m 1,2 : wry serves as iodine entry point

2015-10-19 23:46:10 +02:00 · 2015-10-19 23:46:10 +02:00 · ded0821d9b
commit ded0821d9b
parent 8d3ebfc096
4 changed files with 23 additions and 5 deletions
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@ -127,7 +127,6 @@ with import ../../4lib { inherit lib; };
        "krebsco.de" = ''
                            IN MX 10  mx42
          euer              IN MX 1   aspmx.l.google.com.
-          io                IN NS     pigstarter.krebsco.de.
          pigstarter        IN A      ${head nets.internet.addrs4}
          gold              IN A      ${head nets.internet.addrs4}
          boot              IN A      ${head nets.internet.addrs4}'';
@ -165,6 +164,7 @@ with import ../../4lib { inherit lib; };
      extraZones = {
        "krebsco.de" = ''
          wry            IN A ${head nets.internet.addrs4}
+          io             IN NS     wry.krebsco.de.
          graphs         IN A ${head nets.internet.addrs4}
          tinc           IN A ${head nets.internet.addrs4}
          '';
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@ -11,6 +11,8 @@ in {
      ../2configs/base-sources.nix
      ../2configs/tinc-basic-retiolum.nix

+      ../2configs/iodined.nix
+
      # Reaktor
      ../2configs/Reaktor/simpleExtend.nix
  ];
@ -46,7 +48,7 @@ in {
    hostnames_anonymous = [ "graphs.krebsco.de" ];
  };

-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 53 80 443 ];

  krebs.build = {
    user = config.krebs.users.makefu;
--- a/makefu/2configs/base-sources.nix
+++ b/makefu/2configs/base-sources.nix
@ -3,9 +3,9 @@
 {
  krebs.build.source = {
    git.nixpkgs = {
-      url = https://github.com/NixOS/nixpkgs;
-      #url = https://github.com/makefu/nixpkgs;
-      rev = "dc18f39bfb2f9d1ba62c7e8ad98544bb15cb26b2"; # nixos-15.09
+      #url = https://github.com/NixOS/nixpkgs;
+      url = https://github.com/makefu/nixpkgs;
+      rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine
    };

    dir.secrets = {
--- a/makefu/2configs/iodined.nix
+++ b/makefu/2configs/iodined.nix
@ -0,0 +1,16 @@
+{ services,builtins,environment,pkgs, ... }:
+
+let
+  # TODO: make this a parameter
+  domain = "io.krebsco.de";
+  pw = import <secrets/iodinepw.nix>;
+in {
+
+  services.iodined = {
+    enable = true;
+    domain = domain;
+    ip = "172.16.10.1/24";
+    extraConfig = "-P ${pw}";
+  };
+
+}