littleT"
"prism"
"shodan"
"skynet"
] (dest: {
dirs = [
"/home/lass/src"
"/home/lass/work"
"/home/lass/.gnupg"
"/home/lass/Maildir"
"/home/lass/stockholm"
"/home/lass/.password-store"
"/home/bitcoin"
"/home/bch"
];
passwordFile = (toString <secrets>) + "/restic/${dest}";
repo = "sftp:backup@${dest}.r:/backups/mors";
#sshPrivateKey = config.krebs.build.host.ssh.privkey.path;
extraArguments = [
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
];
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
});
virtualisation.libvirtd.enable = true;
services.earlyoom = {

2
lass/2configs/default.nix
View File

@ -215,6 +215,8 @@ with import <stockholm/lib>;
noipv4ll
'';
documentation.nixos.includeAllModules = true;
# use 24:00 time format, the default got sneakily changed around 20.03
i18n.defaultLocale = mkDefault "C.UTF-8";
time.timeZone = mkDefault"Europe/Berlin";

1
lass/3modules/default.nix
View File

@ -9,7 +9,6 @@ _:
./news.nix
./nichtparasoup.nix
./pyload.nix
./restic.nix
./screenlock.nix
./usershadow.nix
./xjail.nix

119
lass/3modules/restic.nix
View File

@ -1,119 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
options.lass.restic = mkOption {
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
name = mkOption {
type = types.str;
default = config._module.args.name;
};
passwordFile = mkOption {
type = types.str;
default = toString <secrets/restic-password>;
description = ''
read the repository password from a file.
'';
example = "/etc/nixos/restic-password";
};
repo = mkOption {
type = types.str;
default = "sftp:backup@prism.r:/backups/${config.name}";
description = ''
repository to backup to.
'';
example = "sftp:backup@192.168.1.100:/backups/${config.name}";
};
dirs = mkOption {
type = types.listOf types.str;
default = [];
description = ''
which directories to backup.
'';
example = [
"/var/lib/postgresql"
"/home/user/backup"
];
};
timerConfig = mkOption {
type = types.attrsOf types.str;
default = {
OnCalendar = "daily";
};
description = ''
When to run the backup. See man systemd.timer for details.
'';
example = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
};
user = mkOption {
type = types.str;
default = "root";
description = ''
As which user the backup should run.
'';
example = "postgresql";
};
extraArguments = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra arguments to append to the restic command.
'';
example = [
"sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp"
];
};
initialize = mkOption {
type = types.bool;
default = false;
description = ''
Create the repository if it doesn't exist.
'';
};
};
}));
default = {};
};
config = {
systemd.services =
mapAttrs' (_: plan:
let
extraArguments = concatMapStringsSep " " (arg: "-o ${arg}") plan.extraArguments;
connectTo = elemAt (splitString ":" plan.repo) 1;
resticCmd = "${pkgs.restic}/bin/restic ${extraArguments}";
in nameValuePair "backup.${plan.name}" {
environment = {
RESTIC_PASSWORD_FILE = plan.passwordFile;
RESTIC_REPOSITORY = plan.repo;
};
path = with pkgs; [
openssh
];
restartIfChanged = false;
serviceConfig = {
ExecStartPre = mkIf plan.initialize (pkgs.writeScript "rustic-${plan.name}-init" ''
#! ${pkgs.bash}/bin/bash
${resticCmd} snapshots || ${resticCmd} init
'');
ExecStart = pkgs.writeDash "rustic-${plan.name}" (
"#! ${pkgs.bash}/bin/bash\n" +
concatMapStringsSep "\n" (dir: "${resticCmd} backup ${dir}") plan.dirs
);
User = plan.user;
};
}
) config.lass.restic;
systemd.timers =
mapAttrs' (_: plan: nameValuePair "backup.${plan.name}" {
wantedBy = [ "timers.target" ];
timerConfig = plan.timerConfig;
}) config.lass.restic;
};
}

1
lass/3modules/xjail.nix
View File

@ -48,6 +48,7 @@ with import <stockholm/lib>;
wm = mkOption {
#TODO find type
type = types.str;
defaultText = "script";
default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
executables.xmonad = {
extra-depends = [

52
lib/types.nix
View File

@ -34,7 +34,7 @@ rec {
ci = mkOption {
description = ''
If true, then the host wants to be tested by some CI system.
See <stockholm/krebs/2configs/buildbot-all.nix>
See stockholm/krebs/2configs/buildbot-all.nix
'';
type = bool;
default = false;
@ -43,7 +43,7 @@ rec {
external = mkOption {
description = ''
Whether the host is defined externally (in contrast to being defined
in <stockholm>). This is useful e.g. when legacy and/or adopted
in stockholm). This is useful e.g. when legacy and/or adopted
hosts should be part of retiolum or some other component.
'';
type = bool;
@ -102,7 +102,14 @@ rec {
default = config._module.args.name;
};
via = mkOption {
type = nullOr net;
type =
# XXX break infinite recursion when generating manuals
if config._module.args.name == "name" then
mkOptionType {
name = "net";
}
else
nullOr net;
default = null;
};
addrs = mkOption {
@ -128,9 +135,10 @@ rec {
};
prefix = mkOption ({
type = cidr4;
} // optionalAttrs (config.name == "retiolum") {
default = "10.243.0.0/16";
});
} // {
retiolum.default = "10.243.0.0/16";
wiregrill.default = "10.244.0.0/16";
}.${config._module.args.name} or {});
};
});
default = null;
@ -144,9 +152,10 @@ rec {
};
prefix = mkOption ({
type = cidr6;
} // optionalAttrs (config.name == "retiolum") {
default = "42::/16";
});
} // {
retiolum.default = "42:0::/32";
wiregrill.default = "42:1::/32";
}.${config._module.args.name} or {});
};
});
default = null;
@ -178,7 +187,15 @@ rec {
[config.extraConfig]
++
[config.pubkey]
++
optional (config.weight != null) "Weight = ${toString config.weight}"
);
defaultText = ''
Address = addr port # for each net.via.addrs
Subnet = addr # for each net.addrs
extraConfig
pubkey
'';
};
pubkey = mkOption {
type = tinc-pubkey;
@ -202,6 +219,15 @@ rec {
description = "tinc subnets";
default = [];
};
weight = mkOption {
type = nullOr int;
description = ''
global tinc weight (latency in ms) of this particular node.
can be set to some high value to make it unprobable to be used as router.
if set to null, tinc will autogenerate the value based on latency.
'';
default = if net.via != null then null else 300;
};
};
}));
default = null;
@ -227,6 +253,7 @@ rec {
};
};
}));
default = null;
};
};
});
@ -252,6 +279,7 @@ rec {
path = mkOption {
type = absolute-pathname;
default = "/run/keys/${config.name}";
defaultText = "/run/keys/name";
};
mode = mkOption {
type = file-mode;
@ -267,10 +295,12 @@ rec {
service = mkOption {
type = systemd.unit-name;
default = "secret-${lib.systemd.encodeName config.name}.service";
defaultText = "secret-name.service";
};
source-path = mkOption {
type = str;
default = toString <secrets> + "/${config.name}";
defaultText = "secrets/name";
};
};
});
@ -379,6 +409,7 @@ rec {
home = mkOption {
type = absolute-pathname;
default = "/home/${config.name}";
defaultText = "/home/name";
};
mail = mkOption {
type = nullOr str;
@ -406,6 +437,7 @@ rec {
uid = mkOption {
type = int;
default = genid_uint31 config.name;
defaultText = "genid_uint31 name";
};
};
});
@ -414,10 +446,12 @@ rec {
name = mkOption {
type = username;
default = config._module.args.name;
defaultText = "genid_uint31 name";
};
gid = mkOption {
type = int;
default = genid_uint31 config.name;
defaultText = "genid_uint31 name";
};
};
});