refactor(dnsmasq): system host info

2026-02-09 04:19:19 -08:00 · 2024-03-28 13:07:26 -07:00 · 2024-03-28 13:07:26 -07:00 · 6c88d99ae6
commit 6c88d99ae6
parent 86ac38cf2c
30 changed files with 841 additions and 288 deletions
--- a/ci/generate.sh
+++ b/ci/generate.sh
@ -5,6 +5,7 @@ for node in reisen; do
 	nix eval --json "${NF_CONFIG_ROOT}#lib.generate.$node.users" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/users.json"
 	nix eval --json "${NF_CONFIG_ROOT}#lib.generate.$node.systems" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/systems.json"
 done
 nix eval --json "${NF_CONFIG_ROOT}#lib.generate.systems" | jq -M . > "$NF_CONFIG_ROOT/ci/systems.json"
 for ciconfig in "${NF_CONFIG_FILES[@]}"; do
 	echo "processing ${ciconfig}..." >&2
--- a/ci/systems.json
+++ b/ci/systems.json
@ -0,0 +1,328 @@
 {
  "aya": {
    "network": {
      "hostName": "aya",
      "networks": {
        "int": {
          "address4": "10.9.1.73",
          "address6": "fd0c::49",
          "macAddress": "BC:24:19:C4:66:A9"
        },
        "local": {
          "address4": "10.1.1.47",
          "address6": "fd0a::be24:11ff:fec4:66a9",
          "macAddress": "BC:24:11:C4:66:A9"
        },
        "tail": {
          "address4": "100.109.213.94",
          "address6": "fd7a:115c:a1e0::eaed:d55e",
          "macAddress": null
        }
      }
    }
  },
  "ct": {
    "network": {
      "hostName": "ct",
      "networks": {
        "int": null,
        "local": null,
        "tail": null
      }
    }
  },
  "extern-test": {
    "network": {
      "hostName": "extern-test",
      "networks": {
        "int": null,
        "local": null,
        "tail": null
      }
    }
  },
  "freeipa": {
    "network": {
      "hostName": "idp",
      "networks": {
        "int": {
          "address4": "10.9.1.170",
          "address6": "fd0c::aa",
          "macAddress": "BC:24:19:3D:39:91"
        },
        "local": {
          "address4": "10.1.1.46",
          "address6": "fd0a::be24:11ff:fe3d:3991",
          "macAddress": "BC:24:11:3D:39:91"
        },
        "tail": null
      }
    }
  },
  "freepbx": {
    "network": {
      "hostName": "freepbx",
      "networks": {
        "int": null,
        "local": {
          "address4": null,
          "address6": "fd0a::be24:11ff:fe33:1904",
          "macAddress": "BC:24:11:33:19:04"
        },
        "tail": null
      }
    }
  },
  "hakurei": {
    "network": {
      "hostName": "hakurei",
      "networks": {
        "int": {
          "address4": "10.9.1.71",
          "address6": "fd0c::47",
          "macAddress": "BC:24:19:C4:66:A7"
        },
        "local": {
          "address4": "10.1.1.41",
          "address6": "fd0a::be24:11ff:fec4:66a7",
          "macAddress": "BC:24:11:C4:66:A7"
        },
        "tail": {
          "address4": "100.71.65.59",
          "address6": "fd7a:115c:a1e0::9187:413b",
          "macAddress": null
        }
      }
    }
  },
  "keycloak": {
    "network": {
      "hostName": "keycloak",
      "networks": {
        "int": {
          "address4": "10.9.1.75",
          "address6": "fd0c::4b",
          "macAddress": "BC:24:19:C4:66:AC"
        },
        "local": {
          "address4": "10.1.1.48",
          "address6": "fd0a::be24:11ff:fec4:66ac",
          "macAddress": "BC:24:11:C4:66:AC"
        },
        "tail": null
      }
    }
  },
  "kitchencam": {
    "network": {
      "hostName": "kitchencam",
      "networks": {
        "int": null,
        "local": {
          "address4": null,
          "address6": "fd0a::ba27:ebff:fea8:f4ff",
          "macAddress": null
        },
        "tail": null
      }
    }
  },
  "kuwubernetes": {
    "network": {
      "hostName": "kuwubernetes",
      "networks": {
        "int": null,
        "local": {
          "address4": "10.1.1.42",
          "address6": "fd0a::be24:11ff:fe49:fedc",
          "macAddress": "BC:24:11:49:FE:DC"
        },
        "tail": null
      }
    }
  },
  "litterbox": {
    "network": {
      "hostName": "litterbox",
      "networks": {
        "int": {
          "address4": "10.9.1.74",
          "address6": "fd0c::4a",
          "macAddress": "BC:24:19:C4:66:AB"
        },
        "local": {
          "address4": null,
          "address6": "fd0a::be24:11ff:fec4:66ab",
          "macAddress": "BC:24:11:C4:66:AB"
        },
        "tail": null
      }
    }
  },
  "mediabox": {
    "network": {
      "hostName": "mediabox",
      "networks": {
        "int": {
          "address4": "10.9.1.70",
          "address6": "fd0c::46",
          "macAddress": "BC:24:19:34:F4:A8"
        },
        "local": {
          "address4": "10.1.1.44",
          "address6": "fd0a::be24:11ff:fe34:f4a8",
          "macAddress": "BC:24:11:34:F4:A8"
        },
        "tail": null
      }
    }
  },
  "nue": {
    "network": {
      "hostName": "nue",
      "networks": {
        "int": null,
        "local": {
          "address4": "10.1.1.62",
          "address6": "fd0a::daf8:83ff:fe36:81b6",
          "macAddress": null
        },
        "tail": {
          "address4": "100.86.77.54",
          "address6": "fd7a:115c:a1e0:ab12:4843:cd96:6256:4d36",
          "macAddress": null
        }
      }
    }
  },
  "reimu": {
    "network": {
      "hostName": "reimu",
      "networks": {
        "int": {
          "address4": "10.9.1.72",
          "address6": "fd0c::48",
          "macAddress": "BC:24:19:C4:66:A8"
        },
        "local": {
          "address4": "10.1.1.45",
          "address6": "fd0a::be24:11ff:fec4:66a8",
          "macAddress": "BC:24:11:C4:66:A8"
        },
        "tail": {
          "address4": "100.113.253.48",
          "address6": "fd7a:115c:a1e0::f1b1:fd30",
          "macAddress": null
        }
      }
    }
  },
  "reisen": {
    "network": {
      "hostName": "reisen",
      "networks": {
        "int": {
          "address4": "10.9.1.2",
          "address6": "fd0c::2",
          "macAddress": null
        },
        "local": {
          "address4": "10.1.1.40",
          "address6": null,
          "macAddress": null
        },
        "tail": null
      }
    }
  },
  "shanghai": {
    "network": {
      "hostName": "shanghai",
      "networks": {
        "int": null,
        "local": {
          "address4": "10.1.1.32",
          "address6": "fd0a::1ac0:4dff:fe08:87bc",
          "macAddress": "18:c0:4d:08:87:bc"
        },
        "tail": {
          "address4": "100.104.155.122",
          "address6": "fd7a:115c:a1e0:ab12:4843:cd96:6268:9b7a",
          "macAddress": null
        }
      }
    }
  },
  "tei": {
    "network": {
      "hostName": "tei",
      "networks": {
        "int": {
          "address4": "10.9.1.69",
          "address6": "fd0c::45",
          "macAddress": "BC:24:19:CC:66:57"
        },
        "local": {
          "address4": "10.1.1.39",
          "address6": "fd0a::be24:11ff:fecc:6657",
          "macAddress": "BC:24:11:CC:66:57"
        },
        "tail": {
          "address4": "100.74.104.29",
          "address6": "fd7a:115c:a1e0::fd8a:681d",
          "macAddress": null
        }
      }
    }
  },
  "tewi": {
    "network": {
      "hostName": "tewi",
      "networks": {
        "int": null,
        "local": {
          "address4": null,
          "address6": "fd0a::eea8:6bff:fefe:3986",
          "macAddress": null
        },
        "tail": {
          "address4": "100.88.107.41",
          "address6": "fd7a:115c:a1e0:ab12:4843:cd96:6258:6b29",
          "macAddress": null
        }
      }
    }
  },
  "u7pro": {
    "network": {
      "hostName": "u7-pro",
      "networks": {
        "int": null,
        "local": {
          "address4": "10.1.1.3",
          "address6": null,
          "macAddress": null
        },
        "tail": null
      }
    }
  },
  "utsuho": {
    "network": {
      "hostName": "utsuho",
      "networks": {
        "int": {
          "address4": "10.9.1.76",
          "address6": "fd0c::4c",
          "macAddress": "BC:24:19:C4:66:A6"
        },
        "local": {
          "address4": "10.1.1.38",
          "address6": "fd0a::be24:11ff:fec4:66a6",
          "macAddress": "BC:24:11:C4:66:A6"
        },
        "tail": null
      }
    }
  }
 }
--- a/generate.nix
+++ b/generate.nix
@ -3,11 +3,10 @@
  tree,
 }: let
  nixlib = inputs.nixpkgs.lib;
-  inherit (nixlib.attrsets) mapAttrs filterAttrs mapAttrsToList;
+  inherit (nixlib.attrsets) mapAttrs mapAttrs' nameValuePair filterAttrs mapAttrsToList;
-  inherit (nixlib.lists) elem sortOn;
+  inherit (nixlib.lists) sortOn;
  inherit (nixlib.strings) removeSuffix;
  inherit (nixlib.trivial) mapNullable warn;
  inherit (inputs.self.lib.lib) userIs;
  inherit (inputs.self.lib) systems;
  templateSystem = inputs.self.nixosConfigurations.reimu;
  templateUsers = filterAttrs (_: userIs "peeps") templateSystem.config.users.users;
  mkNodeUsers = users: let
@ -20,23 +19,24 @@
  };
  nodeSystems = let
    matchesNode = nodeName: system: system.config.proxmox.enabled && system.config.proxmox.node.name == nodeName;
-  in nodeName: filterAttrs (_: matchesNode nodeName) inputs.self.lib.systems;
+  in nodeName: filterAttrs (_: matchesNode nodeName) systems;
  mkNodeSystem = system: {
    inherit (system.config.access) hostName;
    network = let
-      inherit (system.config.proxmox) network;
+      inherit (system.config.network) networks;
      inherit (network) internal local;
    in {
-      int = if internal.interface != null then {
+      networks = {
-        inherit (internal.interface) macAddress;
+        int = if networks.int.enable or false then {
-        address4 = removeSuffix "/24" internal.interface.address4;
+          inherit (networks.int) macAddress address4 address6;
-        address6 = removeSuffix "/64" internal.interface.address6;
+        } else null;
-      } else null;
+        local = if networks.local.enable or false then {
-      local = if local.interface != null then {
+          inherit (networks.local) macAddress address4 address6;
-        inherit (local.interface) macAddress;
+        } else null;
-        address4 = mapNullable (removeSuffix "/24") local.interface.local.address4;
+        tail = if networks.tail.enable or false then {
-        address6 = mapNullable (removeSuffix "/64") local.interface.local.address6;
+          inherit (networks.tail) address4 address6;
-      } else null;
+          macAddress = null;
-      tail = warn "TODO: generate network.tail" null;
+        } else null;
      };
    };
  };
  mkNodeSystems = systems: mapAttrs (_: mkNodeSystem) systems;
@ -44,6 +44,20 @@
    users = mkNodeUsers templateUsers;
    systems = mkNodeSystems (nodeSystems name);
  };
  mkNetwork = system: {
    inherit (system.config.access) hostName;
    networks = {
      int = null;
      local = null;
      tail = null;
    } // mapAttrs' (_: network: nameValuePair network.name {
      inherit (network) macAddress address4 address6;
    }) system.config.network.networks;
  };
  mkSystem = name: system: {
    network = mkNetwork system;
  };
 in {
  reisen = mkNode {name = "reisen";};
  systems = mapAttrs mkSystem systems;
 }
--- a/lib.nix
+++ b/lib.nix
@ -4,7 +4,7 @@
  systems,
 }: let
  nixlib = inputs.nixpkgs.lib;
-  inherit (nixlib.modules) mkOrder mkOverride;
+  inherit (nixlib.modules) mkOrder mkOverride defaultOverridePriority;
  inherit (nixlib.strings) splitString toLower;
  inherit (nixlib.lists) imap0 elemAt;
  inherit (nixlib.attrsets) mapAttrs listToAttrs nameValuePair;
@ -38,10 +38,23 @@
  mapListToAttrs = f: l: listToAttrs (map f l);
-  mkAlmostOptionDefault = mkOverride 1400;
+
  overrideOptionDefault = 1500;
  overrideAlmostOptionDefault = 1400;
  overrideDefault = 1000;
  overrideNone = defaultOverridePriority; # 100
  overrideForce = 50;
  overrideVM = 10;
  mkAlmostOptionDefault = mkOverride overrideAlmostOptionDefault;
  orderBefore = 500;
  orderNone = 1000;
  orderAfter = 1500;
  orderAlmostAfter = 1400;
  mkAlmostAfter = mkOrder 1400;
  mapOverride = priority: mapAttrs (_: mkOverride priority);
-  mapOptionDefaults = mapOverride 1500;
+  mapOptionDefaults = mapOverride overrideOptionDefault;
  mapAlmostOptionDefaults = mapOverride overrideAlmostOptionDefault;
  mapDefaults = mapOverride overrideDefault;
  treeToModulesOutput = modules:
    {
@ -60,8 +73,14 @@ in {
  Std = inputs.std-fl.lib;
  lib = {
    domain = "gensokyo.zone";
-    inherit treeToModulesOutput mkWinPath mkBaseDn userIs eui64 toHexStringLower hexCharToInt;
+    inherit treeToModulesOutput userIs
-    inherit mkAlmostAfter mkAlmostOptionDefault mapOptionDefaults mapOverride mapListToAttrs;
+      eui64 mkWinPath mkBaseDn
      toHexStringLower hexCharToInt
      mapListToAttrs
      mkAlmostOptionDefault mapOverride mapOptionDefaults mapAlmostOptionDefaults mapDefaults
      overrideOptionDefault overrideAlmostOptionDefault overrideDefault overrideNone overrideForce overrideVM
      orderBefore orderNone orderAfter orderAlmostAfter
      mkAlmostAfter;
    inherit (inputs.arcexprs.lib) unmerged json;
  };
  generate = import ./generate.nix {inherit inputs tree;};
--- a/modules/nixos/network/netgroups.nix
+++ b/modules/nixos/network/netgroups.nix
@ -76,7 +76,7 @@ in {
        (mkIf config.services.sssd.enable [ "sss" ])
      ];
    };
-    environment.etc."nssswitch.conf".text = mkIf (nssDatabases.netgroup != [ ]) (mkAfter ''
+    environment.etc."nsswitch.conf".text = mkIf (nssDatabases.netgroup != [ ]) (mkAfter ''
      netgroup: ${concatStringsSep " " nssDatabases.netgroup}
    '');
    environment.etc."netgroup" = mkIf (networking.netgroups != { } || networking.extraNetgroups != "") {
--- a/modules/nixos/network/networks.nix
+++ b/modules/nixos/network/networks.nix
@ -1,54 +0,0 @@
 {
  inputs,
  config,
  lib,
  ...
 }: let
  inherit (lib.options) mkOption mkEnableOption;
  inherit (lib.modules) mkIf mkMerge mkOptionDefault;
  inherit (inputs.self.lib.lib) eui64;
  inherit (config) networking services;
  networkModule = {config, ...}: {
    options = with lib.types; {
      mdns = {
        enable =
          mkEnableOption "SLAAC"
          // {
            default = config.matchConfig.Type or null == "ether" && services.resolved.enable;
          };
      };
      slaac = {
        enable =
          mkEnableOption "SLAAC"
          // {
            default = config.matchConfig.Type or null == "ether" && networking.enableIPv6;
          };
        postfix = mkOption {
          type = str;
        };
      };
    };
    config = {
      slaac.postfix = mkIf (config.matchConfig.MACAddress or null != null) (
        mkOptionDefault (eui64 config.matchConfig.MACAddress)
      );
      networkConfig = mkMerge [
        (mkIf config.slaac.enable {
          IPv6AcceptRA = true;
        })
        (mkIf config.mdns.enable {
          MulticastDNS = true;
        })
      ];
      linkConfig = mkIf config.mdns.enable {
        Multicast = true;
      };
    };
  };
 in {
  options = with lib.types; {
    systemd.network.networks = mkOption {
      type = attrsOf (submodule networkModule);
    };
  };
 }
--- a/modules/system/access.nix
+++ b/modules/system/access.nix
@ -102,6 +102,9 @@
  };
 in {
  options.access = with lib.types; {
    fqdn = mkOption {
      type = str;
    };
    hostName = mkOption {
      type = str;
      default = name;
@ -138,6 +141,7 @@ in {
      hasLocal4 = hasLocal && local'interface.local.address4 or null != null;
      hasLocal6 = hasLocal && local'interface.local.address6 or null != null;
    in {
      fqdn = mkOptionDefault "${cfg.hostName}.${cfg.domain}";
      hostnameForNetwork = let
        int = "${cfg.hostName}.int.${cfg.domain}";
        local = "${cfg.hostName}.local.${cfg.domain}";
--- a/modules/system/network/networks.nix
+++ b/modules/system/network/networks.nix
@ -0,0 +1,71 @@
 {config, lib, inputs, ...}: let
  inherit (inputs.self.lib.lib) eui64;
  inherit (lib.options) mkOption mkEnableOption;
  inherit (lib.modules) mkIf mkOptionDefault;
  inherit (lib.trivial) mapNullable;
  networkModule = { config, name, system, ... }: let
    slaacPrefix = {
      local = "fd0a:";
      #int = "fd0c:";
    };
  in {
    options = with lib.types; {
      enable = mkEnableOption "network" // {
        default = true;
      };
      slaac = {
        enable = mkOption {
          type = bool;
        };
        prefix = mkOption {
          type = str;
        };
        postfix = mkOption {
          type = str;
        };
      };
      name = mkOption {
        type = str;
        default = name;
      };
      domain = mkOption {
        type = nullOr str;
      };
      fqdn = mkOption {
        type = nullOr str;
      };
      macAddress = mkOption {
        type = nullOr str;
        default = null;
      };
      address4 = mkOption {
        type = nullOr str;
      };
      address6 = mkOption {
        type = nullOr str;
      };
    };
    config = {
      slaac = {
        enable = mkOptionDefault (slaacPrefix ? ${config.name});
        prefix = mkIf (slaacPrefix ? ${config.name}) (mkOptionDefault slaacPrefix.${config.name});
        postfix = mkIf (config.macAddress != null) (mkOptionDefault (eui64 config.macAddress));
      };
      domain = mkOptionDefault "${config.name}.${system.access.domain}";
      fqdn = mkOptionDefault (mapNullable (domain: "${system.access.hostName}.${domain}") config.domain);
      address6 = mkIf config.slaac.enable (mkOptionDefault "${config.slaac.prefix}:${config.slaac.postfix}");
    };
  };
 in {
  options.network = with lib.types; {
    networks = mkOption {
      type = attrsOf (submoduleWith {
        modules = [ networkModule ];
        specialArgs = {
          system = config;
        };
      });
      default = { };
    };
  };
 }
--- a/modules/system/proxmox/network.nix
+++ b/modules/system/proxmox/network.nix
@ -1,10 +1,10 @@
 {config, lib, inputs, ...}: let
-  inherit (inputs.self.lib.lib) unmerged eui64 toHexStringLower mkAlmostOptionDefault;
+  inherit (inputs.self.lib.lib) unmerged eui64 toHexStringLower mkAlmostOptionDefault mapAlmostOptionDefaults;
  inherit (lib.options) mkOption mkEnableOption;
  inherit (lib.modules) mkIf mkMerge mkOptionDefault;
  inherit (lib.attrsets) attrValues;
  inherit (lib.lists) elem findSingle findFirst;
-  inherit (lib.strings) hasPrefix removePrefix replaceStrings;
+  inherit (lib.strings) hasPrefix removePrefix replaceStrings removeSuffix;
  inherit (lib.trivial) mapNullable;
  cfg = config.proxmox.network;
  internalOffset = 32;
@ -105,6 +105,10 @@
        ];
        networkd.networkSettings = {
          name = mkAlmostOptionDefault config.name;
          ipv6AcceptRAConfig = mkIf (config.address6 == "auto" && config.local.enable) {
            UseDNS = mkOptionDefault false;
            DHCPv6Client = mkOptionDefault false;
          };
          matchConfig = {
            MACAddress = mkIf (config.macAddress != null) (mkOptionDefault config.macAddress);
            Type = mkOptionDefault "ether";
@ -117,7 +121,7 @@
              IPv6AcceptRA = true;
            })
            (mkIf config.mdns.enable {
-              MulticastDNS = true;
+              MulticastDNS = "resolve";
            })
          ];
          address = mkMerge [
@ -179,4 +183,19 @@ in {
    };
    local.interface = mkOptionDefault (findFirst (interface: interface.local.enable) null (attrValues cfg.interfaces));
  };
  config.network.networks = let
    strip4 = mapNullable (removeSuffix "/24");
    strip6 = mapNullable (removeSuffix "/64");
  in {
    int = mkIf (cfg.internal.interface != null) (mapAlmostOptionDefaults {
      inherit (cfg.internal.interface) macAddress;
      address4 = strip4 cfg.internal.interface.address4;
      address6 = strip6 cfg.internal.interface.address6;
    });
    local = mkIf (cfg.local.interface != null) (mapAlmostOptionDefaults {
      inherit (cfg.local.interface) macAddress;
      address4 = strip4 cfg.local.interface.local.address4;
      address6 = strip6 cfg.local.interface.local.address6;
    });
  };
 }
--- a/nixos/avahi.nix
+++ b/nixos/avahi.nix
@ -11,6 +11,8 @@ in {
  services.avahi = {
    enable = mkDefault true;
    ipv6 = mkDefault config.networking.enableIPv6;
    nssmdns4 = mkIf (!config.services.resolved.enable) (mkDefault true);
    nssmdns6 = mkIf (!config.services.resolved.enable) (mkDefault true);
    publish = {
      enable = mkDefault true;
      domain = mkDefault true;
--- a/nixos/dnsmasq.nix
+++ b/nixos/dnsmasq.nix
@ -12,18 +12,22 @@
  inherit (lib.strings) hasPrefix replaceStrings concatStringsSep;
  inherit (lib.trivial) mapNullable;
  cfg = config.services.dnsmasq;
-  mkHostRecordPairs = systemName: system: [
+  inherit (inputs.self.lib) systems;
-    (mkHostRecordPair "int" systemName system)
+  reisenSystems = filterAttrs (_: system:
-    (mkHostRecordPair "local" systemName system)
+    system.config.proxmox.enabled && system.config.proxmox.node.name == "reisen"
-    #(mkHostRecordPair "tail" systemName system)
+  ) systems;
  mkHostRecordPairs = _: system: [
    (mkHostRecordPair "int" system)
    (mkHostRecordPair "local" system)
    (mkHostRecordPair "tail" system)
  ];
  mapDynamic4 = replaceStrings [ "10.1.1." ] [ "0.0.0." ];
  mapDynamic6 = replaceStrings [ "fd0a::" ] [ "2001::" ];
-  mkDynamicHostRecord = systemName: system: let
+  mkDynamicHostRecord = _: system: let
-    address4 = system.network.local.address4 or null;
+    address4 = system.config.network.networks.local.address4 or null;
-    address6 = system.network.local.address6 or null;
+    address6 = system.config.network.networks.local.address6 or null;
  in concatStringsSep "," ([
-    "${systemName}.${config.networking.domain}"
+    system.config.access.fqdn
  ] ++ lib.optional (address4 != null)
    (toString (mapNullable mapDynamic4 address4))
  ++ lib.optional (address6 != null)
@ -31,11 +35,11 @@
  ++ lib.singleton
    cfg.dynamic.interface
  );
-  mkHostRecordPair = network: systemName: system: let
+  mkHostRecordPair = network: system: let
-    address4 = system.network.${network}.address4 or null;
+    address4 = system.config.network.networks.${network}.address4 or null;
-    address6 = system.network.${network}.address6 or null;
+    address6 = system.config.network.networks.${network}.address6 or null;
  in nameValuePair
-    "${systemName}.${network}.${config.networking.domain}"
+    system.config.network.networks.${network}.fqdn or "${network}.${system.config.access.fqdn}"
    (concatStringsSep "," (
    lib.optional (address4 != null)
      (toString address4)
@ -43,7 +47,7 @@
      (toString address6)
    ));
  systemHosts = filterAttrs (_: value: value != "") (
-    listToAttrs (concatLists (mapAttrsToList mkHostRecordPairs generate.reisen.systems))
+    listToAttrs (concatLists (mapAttrsToList mkHostRecordPairs systems))
  );
  mkHostRecord = name: record: "${name},${record}";
  filterns = ns: !hasPrefix "127.0.0" ns || ns == "::1";
@ -66,7 +70,7 @@ in {
      resolveLocalQueries = mkForce false;
      settings = {
        host-record = mapAttrsToList mkHostRecord systemHosts;
-        dynamic-host = mapAttrsToList mkDynamicHostRecord generate.reisen.systems;
+        dynamic-host = mapAttrsToList mkDynamicHostRecord reisenSystems;
        server =
          if config.networking.nameservers' != [ ] then map (ns: ns.address) (filter filterns' config.networking.nameservers')
          else filter filterns config.networking.nameservers
--- a/nixos/ipa.nix
+++ b/nixos/ipa.nix
@ -1,6 +1,6 @@
 { inputs, pkgs, config, lib, ... }: let
  inherit (inputs.self.lib.lib) mkBaseDn;
-  inherit (lib.modules) mkIf mkBefore mkDefault mkOptionDefault;
+  inherit (lib.modules) mkIf mkDefault mkOptionDefault;
  inherit (lib.strings) toUpper;
  inherit (config.networking) domain;
  cfg = config.security.ipa;
@ -47,9 +47,6 @@ in {
      ] ++ config.users.groups.wheel.members;
      dyndns.enable = mkDefault false;
    };
    networking.hosts = mkIf cfg.enable {
      "10.1.1.46" = mkBefore [ "idp.${domain}" ];
    };
    sops.secrets = {
      krb5-keytab = mkIf cfg.enable {
        mode = "0400";
--- a/nixos/reisen-ct/network.nix
+++ b/nixos/reisen-ct/network.nix
@ -1,13 +1,13 @@
 {
  lib,
  config,
  inputs,
  options,
  meta,
  access,
  ...
 }: let
-  inherit (lib.modules) mkIf mkBefore;
+  inherit (lib.modules) mkIf mkBefore mkOrder;
  enableDns = !config.services.dnsmasq.enable && config.networking.hostName != "utsuho" && config.networking.hostName != "ct";
 in {
  imports = let
    inherit (meta) nixos;
@ -15,7 +15,7 @@ in {
    nixos.avahi
  ];
-  services.resolved.enable = true;
+  #services.resolved.enable = mkIf enableDns false;
  systemd.services.avahi-daemon = mkIf (options ? proxmoxLXC && config.services.avahi.enable) {
    serviceConfig.ExecStartPre = mkIf config.services.resolved.enable [
      "+-${config.systemd.package}/bin/resolvectl mdns eth0 yes"
@ -26,9 +26,16 @@ in {
    linkConfig.Multicast = true;
    networkConfig.MulticastDNS = true;
  };
-  networking.nameservers' = mkIf (!config.services.dnsmasq.enable && config.networking.hostName != "utsuho" && config.networking.hostName != "ct") (mkBefore [
+  networking.nameservers' = mkIf enableDns (mkBefore [
    { address = access.getAddressFor "utsuho" "lan"; }
  ]);
  # prioritize our resolver over systemd-resolved!
  system.nssDatabases.hosts = let
    avahiResolverEnabled = config.services.avahi.enable && (config.services.avahi.nssmdns4 || config.services.avahi.nssmdns4);
  in mkIf (enableDns && (config.services.resolved.enable || avahiResolverEnabled)) (mkOrder 499 ["dns"]);
  services.resolved.extraConfig = mkIf enableDns ''
    DNSStubListener=no
  '';
  boot.kernel.sysctl = {
    # not sure how to get it to overlap with subgid/idmap...
--- a/systems/aya/proxmox.nix
+++ b/systems/aya/proxmox.nix
@ -19,4 +19,10 @@ _: {
      };
    };
  };
  network.networks = {
    tail = {
      address4 = "100.109.213.94";
      address6 = "fd7a:115c:a1e0::eaed:d55e";
    };
  };
 }
--- a/systems/freeipa/default.nix
+++ b/systems/freeipa/default.nix
@ -1,5 +1,6 @@
 _: {
  type = "Linux";
  access.hostName = "idp";
  proxmox = {
    vm = {
      id = 202;
--- a/systems/hakurei/default.nix
+++ b/systems/hakurei/default.nix
@ -7,6 +7,12 @@ _: {
  modules = [
    ./nixos.nix
  ];
  network.networks = {
    tail = {
      address4 = "100.71.65.59";
      address6 = "fd7a:115c:a1e0::9187:413b";
    };
  };
  access = {
    tailscale.enable = true;
    global.enable = true;
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@ -214,7 +214,7 @@ in {
      host = getHostnameFor "utsuho" "lan";
    };
    access.freeipa = {
-      host = "idp.local.${config.networking.domain}";
+      host = getHostnameFor "freeipa" "lan";
      kerberos.ports.kpasswd = 464;
    };
    access.kitchencam = {
--- a/systems/kitchencam/default.nix
+++ b/systems/kitchencam/default.nix
@ -8,4 +8,11 @@ _: {
      source = ./motion.conf;
    };
  };
  network.networks = {
    local = {
      # TODO: macAddress = ?;
      address4 = null;
      address6 = "fd0a::ba27:ebff:fea8:f4ff";
    };
  };
 }
--- a/systems/nue/default.nix
+++ b/systems/nue/default.nix
@ -0,0 +1,23 @@
 {lib, ...}: let
  inherit (lib.strings) concatStringsSep;
  dot = concatStringsSep ".";
  cutie = dot [ "cutie" "moe" ];
  netname = { config, system, ... }: {
    domain = dot [ config.name system.access.domain ];
  };
 in {
  type = "Linux";
  access.domain = dot [ "gensokyo" cutie ];
  network.networks = {
    local = {
      imports = [ netname ];
      address4 = "10.1.1.62";
      address6 = "fd0a::daf8:83ff:fe36:81b6";
    };
    tail = {
      imports = [ netname ];
      address4 = "100.86.77.54";
      address6 = "fd7a:115c:a1e0:ab12:4843:cd96:6256:4d36";
    };
  };
 }
--- a/systems/reimu/proxmox.nix
+++ b/systems/reimu/proxmox.nix
@ -15,4 +15,10 @@ _: {
      net1.internal.enable = true;
    };
  };
  network.networks = {
    tail = {
      address4 = "100.113.253.48";
      address6 = "fd7a:115c:a1e0::f1b1:fd30";
    };
  };
 }
--- a/systems/reisen/default.nix
+++ b/systems/reisen/default.nix
@ -1,3 +1,13 @@
 _: {
  type = "Linux";
  network.networks = {
    local = {
      address4 = "10.1.1.40";
      address6 = null;
    };
    int = {
      address4 = "10.9.1.2";
      address6 = "fd0c::2";
    };
  };
 }
--- a/systems/reisen/systems.json
+++ b/systems/reisen/systems.json
@ -1,159 +1,208 @@
 {
  "aya": {
    "hostName": "aya",
    "network": {
-      "int": {
+      "networks": {
-        "address4": "10.9.1.73",
+        "int": {
-        "address6": "fd0c::49",
+          "address4": "10.9.1.73",
-        "macAddress": "BC:24:19:C4:66:A9"
+          "address6": "fd0c::49",
-      },
+          "macAddress": "BC:24:19:C4:66:A9"
-      "local": {
+        },
-        "address4": "10.1.1.47",
+        "local": {
-        "address6": "fd0a::be24:11ff:fec4:66a9",
+          "address4": "10.1.1.47",
-        "macAddress": "BC:24:11:C4:66:A9"
+          "address6": "fd0a::be24:11ff:fec4:66a9",
-      },
+          "macAddress": "BC:24:11:C4:66:A9"
-      "tail": null
+        },
        "tail": {
          "address4": "100.109.213.94",
          "address6": "fd7a:115c:a1e0::eaed:d55e",
          "macAddress": null
        }
      }
    }
  },
  "freeipa": {
    "hostName": "idp",
    "network": {
-      "int": {
+      "networks": {
-        "address4": "10.9.1.170",
+        "int": {
-        "address6": "fd0c::aa",
+          "address4": "10.9.1.170",
-        "macAddress": "BC:24:19:3D:39:91"
+          "address6": "fd0c::aa",
-      },
+          "macAddress": "BC:24:19:3D:39:91"
-      "local": {
+        },
-        "address4": "10.1.1.46",
+        "local": {
-        "address6": "fd0a::be24:11ff:fe3d:3991",
+          "address4": "10.1.1.46",
-        "macAddress": "BC:24:11:3D:39:91"
+          "address6": "fd0a::be24:11ff:fe3d:3991",
-      },
+          "macAddress": "BC:24:11:3D:39:91"
-      "tail": null
+        },
        "tail": null
      }
    }
  },
  "freepbx": {
    "hostName": "freepbx",
    "network": {
-      "int": null,
+      "networks": {
-      "local": {
+        "int": null,
-        "address4": null,
+        "local": {
-        "address6": "fd0a::be24:11ff:fe33:1904",
+          "address4": null,
-        "macAddress": "BC:24:11:33:19:04"
+          "address6": "fd0a::be24:11ff:fe33:1904",
-      },
+          "macAddress": "BC:24:11:33:19:04"
-      "tail": null
+        },
        "tail": null
      }
    }
  },
  "hakurei": {
    "hostName": "hakurei",
    "network": {
-      "int": {
+      "networks": {
-        "address4": "10.9.1.71",
+        "int": {
-        "address6": "fd0c::47",
+          "address4": "10.9.1.71",
-        "macAddress": "BC:24:19:C4:66:A7"
+          "address6": "fd0c::47",
-      },
+          "macAddress": "BC:24:19:C4:66:A7"
-      "local": {
+        },
-        "address4": "10.1.1.41",
+        "local": {
-        "address6": "fd0a::be24:11ff:fec4:66a7",
+          "address4": "10.1.1.41",
-        "macAddress": "BC:24:11:C4:66:A7"
+          "address6": "fd0a::be24:11ff:fec4:66a7",
-      },
+          "macAddress": "BC:24:11:C4:66:A7"
-      "tail": null
+        },
        "tail": {
          "address4": "100.71.65.59",
          "address6": "fd7a:115c:a1e0::9187:413b",
          "macAddress": null
        }
      }
    }
  },
  "keycloak": {
    "hostName": "keycloak",
    "network": {
-      "int": {
+      "networks": {
-        "address4": "10.9.1.75",
+        "int": {
-        "address6": "fd0c::4b",
+          "address4": "10.9.1.75",
-        "macAddress": "BC:24:19:C4:66:AC"
+          "address6": "fd0c::4b",
-      },
+          "macAddress": "BC:24:19:C4:66:AC"
-      "local": {
+        },
-        "address4": "10.1.1.48",
+        "local": {
-        "address6": "fd0a::be24:11ff:fec4:66ac",
+          "address4": "10.1.1.48",
-        "macAddress": "BC:24:11:C4:66:AC"
+          "address6": "fd0a::be24:11ff:fec4:66ac",
-      },
+          "macAddress": "BC:24:11:C4:66:AC"
-      "tail": null
+        },
        "tail": null
      }
    }
  },
  "kuwubernetes": {
    "hostName": "kuwubernetes",
    "network": {
-      "int": null,
+      "networks": {
-      "local": {
+        "int": null,
-        "address4": "10.1.1.42",
+        "local": {
-        "address6": "fd0a::be24:11ff:fe49:fedc",
+          "address4": "10.1.1.42",
-        "macAddress": "BC:24:11:49:FE:DC"
+          "address6": "fd0a::be24:11ff:fe49:fedc",
-      },
+          "macAddress": "BC:24:11:49:FE:DC"
-      "tail": null
+        },
        "tail": null
      }
    }
  },
  "litterbox": {
    "hostName": "litterbox",
    "network": {
-      "int": {
+      "networks": {
-        "address4": "10.9.1.74",
+        "int": {
-        "address6": "fd0c::4a",
+          "address4": "10.9.1.74",
-        "macAddress": "BC:24:19:C4:66:AB"
+          "address6": "fd0c::4a",
-      },
+          "macAddress": "BC:24:19:C4:66:AB"
-      "local": {
+        },
-        "address4": null,
+        "local": {
-        "address6": "fd0a::be24:11ff:fec4:66ab",
+          "address4": null,
-        "macAddress": "BC:24:11:C4:66:AB"
+          "address6": "fd0a::be24:11ff:fec4:66ab",
-      },
+          "macAddress": "BC:24:11:C4:66:AB"
-      "tail": null
+        },
        "tail": null
      }
    }
  },
  "mediabox": {
    "hostName": "mediabox",
    "network": {
-      "int": {
+      "networks": {
-        "address4": "10.9.1.70",
+        "int": {
-        "address6": "fd0c::46",
+          "address4": "10.9.1.70",
-        "macAddress": "BC:24:19:34:F4:A8"
+          "address6": "fd0c::46",
-      },
+          "macAddress": "BC:24:19:34:F4:A8"
-      "local": {
+        },
-        "address4": "10.1.1.44",
+        "local": {
-        "address6": "fd0a::be24:11ff:fe34:f4a8",
+          "address4": "10.1.1.44",
-        "macAddress": "BC:24:11:34:F4:A8"
+          "address6": "fd0a::be24:11ff:fe34:f4a8",
-      },
+          "macAddress": "BC:24:11:34:F4:A8"
-      "tail": null
+        },
        "tail": null
      }
    }
  },
  "reimu": {
    "hostName": "reimu",
    "network": {
-      "int": {
+      "networks": {
-        "address4": "10.9.1.72",
+        "int": {
-        "address6": "fd0c::48",
+          "address4": "10.9.1.72",
-        "macAddress": "BC:24:19:C4:66:A8"
+          "address6": "fd0c::48",
-      },
+          "macAddress": "BC:24:19:C4:66:A8"
-      "local": {
+        },
-        "address4": "10.1.1.45",
+        "local": {
-        "address6": "fd0a::be24:11ff:fec4:66a8",
+          "address4": "10.1.1.45",
-        "macAddress": "BC:24:11:C4:66:A8"
+          "address6": "fd0a::be24:11ff:fec4:66a8",
-      },
+          "macAddress": "BC:24:11:C4:66:A8"
-      "tail": null
+        },
        "tail": {
          "address4": "100.113.253.48",
          "address6": "fd7a:115c:a1e0::f1b1:fd30",
          "macAddress": null
        }
      }
    }
  },
  "tei": {
    "hostName": "tei",
    "network": {
-      "int": {
+      "networks": {
-        "address4": "10.9.1.69",
+        "int": {
-        "address6": "fd0c::45",
+          "address4": "10.9.1.69",
-        "macAddress": "BC:24:19:CC:66:57"
+          "address6": "fd0c::45",
-      },
+          "macAddress": "BC:24:19:CC:66:57"
-      "local": {
+        },
-        "address4": "10.1.1.39",
+        "local": {
-        "address6": "fd0a::be24:11ff:fecc:6657",
+          "address4": "10.1.1.39",
-        "macAddress": "BC:24:11:CC:66:57"
+          "address6": "fd0a::be24:11ff:fecc:6657",
-      },
+          "macAddress": "BC:24:11:CC:66:57"
-      "tail": null
+        },
        "tail": {
          "address4": "100.74.104.29",
          "address6": "fd7a:115c:a1e0::fd8a:681d",
          "macAddress": null
        }
      }
    }
  },
  "utsuho": {
    "hostName": "utsuho",
    "network": {
-      "int": {
+      "networks": {
-        "address4": "10.9.1.76",
+        "int": {
-        "address6": "fd0c::4c",
+          "address4": "10.9.1.76",
-        "macAddress": "BC:24:19:C4:66:A6"
+          "address6": "fd0c::4c",
-      },
+          "macAddress": "BC:24:19:C4:66:A6"
-      "local": {
+        },
-        "address4": "10.1.1.38",
+        "local": {
-        "address6": "fd0a::be24:11ff:fec4:66a6",
+          "address4": "10.1.1.38",
-        "macAddress": "BC:24:11:C4:66:A6"
+          "address6": "fd0a::be24:11ff:fec4:66a6",
-      },
+          "macAddress": "BC:24:11:C4:66:A6"
-      "tail": null
+        },
        "tail": null
      }
    }
  }
 }
--- a/systems/shanghai/default.nix
+++ b/systems/shanghai/default.nix
@ -0,0 +1,26 @@
 {lib, ...}: let
  inherit (lib.strings) concatStringsSep;
  dot = concatStringsSep ".";
  cutie = dot [ "cutie" "moe" ];
  netname = { config, system, ... }: {
    domain = dot [ config.name system.access.domain ];
  };
 in {
  type = "Linux";
  access.domain = dot [ "gensokyo" cutie ];
  network.networks = {
    local = {
      imports = [ netname ];
      macAddress = let
        #eth = "18:c0:4d:08:87:bd";
        eth25 = "18:c0:4d:08:87:bc";
      in eth25;
      address4 = "10.1.1.32";
    };
    tail = {
      imports = [ netname ];
      address4 = "100.104.155.122";
      address6 = "fd7a:115c:a1e0:ab12:4843:cd96:6268:9b7a";
    };
  };
 }
--- a/systems/tei/proxmox.nix
+++ b/systems/tei/proxmox.nix
@ -14,4 +14,10 @@ _: {
      net1.internal.enable = true;
    };
  };
  network.networks = {
    tail = {
      address4 = "100.74.104.29";
      address6 = "fd7a:115c:a1e0::fd8a:681d";
    };
  };
 }
--- a/systems/tewi/default.nix
+++ b/systems/tewi/default.nix
@ -4,4 +4,14 @@ _: {
  modules = [
    ./nixos.nix
  ];
  network.networks = {
    local = {
      address4 = null;
      address6 = "fd0a::eea8:6bff:fefe:3986";
    };
    tail = {
      address4 = "100.88.107.41";
      address6 = "fd7a:115c:a1e0:ab12:4843:cd96:6258:6b29";
    };
  };
 }
--- a/systems/u7pro/default.nix
+++ b/systems/u7pro/default.nix
@ -0,0 +1,10 @@
 _: {
  type = "Linux";
  access.hostName = "u7-pro";
  network.networks = {
    local = {
      address4 = "10.1.1.3";
      address6 = null;
    };
  };
 }
--- a/tf/cloudflare_records.tf
+++ b/tf/cloudflare_records.tf
@ -1,21 +1,15 @@
 module "reisen_system_records" {
  source    = "./system/records"
  name      = "reisen"
  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  local_v4  = "10.1.1.40"
+  net_data  = local.systems.reisen.network
  int_v4    = "10.9.1.2"
  int_v6    = "fd0c::2"
 }
 module "hakurei_system_records" {
-  source       = "./system/records"
+  source    = "./system/records"
-  name         = "hakurei"
+  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
-  zone_id      = cloudflare_zone.gensokyo-zone_zone.id
+  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  zone_zone    = cloudflare_zone.gensokyo-zone_zone.zone
+  net_data  = local.systems.hakurei.network
  net_data     = local.proxmox_reisen_systems.hakurei.network
  tailscale_v4 = "100.71.65.59"
  tailscale_v6 = "fd7a:115c:a1e0::9187:413b"
  local_subdomains = [
    "prox",
    "id",
@ -46,13 +40,10 @@ module "hakurei_system_records" {
 }
 module "reimu_system_records" {
-  source       = "./system/records"
+  source    = "./system/records"
-  name         = "reimu"
+  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
-  zone_id      = cloudflare_zone.gensokyo-zone_zone.id
+  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  zone_zone    = cloudflare_zone.gensokyo-zone_zone.zone
+  net_data  = local.systems.reimu.network
  net_data     = local.proxmox_reisen_systems.reimu.network
  tailscale_v4 = "100.113.253.48"
  tailscale_v6 = "fd7a:115c:a1e0::f1b1:fd30"
  local_subdomains = [
    "nfs",
  ]
@ -60,41 +51,33 @@ module "reimu_system_records" {
 module "keycloak_system_records" {
  source    = "./system/records"
  name      = "keycloak"
  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  net_data  = local.proxmox_reisen_systems.keycloak.network
+  net_data  = local.systems.keycloak.network
 }
 module "utsuho_system_records" {
  source    = "./system/records"
  name      = "utsuho"
  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  net_data  = local.proxmox_reisen_systems.utsuho.network
+  net_data  = local.systems.utsuho.network
 }
 module "aya_system_records" {
-  source       = "./system/records"
+  source    = "./system/records"
-  name         = "aya"
+  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
-  zone_id      = cloudflare_zone.gensokyo-zone_zone.id
+  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  zone_zone    = cloudflare_zone.gensokyo-zone_zone.zone
+  net_data  = local.systems.aya.network
  net_data     = local.proxmox_reisen_systems.aya.network
  tailscale_v4 = "100.109.213.94"
  tailscale_v6 = "fd7a:115c:a1e0::eaed:d55e"
  local_subdomains = [
    "nixbld",
  ]
 }
 module "tewi_system_records" {
-  source       = "./system/records"
+  source    = "./system/records"
-  name         = "tei"
+  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
-  zone_id      = cloudflare_zone.gensokyo-zone_zone.id
+  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  zone_zone    = cloudflare_zone.gensokyo-zone_zone.zone
+  net_data  = local.systems.tei.network
  net_data     = local.proxmox_reisen_systems.tei.network
  tailscale_v4 = "100.74.104.29"
  tailscale_v6 = "fd7a:115c:a1e0::fd8a:681d"
  local_subdomains = [
    "mqtt",
    "postgresql",
@ -103,10 +86,9 @@ module "tewi_system_records" {
 module "mediabox_system_records" {
  source    = "./system/records"
  name      = "mediabox"
  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  net_data  = local.proxmox_reisen_systems.mediabox.network
+  net_data  = local.systems.mediabox.network
  local_subdomains = [
    "plex",
  ]
@ -114,18 +96,16 @@ module "mediabox_system_records" {
 module "litterbox_system_records" {
  source    = "./system/records"
  name      = "litterbox"
  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  net_data  = local.proxmox_reisen_systems.litterbox.network
+  net_data  = local.systems.litterbox.network
 }
 module "idp_system_records" {
  source    = "./system/records"
  name      = "idp"
  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  net_data  = local.proxmox_reisen_systems.freeipa.network
+  net_data  = local.systems.freeipa.network
 }
 module "kubernetes_system_records" {
@ -133,23 +113,21 @@ module "kubernetes_system_records" {
  name      = "kubernetes"
  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  net_data  = local.proxmox_reisen_systems.kuwubernetes.network
+  net_data  = local.systems.kuwubernetes.network
 }
 module "freepbx_system_records" {
  source    = "./system/records"
  name      = "freepbx"
  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  net_data  = local.proxmox_reisen_systems.freepbx.network
+  net_data  = local.systems.freepbx.network
 }
 module "kitchencam_system_records" {
  source    = "./system/records"
  name      = "kitchencam"
  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  local_v6  = "fd0a::ba27:ebff:fea8:f4ff"
+  net_data  = local.systems.kitchencam.network
 }
 variable "u7pro_ipv6_postfix" {
@ -158,20 +136,15 @@ variable "u7pro_ipv6_postfix" {
 module "u7pro_system_records" {
  source    = "./system/records"
  name      = "u7-pro"
  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  local_v4  = "10.1.1.3"
+  net_data  = local.systems.u7pro.network
  local_v6  = "fd0a::${var.u7pro_ipv6_postfix}"
 }
 module "tewi_legacy_system_records" {
-  source       = "./system/records"
+  source    = "./system/records"
-  name         = "tewi"
+  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
-  zone_id      = cloudflare_zone.gensokyo-zone_zone.id
+  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
-  zone_zone    = cloudflare_zone.gensokyo-zone_zone.zone
+  net_data  = local.systems.tewi.network
  tailscale_v4 = "100.88.107.41"
  tailscale_v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6258:6b29"
  local_v4     = "10.1.1.38"
  local_v6     = "fd0a::eea8:6bff:fefe:3986"
 }
--- a/tf/proxmox_reisen.tf
+++ b/tf/proxmox_reisen.tf
@ -18,6 +18,8 @@ locals {
  proxmox_reisen_users   = jsondecode(file("${path.root}/../systems/reisen/users.json"))
  proxmox_reisen_systems = jsondecode(file("${path.root}/../systems/reisen/systems.json"))
  systems = jsondecode(file("${path.root}/../ci/systems.json"))
 }
 resource "terraform_data" "proxmox_reisen_etc" {
--- a/tf/system/records/records.tf
+++ b/tf/system/records/records.tf
@ -7,15 +7,19 @@ variable "zone_zone" {
 }
 variable "name" {
-  type = string
+  type    = string
  default = null
 }
 variable "net_data" {
-  type = map(map(any))
+  type = any
  default = {
-    local = null
+    hostName = null
-    int   = null
+    networks = {
-    tail  = null
+      local = null
      int   = null
      tail  = null
    }
  }
 }
@ -80,19 +84,20 @@ variable "global_v6" {
 }
 locals {
-  local_name     = coalesce(var.local_name, "${var.name}.local")
+  name           = coalesce(var.name, var.net_data.hostName)
-  local_net      = coalesce(var.net_data.local, local.empty_net)
+  local_name     = coalesce(var.local_name, "${local.name}.local")
  local_net      = coalesce(var.net_data.networks.local, local.empty_net)
  local_v4       = coalesce(var.local_v4, local.local_net.address4, local.empty_address)
  local_v6       = coalesce(var.local_v6, local.local_net.address6, local.empty_address)
-  int_name       = coalesce(var.int_name, "${var.name}.int")
+  int_name       = coalesce(var.int_name, "${local.name}.int")
-  int_net        = coalesce(var.net_data.int, local.empty_net)
+  int_net        = coalesce(var.net_data.networks.int, local.empty_net)
  int_v4         = coalesce(var.int_v4, local.int_net.address4, local.empty_address)
  int_v6         = coalesce(var.int_v6, local.int_net.address6, local.empty_address)
-  tailscale_name = coalesce(var.tailscale_name, "${var.name}.tail")
+  tailscale_name = coalesce(var.tailscale_name, "${local.name}.tail")
-  tailscale_net  = coalesce(var.net_data.tail, local.empty_net)
+  tailscale_net  = coalesce(var.net_data.networks.tail, local.empty_net)
  tailscale_v4   = coalesce(var.tailscale_v4, local.tailscale_net.address4, local.empty_address)
  tailscale_v6   = coalesce(var.tailscale_v6, local.tailscale_net.address6, local.empty_address)
-  global_name    = coalesce(var.global_name, var.name)
+  global_name    = coalesce(var.global_name, local.name)
  has_tailscale = local.tailscale_v4 != local.empty_address || local.tailscale_v6 != local.empty_address
  has_int       = local.int_v4 != local.empty_address || local.int_v6 != local.empty_address
@ -117,7 +122,7 @@ locals {
    },
    {
      name  = local.tailscale_name,
-      value = var.tailscale_v4,
+      value = local.tailscale_v4,
    }
  ]
@ -136,7 +141,7 @@ locals {
    },
    {
      name  = local.tailscale_name,
-      value = var.tailscale_v6,
+      value = local.tailscale_v6,
    }
  ]
 }
--- a/tree.nix
+++ b/tree.nix
@ -62,6 +62,7 @@
    "modules/nixos/users".functor.enable = true;
    "modules/meta".functor.enable = true;
    "modules/system".functor.enable = true;
    "modules/system/network".functor.enable = true;
    "modules/system/proxmox".functor.enable = true;
    "modules/system/extern".functor.enable = true;
    "modules/home".functor.enable = true;