diff --git a/ci/generate.sh b/ci/generate.sh index 971dcbb4..04e807e1 100644 --- a/ci/generate.sh +++ b/ci/generate.sh @@ -5,6 +5,7 @@ for node in reisen; do nix eval --json "${NF_CONFIG_ROOT}#lib.generate.$node.users" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/users.json" nix eval --json "${NF_CONFIG_ROOT}#lib.generate.$node.systems" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/systems.json" done +nix eval --json "${NF_CONFIG_ROOT}#lib.generate.systems" | jq -M . > "$NF_CONFIG_ROOT/ci/systems.json" for ciconfig in "${NF_CONFIG_FILES[@]}"; do echo "processing ${ciconfig}..." >&2 diff --git a/ci/systems.json b/ci/systems.json new file mode 100644 index 00000000..9eff5489 --- /dev/null +++ b/ci/systems.json @@ -0,0 +1,328 @@ +{ + "aya": { + "network": { + "hostName": "aya", + "networks": { + "int": { + "address4": "10.9.1.73", + "address6": "fd0c::49", + "macAddress": "BC:24:19:C4:66:A9" + }, + "local": { + "address4": "10.1.1.47", + "address6": "fd0a::be24:11ff:fec4:66a9", + "macAddress": "BC:24:11:C4:66:A9" + }, + "tail": { + "address4": "100.109.213.94", + "address6": "fd7a:115c:a1e0::eaed:d55e", + "macAddress": null + } + } + } + }, + "ct": { + "network": { + "hostName": "ct", + "networks": { + "int": null, + "local": null, + "tail": null + } + } + }, + "extern-test": { + "network": { + "hostName": "extern-test", + "networks": { + "int": null, + "local": null, + "tail": null + } + } + }, + "freeipa": { + "network": { + "hostName": "idp", + "networks": { + "int": { + "address4": "10.9.1.170", + "address6": "fd0c::aa", + "macAddress": "BC:24:19:3D:39:91" + }, + "local": { + "address4": "10.1.1.46", + "address6": "fd0a::be24:11ff:fe3d:3991", + "macAddress": "BC:24:11:3D:39:91" + }, + "tail": null + } + } + }, + "freepbx": { + "network": { + "hostName": "freepbx", + "networks": { + "int": null, + "local": { + "address4": null, + "address6": "fd0a::be24:11ff:fe33:1904", + "macAddress": "BC:24:11:33:19:04" + }, + "tail": null + } + } + }, + "hakurei": { + "network": { + "hostName": "hakurei", + "networks": { + "int": { + "address4": "10.9.1.71", + "address6": "fd0c::47", + "macAddress": "BC:24:19:C4:66:A7" + }, + "local": { + "address4": "10.1.1.41", + "address6": "fd0a::be24:11ff:fec4:66a7", + "macAddress": "BC:24:11:C4:66:A7" + }, + "tail": { + "address4": "100.71.65.59", + "address6": "fd7a:115c:a1e0::9187:413b", + "macAddress": null + } + } + } + }, + "keycloak": { + "network": { + "hostName": "keycloak", + "networks": { + "int": { + "address4": "10.9.1.75", + "address6": "fd0c::4b", + "macAddress": "BC:24:19:C4:66:AC" + }, + "local": { + "address4": "10.1.1.48", + "address6": "fd0a::be24:11ff:fec4:66ac", + "macAddress": "BC:24:11:C4:66:AC" + }, + "tail": null + } + } + }, + "kitchencam": { + "network": { + "hostName": "kitchencam", + "networks": { + "int": null, + "local": { + "address4": null, + "address6": "fd0a::ba27:ebff:fea8:f4ff", + "macAddress": null + }, + "tail": null + } + } + }, + "kuwubernetes": { + "network": { + "hostName": "kuwubernetes", + "networks": { + "int": null, + "local": { + "address4": "10.1.1.42", + "address6": "fd0a::be24:11ff:fe49:fedc", + "macAddress": "BC:24:11:49:FE:DC" + }, + "tail": null + } + } + }, + "litterbox": { + "network": { + "hostName": "litterbox", + "networks": { + "int": { + "address4": "10.9.1.74", + "address6": "fd0c::4a", + "macAddress": "BC:24:19:C4:66:AB" + }, + "local": { + "address4": null, + "address6": "fd0a::be24:11ff:fec4:66ab", + "macAddress": "BC:24:11:C4:66:AB" + }, + "tail": null + } + } + }, + "mediabox": { + "network": { + "hostName": "mediabox", + "networks": { + "int": { + "address4": "10.9.1.70", + "address6": "fd0c::46", + "macAddress": "BC:24:19:34:F4:A8" + }, + "local": { + "address4": "10.1.1.44", + "address6": "fd0a::be24:11ff:fe34:f4a8", + "macAddress": "BC:24:11:34:F4:A8" + }, + "tail": null + } + } + }, + "nue": { + "network": { + "hostName": "nue", + "networks": { + "int": null, + "local": { + "address4": "10.1.1.62", + "address6": "fd0a::daf8:83ff:fe36:81b6", + "macAddress": null + }, + "tail": { + "address4": "100.86.77.54", + "address6": "fd7a:115c:a1e0:ab12:4843:cd96:6256:4d36", + "macAddress": null + } + } + } + }, + "reimu": { + "network": { + "hostName": "reimu", + "networks": { + "int": { + "address4": "10.9.1.72", + "address6": "fd0c::48", + "macAddress": "BC:24:19:C4:66:A8" + }, + "local": { + "address4": "10.1.1.45", + "address6": "fd0a::be24:11ff:fec4:66a8", + "macAddress": "BC:24:11:C4:66:A8" + }, + "tail": { + "address4": "100.113.253.48", + "address6": "fd7a:115c:a1e0::f1b1:fd30", + "macAddress": null + } + } + } + }, + "reisen": { + "network": { + "hostName": "reisen", + "networks": { + "int": { + "address4": "10.9.1.2", + "address6": "fd0c::2", + "macAddress": null + }, + "local": { + "address4": "10.1.1.40", + "address6": null, + "macAddress": null + }, + "tail": null + } + } + }, + "shanghai": { + "network": { + "hostName": "shanghai", + "networks": { + "int": null, + "local": { + "address4": "10.1.1.32", + "address6": "fd0a::1ac0:4dff:fe08:87bc", + "macAddress": "18:c0:4d:08:87:bc" + }, + "tail": { + "address4": "100.104.155.122", + "address6": "fd7a:115c:a1e0:ab12:4843:cd96:6268:9b7a", + "macAddress": null + } + } + } + }, + "tei": { + "network": { + "hostName": "tei", + "networks": { + "int": { + "address4": "10.9.1.69", + "address6": "fd0c::45", + "macAddress": "BC:24:19:CC:66:57" + }, + "local": { + "address4": "10.1.1.39", + "address6": "fd0a::be24:11ff:fecc:6657", + "macAddress": "BC:24:11:CC:66:57" + }, + "tail": { + "address4": "100.74.104.29", + "address6": "fd7a:115c:a1e0::fd8a:681d", + "macAddress": null + } + } + } + }, + "tewi": { + "network": { + "hostName": "tewi", + "networks": { + "int": null, + "local": { + "address4": null, + "address6": "fd0a::eea8:6bff:fefe:3986", + "macAddress": null + }, + "tail": { + "address4": "100.88.107.41", + "address6": "fd7a:115c:a1e0:ab12:4843:cd96:6258:6b29", + "macAddress": null + } + } + } + }, + "u7pro": { + "network": { + "hostName": "u7-pro", + "networks": { + "int": null, + "local": { + "address4": "10.1.1.3", + "address6": null, + "macAddress": null + }, + "tail": null + } + } + }, + "utsuho": { + "network": { + "hostName": "utsuho", + "networks": { + "int": { + "address4": "10.9.1.76", + "address6": "fd0c::4c", + "macAddress": "BC:24:19:C4:66:A6" + }, + "local": { + "address4": "10.1.1.38", + "address6": "fd0a::be24:11ff:fec4:66a6", + "macAddress": "BC:24:11:C4:66:A6" + }, + "tail": null + } + } + } +} diff --git a/generate.nix b/generate.nix index 173ab57a..5cec0f49 100644 --- a/generate.nix +++ b/generate.nix @@ -3,11 +3,10 @@ tree, }: let nixlib = inputs.nixpkgs.lib; - inherit (nixlib.attrsets) mapAttrs filterAttrs mapAttrsToList; - inherit (nixlib.lists) elem sortOn; - inherit (nixlib.strings) removeSuffix; - inherit (nixlib.trivial) mapNullable warn; + inherit (nixlib.attrsets) mapAttrs mapAttrs' nameValuePair filterAttrs mapAttrsToList; + inherit (nixlib.lists) sortOn; inherit (inputs.self.lib.lib) userIs; + inherit (inputs.self.lib) systems; templateSystem = inputs.self.nixosConfigurations.reimu; templateUsers = filterAttrs (_: userIs "peeps") templateSystem.config.users.users; mkNodeUsers = users: let @@ -20,23 +19,24 @@ }; nodeSystems = let matchesNode = nodeName: system: system.config.proxmox.enabled && system.config.proxmox.node.name == nodeName; - in nodeName: filterAttrs (_: matchesNode nodeName) inputs.self.lib.systems; + in nodeName: filterAttrs (_: matchesNode nodeName) systems; mkNodeSystem = system: { + inherit (system.config.access) hostName; network = let - inherit (system.config.proxmox) network; - inherit (network) internal local; + inherit (system.config.network) networks; in { - int = if internal.interface != null then { - inherit (internal.interface) macAddress; - address4 = removeSuffix "/24" internal.interface.address4; - address6 = removeSuffix "/64" internal.interface.address6; - } else null; - local = if local.interface != null then { - inherit (local.interface) macAddress; - address4 = mapNullable (removeSuffix "/24") local.interface.local.address4; - address6 = mapNullable (removeSuffix "/64") local.interface.local.address6; - } else null; - tail = warn "TODO: generate network.tail" null; + networks = { + int = if networks.int.enable or false then { + inherit (networks.int) macAddress address4 address6; + } else null; + local = if networks.local.enable or false then { + inherit (networks.local) macAddress address4 address6; + } else null; + tail = if networks.tail.enable or false then { + inherit (networks.tail) address4 address6; + macAddress = null; + } else null; + }; }; }; mkNodeSystems = systems: mapAttrs (_: mkNodeSystem) systems; @@ -44,6 +44,20 @@ users = mkNodeUsers templateUsers; systems = mkNodeSystems (nodeSystems name); }; + mkNetwork = system: { + inherit (system.config.access) hostName; + networks = { + int = null; + local = null; + tail = null; + } // mapAttrs' (_: network: nameValuePair network.name { + inherit (network) macAddress address4 address6; + }) system.config.network.networks; + }; + mkSystem = name: system: { + network = mkNetwork system; + }; in { reisen = mkNode {name = "reisen";}; + systems = mapAttrs mkSystem systems; } diff --git a/lib.nix b/lib.nix index 4ad54e53..237eabee 100644 --- a/lib.nix +++ b/lib.nix @@ -4,7 +4,7 @@ systems, }: let nixlib = inputs.nixpkgs.lib; - inherit (nixlib.modules) mkOrder mkOverride; + inherit (nixlib.modules) mkOrder mkOverride defaultOverridePriority; inherit (nixlib.strings) splitString toLower; inherit (nixlib.lists) imap0 elemAt; inherit (nixlib.attrsets) mapAttrs listToAttrs nameValuePair; @@ -38,10 +38,23 @@ mapListToAttrs = f: l: listToAttrs (map f l); - mkAlmostOptionDefault = mkOverride 1400; + + overrideOptionDefault = 1500; + overrideAlmostOptionDefault = 1400; + overrideDefault = 1000; + overrideNone = defaultOverridePriority; # 100 + overrideForce = 50; + overrideVM = 10; + mkAlmostOptionDefault = mkOverride overrideAlmostOptionDefault; + orderBefore = 500; + orderNone = 1000; + orderAfter = 1500; + orderAlmostAfter = 1400; mkAlmostAfter = mkOrder 1400; mapOverride = priority: mapAttrs (_: mkOverride priority); - mapOptionDefaults = mapOverride 1500; + mapOptionDefaults = mapOverride overrideOptionDefault; + mapAlmostOptionDefaults = mapOverride overrideAlmostOptionDefault; + mapDefaults = mapOverride overrideDefault; treeToModulesOutput = modules: { @@ -60,8 +73,14 @@ in { Std = inputs.std-fl.lib; lib = { domain = "gensokyo.zone"; - inherit treeToModulesOutput mkWinPath mkBaseDn userIs eui64 toHexStringLower hexCharToInt; - inherit mkAlmostAfter mkAlmostOptionDefault mapOptionDefaults mapOverride mapListToAttrs; + inherit treeToModulesOutput userIs + eui64 mkWinPath mkBaseDn + toHexStringLower hexCharToInt + mapListToAttrs + mkAlmostOptionDefault mapOverride mapOptionDefaults mapAlmostOptionDefaults mapDefaults + overrideOptionDefault overrideAlmostOptionDefault overrideDefault overrideNone overrideForce overrideVM + orderBefore orderNone orderAfter orderAlmostAfter + mkAlmostAfter; inherit (inputs.arcexprs.lib) unmerged json; }; generate = import ./generate.nix {inherit inputs tree;}; diff --git a/modules/nixos/network/netgroups.nix b/modules/nixos/network/netgroups.nix index d04902d6..e605f5f4 100644 --- a/modules/nixos/network/netgroups.nix +++ b/modules/nixos/network/netgroups.nix @@ -76,7 +76,7 @@ in { (mkIf config.services.sssd.enable [ "sss" ]) ]; }; - environment.etc."nssswitch.conf".text = mkIf (nssDatabases.netgroup != [ ]) (mkAfter '' + environment.etc."nsswitch.conf".text = mkIf (nssDatabases.netgroup != [ ]) (mkAfter '' netgroup: ${concatStringsSep " " nssDatabases.netgroup} ''); environment.etc."netgroup" = mkIf (networking.netgroups != { } || networking.extraNetgroups != "") { diff --git a/modules/nixos/network/networks.nix b/modules/nixos/network/networks.nix deleted file mode 100644 index 8ef65ceb..00000000 --- a/modules/nixos/network/networks.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - inputs, - config, - lib, - ... -}: let - inherit (lib.options) mkOption mkEnableOption; - inherit (lib.modules) mkIf mkMerge mkOptionDefault; - inherit (inputs.self.lib.lib) eui64; - inherit (config) networking services; - networkModule = {config, ...}: { - options = with lib.types; { - mdns = { - enable = - mkEnableOption "SLAAC" - // { - default = config.matchConfig.Type or null == "ether" && services.resolved.enable; - }; - }; - slaac = { - enable = - mkEnableOption "SLAAC" - // { - default = config.matchConfig.Type or null == "ether" && networking.enableIPv6; - }; - postfix = mkOption { - type = str; - }; - }; - }; - config = { - slaac.postfix = mkIf (config.matchConfig.MACAddress or null != null) ( - mkOptionDefault (eui64 config.matchConfig.MACAddress) - ); - networkConfig = mkMerge [ - (mkIf config.slaac.enable { - IPv6AcceptRA = true; - }) - (mkIf config.mdns.enable { - MulticastDNS = true; - }) - ]; - linkConfig = mkIf config.mdns.enable { - Multicast = true; - }; - }; - }; -in { - options = with lib.types; { - systemd.network.networks = mkOption { - type = attrsOf (submodule networkModule); - }; - }; -} diff --git a/modules/system/access.nix b/modules/system/access.nix index 25877388..0885da1f 100644 --- a/modules/system/access.nix +++ b/modules/system/access.nix @@ -102,6 +102,9 @@ }; in { options.access = with lib.types; { + fqdn = mkOption { + type = str; + }; hostName = mkOption { type = str; default = name; @@ -138,6 +141,7 @@ in { hasLocal4 = hasLocal && local'interface.local.address4 or null != null; hasLocal6 = hasLocal && local'interface.local.address6 or null != null; in { + fqdn = mkOptionDefault "${cfg.hostName}.${cfg.domain}"; hostnameForNetwork = let int = "${cfg.hostName}.int.${cfg.domain}"; local = "${cfg.hostName}.local.${cfg.domain}"; diff --git a/modules/system/network/networks.nix b/modules/system/network/networks.nix new file mode 100644 index 00000000..7fcc6edd --- /dev/null +++ b/modules/system/network/networks.nix @@ -0,0 +1,71 @@ +{config, lib, inputs, ...}: let + inherit (inputs.self.lib.lib) eui64; + inherit (lib.options) mkOption mkEnableOption; + inherit (lib.modules) mkIf mkOptionDefault; + inherit (lib.trivial) mapNullable; + networkModule = { config, name, system, ... }: let + slaacPrefix = { + local = "fd0a:"; + #int = "fd0c:"; + }; + in { + options = with lib.types; { + enable = mkEnableOption "network" // { + default = true; + }; + slaac = { + enable = mkOption { + type = bool; + }; + prefix = mkOption { + type = str; + }; + postfix = mkOption { + type = str; + }; + }; + name = mkOption { + type = str; + default = name; + }; + domain = mkOption { + type = nullOr str; + }; + fqdn = mkOption { + type = nullOr str; + }; + macAddress = mkOption { + type = nullOr str; + default = null; + }; + address4 = mkOption { + type = nullOr str; + }; + address6 = mkOption { + type = nullOr str; + }; + }; + config = { + slaac = { + enable = mkOptionDefault (slaacPrefix ? ${config.name}); + prefix = mkIf (slaacPrefix ? ${config.name}) (mkOptionDefault slaacPrefix.${config.name}); + postfix = mkIf (config.macAddress != null) (mkOptionDefault (eui64 config.macAddress)); + }; + domain = mkOptionDefault "${config.name}.${system.access.domain}"; + fqdn = mkOptionDefault (mapNullable (domain: "${system.access.hostName}.${domain}") config.domain); + address6 = mkIf config.slaac.enable (mkOptionDefault "${config.slaac.prefix}:${config.slaac.postfix}"); + }; + }; +in { + options.network = with lib.types; { + networks = mkOption { + type = attrsOf (submoduleWith { + modules = [ networkModule ]; + specialArgs = { + system = config; + }; + }); + default = { }; + }; + }; +} diff --git a/modules/system/proxmox/network.nix b/modules/system/proxmox/network.nix index aabd6d16..41bc80ce 100644 --- a/modules/system/proxmox/network.nix +++ b/modules/system/proxmox/network.nix @@ -1,10 +1,10 @@ {config, lib, inputs, ...}: let - inherit (inputs.self.lib.lib) unmerged eui64 toHexStringLower mkAlmostOptionDefault; + inherit (inputs.self.lib.lib) unmerged eui64 toHexStringLower mkAlmostOptionDefault mapAlmostOptionDefaults; inherit (lib.options) mkOption mkEnableOption; inherit (lib.modules) mkIf mkMerge mkOptionDefault; inherit (lib.attrsets) attrValues; inherit (lib.lists) elem findSingle findFirst; - inherit (lib.strings) hasPrefix removePrefix replaceStrings; + inherit (lib.strings) hasPrefix removePrefix replaceStrings removeSuffix; inherit (lib.trivial) mapNullable; cfg = config.proxmox.network; internalOffset = 32; @@ -105,6 +105,10 @@ ]; networkd.networkSettings = { name = mkAlmostOptionDefault config.name; + ipv6AcceptRAConfig = mkIf (config.address6 == "auto" && config.local.enable) { + UseDNS = mkOptionDefault false; + DHCPv6Client = mkOptionDefault false; + }; matchConfig = { MACAddress = mkIf (config.macAddress != null) (mkOptionDefault config.macAddress); Type = mkOptionDefault "ether"; @@ -117,7 +121,7 @@ IPv6AcceptRA = true; }) (mkIf config.mdns.enable { - MulticastDNS = true; + MulticastDNS = "resolve"; }) ]; address = mkMerge [ @@ -179,4 +183,19 @@ in { }; local.interface = mkOptionDefault (findFirst (interface: interface.local.enable) null (attrValues cfg.interfaces)); }; + config.network.networks = let + strip4 = mapNullable (removeSuffix "/24"); + strip6 = mapNullable (removeSuffix "/64"); + in { + int = mkIf (cfg.internal.interface != null) (mapAlmostOptionDefaults { + inherit (cfg.internal.interface) macAddress; + address4 = strip4 cfg.internal.interface.address4; + address6 = strip6 cfg.internal.interface.address6; + }); + local = mkIf (cfg.local.interface != null) (mapAlmostOptionDefaults { + inherit (cfg.local.interface) macAddress; + address4 = strip4 cfg.local.interface.local.address4; + address6 = strip6 cfg.local.interface.local.address6; + }); + }; } diff --git a/nixos/avahi.nix b/nixos/avahi.nix index 172afb49..1d5a9f5a 100644 --- a/nixos/avahi.nix +++ b/nixos/avahi.nix @@ -11,6 +11,8 @@ in { services.avahi = { enable = mkDefault true; ipv6 = mkDefault config.networking.enableIPv6; + nssmdns4 = mkIf (!config.services.resolved.enable) (mkDefault true); + nssmdns6 = mkIf (!config.services.resolved.enable) (mkDefault true); publish = { enable = mkDefault true; domain = mkDefault true; diff --git a/nixos/dnsmasq.nix b/nixos/dnsmasq.nix index cb81d668..1b4d995d 100644 --- a/nixos/dnsmasq.nix +++ b/nixos/dnsmasq.nix @@ -12,18 +12,22 @@ inherit (lib.strings) hasPrefix replaceStrings concatStringsSep; inherit (lib.trivial) mapNullable; cfg = config.services.dnsmasq; - mkHostRecordPairs = systemName: system: [ - (mkHostRecordPair "int" systemName system) - (mkHostRecordPair "local" systemName system) - #(mkHostRecordPair "tail" systemName system) + inherit (inputs.self.lib) systems; + reisenSystems = filterAttrs (_: system: + system.config.proxmox.enabled && system.config.proxmox.node.name == "reisen" + ) systems; + mkHostRecordPairs = _: system: [ + (mkHostRecordPair "int" system) + (mkHostRecordPair "local" system) + (mkHostRecordPair "tail" system) ]; mapDynamic4 = replaceStrings [ "10.1.1." ] [ "0.0.0." ]; mapDynamic6 = replaceStrings [ "fd0a::" ] [ "2001::" ]; - mkDynamicHostRecord = systemName: system: let - address4 = system.network.local.address4 or null; - address6 = system.network.local.address6 or null; + mkDynamicHostRecord = _: system: let + address4 = system.config.network.networks.local.address4 or null; + address6 = system.config.network.networks.local.address6 or null; in concatStringsSep "," ([ - "${systemName}.${config.networking.domain}" + system.config.access.fqdn ] ++ lib.optional (address4 != null) (toString (mapNullable mapDynamic4 address4)) ++ lib.optional (address6 != null) @@ -31,11 +35,11 @@ ++ lib.singleton cfg.dynamic.interface ); - mkHostRecordPair = network: systemName: system: let - address4 = system.network.${network}.address4 or null; - address6 = system.network.${network}.address6 or null; + mkHostRecordPair = network: system: let + address4 = system.config.network.networks.${network}.address4 or null; + address6 = system.config.network.networks.${network}.address6 or null; in nameValuePair - "${systemName}.${network}.${config.networking.domain}" + system.config.network.networks.${network}.fqdn or "${network}.${system.config.access.fqdn}" (concatStringsSep "," ( lib.optional (address4 != null) (toString address4) @@ -43,7 +47,7 @@ (toString address6) )); systemHosts = filterAttrs (_: value: value != "") ( - listToAttrs (concatLists (mapAttrsToList mkHostRecordPairs generate.reisen.systems)) + listToAttrs (concatLists (mapAttrsToList mkHostRecordPairs systems)) ); mkHostRecord = name: record: "${name},${record}"; filterns = ns: !hasPrefix "127.0.0" ns || ns == "::1"; @@ -66,7 +70,7 @@ in { resolveLocalQueries = mkForce false; settings = { host-record = mapAttrsToList mkHostRecord systemHosts; - dynamic-host = mapAttrsToList mkDynamicHostRecord generate.reisen.systems; + dynamic-host = mapAttrsToList mkDynamicHostRecord reisenSystems; server = if config.networking.nameservers' != [ ] then map (ns: ns.address) (filter filterns' config.networking.nameservers') else filter filterns config.networking.nameservers diff --git a/nixos/ipa.nix b/nixos/ipa.nix index 4c8288c7..fa939324 100644 --- a/nixos/ipa.nix +++ b/nixos/ipa.nix @@ -1,6 +1,6 @@ { inputs, pkgs, config, lib, ... }: let inherit (inputs.self.lib.lib) mkBaseDn; - inherit (lib.modules) mkIf mkBefore mkDefault mkOptionDefault; + inherit (lib.modules) mkIf mkDefault mkOptionDefault; inherit (lib.strings) toUpper; inherit (config.networking) domain; cfg = config.security.ipa; @@ -47,9 +47,6 @@ in { ] ++ config.users.groups.wheel.members; dyndns.enable = mkDefault false; }; - networking.hosts = mkIf cfg.enable { - "10.1.1.46" = mkBefore [ "idp.${domain}" ]; - }; sops.secrets = { krb5-keytab = mkIf cfg.enable { mode = "0400"; diff --git a/nixos/reisen-ct/network.nix b/nixos/reisen-ct/network.nix index 8bf2f251..0dbdf063 100644 --- a/nixos/reisen-ct/network.nix +++ b/nixos/reisen-ct/network.nix @@ -1,13 +1,13 @@ { lib, config, - inputs, options, meta, access, ... }: let - inherit (lib.modules) mkIf mkBefore; + inherit (lib.modules) mkIf mkBefore mkOrder; + enableDns = !config.services.dnsmasq.enable && config.networking.hostName != "utsuho" && config.networking.hostName != "ct"; in { imports = let inherit (meta) nixos; @@ -15,7 +15,7 @@ in { nixos.avahi ]; - services.resolved.enable = true; + #services.resolved.enable = mkIf enableDns false; systemd.services.avahi-daemon = mkIf (options ? proxmoxLXC && config.services.avahi.enable) { serviceConfig.ExecStartPre = mkIf config.services.resolved.enable [ "+-${config.systemd.package}/bin/resolvectl mdns eth0 yes" @@ -26,9 +26,16 @@ in { linkConfig.Multicast = true; networkConfig.MulticastDNS = true; }; - networking.nameservers' = mkIf (!config.services.dnsmasq.enable && config.networking.hostName != "utsuho" && config.networking.hostName != "ct") (mkBefore [ + networking.nameservers' = mkIf enableDns (mkBefore [ { address = access.getAddressFor "utsuho" "lan"; } ]); + # prioritize our resolver over systemd-resolved! + system.nssDatabases.hosts = let + avahiResolverEnabled = config.services.avahi.enable && (config.services.avahi.nssmdns4 || config.services.avahi.nssmdns4); + in mkIf (enableDns && (config.services.resolved.enable || avahiResolverEnabled)) (mkOrder 499 ["dns"]); + services.resolved.extraConfig = mkIf enableDns '' + DNSStubListener=no + ''; boot.kernel.sysctl = { # not sure how to get it to overlap with subgid/idmap... diff --git a/systems/aya/proxmox.nix b/systems/aya/proxmox.nix index 0aa9e54d..10376354 100644 --- a/systems/aya/proxmox.nix +++ b/systems/aya/proxmox.nix @@ -19,4 +19,10 @@ _: { }; }; }; + network.networks = { + tail = { + address4 = "100.109.213.94"; + address6 = "fd7a:115c:a1e0::eaed:d55e"; + }; + }; } diff --git a/systems/freeipa/default.nix b/systems/freeipa/default.nix index 4b3c3a4e..56153e93 100644 --- a/systems/freeipa/default.nix +++ b/systems/freeipa/default.nix @@ -1,5 +1,6 @@ _: { type = "Linux"; + access.hostName = "idp"; proxmox = { vm = { id = 202; diff --git a/systems/hakurei/default.nix b/systems/hakurei/default.nix index f0dc61a4..25c3cd13 100644 --- a/systems/hakurei/default.nix +++ b/systems/hakurei/default.nix @@ -7,6 +7,12 @@ _: { modules = [ ./nixos.nix ]; + network.networks = { + tail = { + address4 = "100.71.65.59"; + address6 = "fd7a:115c:a1e0::9187:413b"; + }; + }; access = { tailscale.enable = true; global.enable = true; diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix index 8bdbe41d..c1c22846 100644 --- a/systems/hakurei/nixos.nix +++ b/systems/hakurei/nixos.nix @@ -214,7 +214,7 @@ in { host = getHostnameFor "utsuho" "lan"; }; access.freeipa = { - host = "idp.local.${config.networking.domain}"; + host = getHostnameFor "freeipa" "lan"; kerberos.ports.kpasswd = 464; }; access.kitchencam = { diff --git a/systems/kitchencam/default.nix b/systems/kitchencam/default.nix index 91c40195..d3078d7e 100644 --- a/systems/kitchencam/default.nix +++ b/systems/kitchencam/default.nix @@ -8,4 +8,11 @@ _: { source = ./motion.conf; }; }; + network.networks = { + local = { + # TODO: macAddress = ?; + address4 = null; + address6 = "fd0a::ba27:ebff:fea8:f4ff"; + }; + }; } diff --git a/systems/nue/default.nix b/systems/nue/default.nix new file mode 100644 index 00000000..c8298d6e --- /dev/null +++ b/systems/nue/default.nix @@ -0,0 +1,23 @@ +{lib, ...}: let + inherit (lib.strings) concatStringsSep; + dot = concatStringsSep "."; + cutie = dot [ "cutie" "moe" ]; + netname = { config, system, ... }: { + domain = dot [ config.name system.access.domain ]; + }; +in { + type = "Linux"; + access.domain = dot [ "gensokyo" cutie ]; + network.networks = { + local = { + imports = [ netname ]; + address4 = "10.1.1.62"; + address6 = "fd0a::daf8:83ff:fe36:81b6"; + }; + tail = { + imports = [ netname ]; + address4 = "100.86.77.54"; + address6 = "fd7a:115c:a1e0:ab12:4843:cd96:6256:4d36"; + }; + }; +} diff --git a/systems/reimu/proxmox.nix b/systems/reimu/proxmox.nix index ca857f1a..f2017745 100644 --- a/systems/reimu/proxmox.nix +++ b/systems/reimu/proxmox.nix @@ -15,4 +15,10 @@ _: { net1.internal.enable = true; }; }; + network.networks = { + tail = { + address4 = "100.113.253.48"; + address6 = "fd7a:115c:a1e0::f1b1:fd30"; + }; + }; } diff --git a/systems/reisen/default.nix b/systems/reisen/default.nix index 2fc11e1a..599c5c83 100644 --- a/systems/reisen/default.nix +++ b/systems/reisen/default.nix @@ -1,3 +1,13 @@ _: { type = "Linux"; + network.networks = { + local = { + address4 = "10.1.1.40"; + address6 = null; + }; + int = { + address4 = "10.9.1.2"; + address6 = "fd0c::2"; + }; + }; } diff --git a/systems/reisen/systems.json b/systems/reisen/systems.json index 9a1aa5cc..ff89fdb6 100644 --- a/systems/reisen/systems.json +++ b/systems/reisen/systems.json @@ -1,159 +1,208 @@ { "aya": { + "hostName": "aya", "network": { - "int": { - "address4": "10.9.1.73", - "address6": "fd0c::49", - "macAddress": "BC:24:19:C4:66:A9" - }, - "local": { - "address4": "10.1.1.47", - "address6": "fd0a::be24:11ff:fec4:66a9", - "macAddress": "BC:24:11:C4:66:A9" - }, - "tail": null + "networks": { + "int": { + "address4": "10.9.1.73", + "address6": "fd0c::49", + "macAddress": "BC:24:19:C4:66:A9" + }, + "local": { + "address4": "10.1.1.47", + "address6": "fd0a::be24:11ff:fec4:66a9", + "macAddress": "BC:24:11:C4:66:A9" + }, + "tail": { + "address4": "100.109.213.94", + "address6": "fd7a:115c:a1e0::eaed:d55e", + "macAddress": null + } + } } }, "freeipa": { + "hostName": "idp", "network": { - "int": { - "address4": "10.9.1.170", - "address6": "fd0c::aa", - "macAddress": "BC:24:19:3D:39:91" - }, - "local": { - "address4": "10.1.1.46", - "address6": "fd0a::be24:11ff:fe3d:3991", - "macAddress": "BC:24:11:3D:39:91" - }, - "tail": null + "networks": { + "int": { + "address4": "10.9.1.170", + "address6": "fd0c::aa", + "macAddress": "BC:24:19:3D:39:91" + }, + "local": { + "address4": "10.1.1.46", + "address6": "fd0a::be24:11ff:fe3d:3991", + "macAddress": "BC:24:11:3D:39:91" + }, + "tail": null + } } }, "freepbx": { + "hostName": "freepbx", "network": { - "int": null, - "local": { - "address4": null, - "address6": "fd0a::be24:11ff:fe33:1904", - "macAddress": "BC:24:11:33:19:04" - }, - "tail": null + "networks": { + "int": null, + "local": { + "address4": null, + "address6": "fd0a::be24:11ff:fe33:1904", + "macAddress": "BC:24:11:33:19:04" + }, + "tail": null + } } }, "hakurei": { + "hostName": "hakurei", "network": { - "int": { - "address4": "10.9.1.71", - "address6": "fd0c::47", - "macAddress": "BC:24:19:C4:66:A7" - }, - "local": { - "address4": "10.1.1.41", - "address6": "fd0a::be24:11ff:fec4:66a7", - "macAddress": "BC:24:11:C4:66:A7" - }, - "tail": null + "networks": { + "int": { + "address4": "10.9.1.71", + "address6": "fd0c::47", + "macAddress": "BC:24:19:C4:66:A7" + }, + "local": { + "address4": "10.1.1.41", + "address6": "fd0a::be24:11ff:fec4:66a7", + "macAddress": "BC:24:11:C4:66:A7" + }, + "tail": { + "address4": "100.71.65.59", + "address6": "fd7a:115c:a1e0::9187:413b", + "macAddress": null + } + } } }, "keycloak": { + "hostName": "keycloak", "network": { - "int": { - "address4": "10.9.1.75", - "address6": "fd0c::4b", - "macAddress": "BC:24:19:C4:66:AC" - }, - "local": { - "address4": "10.1.1.48", - "address6": "fd0a::be24:11ff:fec4:66ac", - "macAddress": "BC:24:11:C4:66:AC" - }, - "tail": null + "networks": { + "int": { + "address4": "10.9.1.75", + "address6": "fd0c::4b", + "macAddress": "BC:24:19:C4:66:AC" + }, + "local": { + "address4": "10.1.1.48", + "address6": "fd0a::be24:11ff:fec4:66ac", + "macAddress": "BC:24:11:C4:66:AC" + }, + "tail": null + } } }, "kuwubernetes": { + "hostName": "kuwubernetes", "network": { - "int": null, - "local": { - "address4": "10.1.1.42", - "address6": "fd0a::be24:11ff:fe49:fedc", - "macAddress": "BC:24:11:49:FE:DC" - }, - "tail": null + "networks": { + "int": null, + "local": { + "address4": "10.1.1.42", + "address6": "fd0a::be24:11ff:fe49:fedc", + "macAddress": "BC:24:11:49:FE:DC" + }, + "tail": null + } } }, "litterbox": { + "hostName": "litterbox", "network": { - "int": { - "address4": "10.9.1.74", - "address6": "fd0c::4a", - "macAddress": "BC:24:19:C4:66:AB" - }, - "local": { - "address4": null, - "address6": "fd0a::be24:11ff:fec4:66ab", - "macAddress": "BC:24:11:C4:66:AB" - }, - "tail": null + "networks": { + "int": { + "address4": "10.9.1.74", + "address6": "fd0c::4a", + "macAddress": "BC:24:19:C4:66:AB" + }, + "local": { + "address4": null, + "address6": "fd0a::be24:11ff:fec4:66ab", + "macAddress": "BC:24:11:C4:66:AB" + }, + "tail": null + } } }, "mediabox": { + "hostName": "mediabox", "network": { - "int": { - "address4": "10.9.1.70", - "address6": "fd0c::46", - "macAddress": "BC:24:19:34:F4:A8" - }, - "local": { - "address4": "10.1.1.44", - "address6": "fd0a::be24:11ff:fe34:f4a8", - "macAddress": "BC:24:11:34:F4:A8" - }, - "tail": null + "networks": { + "int": { + "address4": "10.9.1.70", + "address6": "fd0c::46", + "macAddress": "BC:24:19:34:F4:A8" + }, + "local": { + "address4": "10.1.1.44", + "address6": "fd0a::be24:11ff:fe34:f4a8", + "macAddress": "BC:24:11:34:F4:A8" + }, + "tail": null + } } }, "reimu": { + "hostName": "reimu", "network": { - "int": { - "address4": "10.9.1.72", - "address6": "fd0c::48", - "macAddress": "BC:24:19:C4:66:A8" - }, - "local": { - "address4": "10.1.1.45", - "address6": "fd0a::be24:11ff:fec4:66a8", - "macAddress": "BC:24:11:C4:66:A8" - }, - "tail": null + "networks": { + "int": { + "address4": "10.9.1.72", + "address6": "fd0c::48", + "macAddress": "BC:24:19:C4:66:A8" + }, + "local": { + "address4": "10.1.1.45", + "address6": "fd0a::be24:11ff:fec4:66a8", + "macAddress": "BC:24:11:C4:66:A8" + }, + "tail": { + "address4": "100.113.253.48", + "address6": "fd7a:115c:a1e0::f1b1:fd30", + "macAddress": null + } + } } }, "tei": { + "hostName": "tei", "network": { - "int": { - "address4": "10.9.1.69", - "address6": "fd0c::45", - "macAddress": "BC:24:19:CC:66:57" - }, - "local": { - "address4": "10.1.1.39", - "address6": "fd0a::be24:11ff:fecc:6657", - "macAddress": "BC:24:11:CC:66:57" - }, - "tail": null + "networks": { + "int": { + "address4": "10.9.1.69", + "address6": "fd0c::45", + "macAddress": "BC:24:19:CC:66:57" + }, + "local": { + "address4": "10.1.1.39", + "address6": "fd0a::be24:11ff:fecc:6657", + "macAddress": "BC:24:11:CC:66:57" + }, + "tail": { + "address4": "100.74.104.29", + "address6": "fd7a:115c:a1e0::fd8a:681d", + "macAddress": null + } + } } }, "utsuho": { + "hostName": "utsuho", "network": { - "int": { - "address4": "10.9.1.76", - "address6": "fd0c::4c", - "macAddress": "BC:24:19:C4:66:A6" - }, - "local": { - "address4": "10.1.1.38", - "address6": "fd0a::be24:11ff:fec4:66a6", - "macAddress": "BC:24:11:C4:66:A6" - }, - "tail": null + "networks": { + "int": { + "address4": "10.9.1.76", + "address6": "fd0c::4c", + "macAddress": "BC:24:19:C4:66:A6" + }, + "local": { + "address4": "10.1.1.38", + "address6": "fd0a::be24:11ff:fec4:66a6", + "macAddress": "BC:24:11:C4:66:A6" + }, + "tail": null + } } } } diff --git a/systems/shanghai/default.nix b/systems/shanghai/default.nix new file mode 100644 index 00000000..df77125f --- /dev/null +++ b/systems/shanghai/default.nix @@ -0,0 +1,26 @@ +{lib, ...}: let + inherit (lib.strings) concatStringsSep; + dot = concatStringsSep "."; + cutie = dot [ "cutie" "moe" ]; + netname = { config, system, ... }: { + domain = dot [ config.name system.access.domain ]; + }; +in { + type = "Linux"; + access.domain = dot [ "gensokyo" cutie ]; + network.networks = { + local = { + imports = [ netname ]; + macAddress = let + #eth = "18:c0:4d:08:87:bd"; + eth25 = "18:c0:4d:08:87:bc"; + in eth25; + address4 = "10.1.1.32"; + }; + tail = { + imports = [ netname ]; + address4 = "100.104.155.122"; + address6 = "fd7a:115c:a1e0:ab12:4843:cd96:6268:9b7a"; + }; + }; +} diff --git a/systems/tei/proxmox.nix b/systems/tei/proxmox.nix index 9349a622..ae03321e 100644 --- a/systems/tei/proxmox.nix +++ b/systems/tei/proxmox.nix @@ -14,4 +14,10 @@ _: { net1.internal.enable = true; }; }; + network.networks = { + tail = { + address4 = "100.74.104.29"; + address6 = "fd7a:115c:a1e0::fd8a:681d"; + }; + }; } diff --git a/systems/tewi/default.nix b/systems/tewi/default.nix index ea396fa3..4ce86c3b 100644 --- a/systems/tewi/default.nix +++ b/systems/tewi/default.nix @@ -4,4 +4,14 @@ _: { modules = [ ./nixos.nix ]; + network.networks = { + local = { + address4 = null; + address6 = "fd0a::eea8:6bff:fefe:3986"; + }; + tail = { + address4 = "100.88.107.41"; + address6 = "fd7a:115c:a1e0:ab12:4843:cd96:6258:6b29"; + }; + }; } diff --git a/systems/u7pro/default.nix b/systems/u7pro/default.nix new file mode 100644 index 00000000..a3892a03 --- /dev/null +++ b/systems/u7pro/default.nix @@ -0,0 +1,10 @@ +_: { + type = "Linux"; + access.hostName = "u7-pro"; + network.networks = { + local = { + address4 = "10.1.1.3"; + address6 = null; + }; + }; +} diff --git a/tf/cloudflare_records.tf b/tf/cloudflare_records.tf index 230dc35f..024c9855 100644 --- a/tf/cloudflare_records.tf +++ b/tf/cloudflare_records.tf @@ -1,21 +1,15 @@ module "reisen_system_records" { source = "./system/records" - name = "reisen" zone_id = cloudflare_zone.gensokyo-zone_zone.id zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - local_v4 = "10.1.1.40" - int_v4 = "10.9.1.2" - int_v6 = "fd0c::2" + net_data = local.systems.reisen.network } module "hakurei_system_records" { - source = "./system/records" - name = "hakurei" - zone_id = cloudflare_zone.gensokyo-zone_zone.id - zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - net_data = local.proxmox_reisen_systems.hakurei.network - tailscale_v4 = "100.71.65.59" - tailscale_v6 = "fd7a:115c:a1e0::9187:413b" + source = "./system/records" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + net_data = local.systems.hakurei.network local_subdomains = [ "prox", "id", @@ -46,13 +40,10 @@ module "hakurei_system_records" { } module "reimu_system_records" { - source = "./system/records" - name = "reimu" - zone_id = cloudflare_zone.gensokyo-zone_zone.id - zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - net_data = local.proxmox_reisen_systems.reimu.network - tailscale_v4 = "100.113.253.48" - tailscale_v6 = "fd7a:115c:a1e0::f1b1:fd30" + source = "./system/records" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + net_data = local.systems.reimu.network local_subdomains = [ "nfs", ] @@ -60,41 +51,33 @@ module "reimu_system_records" { module "keycloak_system_records" { source = "./system/records" - name = "keycloak" zone_id = cloudflare_zone.gensokyo-zone_zone.id zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - net_data = local.proxmox_reisen_systems.keycloak.network + net_data = local.systems.keycloak.network } module "utsuho_system_records" { source = "./system/records" - name = "utsuho" zone_id = cloudflare_zone.gensokyo-zone_zone.id zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - net_data = local.proxmox_reisen_systems.utsuho.network + net_data = local.systems.utsuho.network } module "aya_system_records" { - source = "./system/records" - name = "aya" - zone_id = cloudflare_zone.gensokyo-zone_zone.id - zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - net_data = local.proxmox_reisen_systems.aya.network - tailscale_v4 = "100.109.213.94" - tailscale_v6 = "fd7a:115c:a1e0::eaed:d55e" + source = "./system/records" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + net_data = local.systems.aya.network local_subdomains = [ "nixbld", ] } module "tewi_system_records" { - source = "./system/records" - name = "tei" - zone_id = cloudflare_zone.gensokyo-zone_zone.id - zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - net_data = local.proxmox_reisen_systems.tei.network - tailscale_v4 = "100.74.104.29" - tailscale_v6 = "fd7a:115c:a1e0::fd8a:681d" + source = "./system/records" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + net_data = local.systems.tei.network local_subdomains = [ "mqtt", "postgresql", @@ -103,10 +86,9 @@ module "tewi_system_records" { module "mediabox_system_records" { source = "./system/records" - name = "mediabox" zone_id = cloudflare_zone.gensokyo-zone_zone.id zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - net_data = local.proxmox_reisen_systems.mediabox.network + net_data = local.systems.mediabox.network local_subdomains = [ "plex", ] @@ -114,18 +96,16 @@ module "mediabox_system_records" { module "litterbox_system_records" { source = "./system/records" - name = "litterbox" zone_id = cloudflare_zone.gensokyo-zone_zone.id zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - net_data = local.proxmox_reisen_systems.litterbox.network + net_data = local.systems.litterbox.network } module "idp_system_records" { source = "./system/records" - name = "idp" zone_id = cloudflare_zone.gensokyo-zone_zone.id zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - net_data = local.proxmox_reisen_systems.freeipa.network + net_data = local.systems.freeipa.network } module "kubernetes_system_records" { @@ -133,23 +113,21 @@ module "kubernetes_system_records" { name = "kubernetes" zone_id = cloudflare_zone.gensokyo-zone_zone.id zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - net_data = local.proxmox_reisen_systems.kuwubernetes.network + net_data = local.systems.kuwubernetes.network } module "freepbx_system_records" { source = "./system/records" - name = "freepbx" zone_id = cloudflare_zone.gensokyo-zone_zone.id zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - net_data = local.proxmox_reisen_systems.freepbx.network + net_data = local.systems.freepbx.network } module "kitchencam_system_records" { source = "./system/records" - name = "kitchencam" zone_id = cloudflare_zone.gensokyo-zone_zone.id zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - local_v6 = "fd0a::ba27:ebff:fea8:f4ff" + net_data = local.systems.kitchencam.network } variable "u7pro_ipv6_postfix" { @@ -158,20 +136,15 @@ variable "u7pro_ipv6_postfix" { module "u7pro_system_records" { source = "./system/records" - name = "u7-pro" zone_id = cloudflare_zone.gensokyo-zone_zone.id zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - local_v4 = "10.1.1.3" + net_data = local.systems.u7pro.network local_v6 = "fd0a::${var.u7pro_ipv6_postfix}" } module "tewi_legacy_system_records" { - source = "./system/records" - name = "tewi" - zone_id = cloudflare_zone.gensokyo-zone_zone.id - zone_zone = cloudflare_zone.gensokyo-zone_zone.zone - tailscale_v4 = "100.88.107.41" - tailscale_v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6258:6b29" - local_v4 = "10.1.1.38" - local_v6 = "fd0a::eea8:6bff:fefe:3986" + source = "./system/records" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + net_data = local.systems.tewi.network } diff --git a/tf/proxmox_reisen.tf b/tf/proxmox_reisen.tf index 9c2869c7..164829ab 100644 --- a/tf/proxmox_reisen.tf +++ b/tf/proxmox_reisen.tf @@ -18,6 +18,8 @@ locals { proxmox_reisen_users = jsondecode(file("${path.root}/../systems/reisen/users.json")) proxmox_reisen_systems = jsondecode(file("${path.root}/../systems/reisen/systems.json")) + + systems = jsondecode(file("${path.root}/../ci/systems.json")) } resource "terraform_data" "proxmox_reisen_etc" { diff --git a/tf/system/records/records.tf b/tf/system/records/records.tf index 83eb7a42..4a935bc4 100644 --- a/tf/system/records/records.tf +++ b/tf/system/records/records.tf @@ -7,15 +7,19 @@ variable "zone_zone" { } variable "name" { - type = string + type = string + default = null } variable "net_data" { - type = map(map(any)) + type = any default = { - local = null - int = null - tail = null + hostName = null + networks = { + local = null + int = null + tail = null + } } } @@ -80,19 +84,20 @@ variable "global_v6" { } locals { - local_name = coalesce(var.local_name, "${var.name}.local") - local_net = coalesce(var.net_data.local, local.empty_net) + name = coalesce(var.name, var.net_data.hostName) + local_name = coalesce(var.local_name, "${local.name}.local") + local_net = coalesce(var.net_data.networks.local, local.empty_net) local_v4 = coalesce(var.local_v4, local.local_net.address4, local.empty_address) local_v6 = coalesce(var.local_v6, local.local_net.address6, local.empty_address) - int_name = coalesce(var.int_name, "${var.name}.int") - int_net = coalesce(var.net_data.int, local.empty_net) + int_name = coalesce(var.int_name, "${local.name}.int") + int_net = coalesce(var.net_data.networks.int, local.empty_net) int_v4 = coalesce(var.int_v4, local.int_net.address4, local.empty_address) int_v6 = coalesce(var.int_v6, local.int_net.address6, local.empty_address) - tailscale_name = coalesce(var.tailscale_name, "${var.name}.tail") - tailscale_net = coalesce(var.net_data.tail, local.empty_net) + tailscale_name = coalesce(var.tailscale_name, "${local.name}.tail") + tailscale_net = coalesce(var.net_data.networks.tail, local.empty_net) tailscale_v4 = coalesce(var.tailscale_v4, local.tailscale_net.address4, local.empty_address) tailscale_v6 = coalesce(var.tailscale_v6, local.tailscale_net.address6, local.empty_address) - global_name = coalesce(var.global_name, var.name) + global_name = coalesce(var.global_name, local.name) has_tailscale = local.tailscale_v4 != local.empty_address || local.tailscale_v6 != local.empty_address has_int = local.int_v4 != local.empty_address || local.int_v6 != local.empty_address @@ -117,7 +122,7 @@ locals { }, { name = local.tailscale_name, - value = var.tailscale_v4, + value = local.tailscale_v4, } ] @@ -136,7 +141,7 @@ locals { }, { name = local.tailscale_name, - value = var.tailscale_v6, + value = local.tailscale_v6, } ] } diff --git a/tree.nix b/tree.nix index afed36be..3f8d65f7 100644 --- a/tree.nix +++ b/tree.nix @@ -62,6 +62,7 @@ "modules/nixos/users".functor.enable = true; "modules/meta".functor.enable = true; "modules/system".functor.enable = true; + "modules/system/network".functor.enable = true; "modules/system/proxmox".functor.enable = true; "modules/system/extern".functor.enable = true; "modules/home".functor.enable = true;