gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(dnsmasq): system host info

Browse source
This commit is contained in:
arcnmx 2024-03-28 13:07:26 -07:00
parent 86ac38cf2c
commit 6c88d99ae6
30 changed files with 841 additions and 288 deletions
Download patch file Download diff file Expand all files Collapse all files

1
ci/generate.sh
View file

@ -5,6 +5,7 @@ for node in reisen; do
nix eval --json "${NF_CONFIG_ROOT}#lib.generate.$node.users" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/users.json"
nix eval --json "${NF_CONFIG_ROOT}#lib.generate.$node.systems" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/systems.json"
done
nix eval --json "${NF_CONFIG_ROOT}#lib.generate.systems" | jq -M . > "$NF_CONFIG_ROOT/ci/systems.json"
for ciconfig in "${NF_CONFIG_FILES[@]}"; do
echo "processing ${ciconfig}..." >&2

328
ci/systems.json Normal file
View file

@ -0,0 +1,328 @@
{
"aya": {
"network": {
"hostName": "aya",
"networks": {
"int": {
"address4": "10.9.1.73",
"address6": "fd0c::49",
"macAddress": "BC:24:19:C4:66:A9"
},
"local": {
"address4": "10.1.1.47",
"address6": "fd0a::be24:11ff:fec4:66a9",
"macAddress": "BC:24:11:C4:66:A9"
},
"tail": {
"address4": "100.109.213.94",
"address6": "fd7a:115c:a1e0::eaed:d55e",
"macAddress": null
}
}
}
},
"ct": {
"network": {
"hostName": "ct",
"networks": {
"int": null,
"local": null,
"tail": null
}
}
},
"extern-test": {
"network": {
"hostName": "extern-test",
"networks": {
"int": null,
"local": null,
"tail": null
}
}
},
"freeipa": {
"network": {
"hostName": "idp",
"networks": {
"int": {
"address4": "10.9.1.170",
"address6": "fd0c::aa",
"macAddress": "BC:24:19:3D:39:91"
},
"local": {
"address4": "10.1.1.46",
"address6": "fd0a::be24:11ff:fe3d:3991",
"macAddress": "BC:24:11:3D:39:91"
},
"tail": null
}
}
},
"freepbx": {
"network": {
"hostName": "freepbx",
"networks": {
"int": null,
"local": {
"address4": null,
"address6": "fd0a::be24:11ff:fe33:1904",
"macAddress": "BC:24:11:33:19:04"
},
"tail": null
}
}
},
"hakurei": {
"network": {
"hostName": "hakurei",
"networks": {
"int": {
"address4": "10.9.1.71",
"address6": "fd0c::47",
"macAddress": "BC:24:19:C4:66:A7"
},
"local": {
"address4": "10.1.1.41",
"address6": "fd0a::be24:11ff:fec4:66a7",
"macAddress": "BC:24:11:C4:66:A7"
},
"tail": {
"address4": "100.71.65.59",
"address6": "fd7a:115c:a1e0::9187:413b",
"macAddress": null
}
}
}
},
"keycloak": {
"network": {
"hostName": "keycloak",
"networks": {
"int": {
"address4": "10.9.1.75",
"address6": "fd0c::4b",
"macAddress": "BC:24:19:C4:66:AC"
},
"local": {
"address4": "10.1.1.48",
"address6": "fd0a::be24:11ff:fec4:66ac",
"macAddress": "BC:24:11:C4:66:AC"
},
"tail": null
}
}
},
"kitchencam": {
"network": {
"hostName": "kitchencam",
"networks": {
"int": null,
"local": {
"address4": null,
"address6": "fd0a::ba27:ebff:fea8:f4ff",
"macAddress": null
},
"tail": null
}
}
},
"kuwubernetes": {
"network": {
"hostName": "kuwubernetes",
"networks": {
"int": null,
"local": {
"address4": "10.1.1.42",
"address6": "fd0a::be24:11ff:fe49:fedc",
"macAddress": "BC:24:11:49:FE:DC"
},
"tail": null
}
}
},
"litterbox": {
"network": {
"hostName": "litterbox",
"networks": {
"int": {
"address4": "10.9.1.74",
"address6": "fd0c::4a",
"macAddress": "BC:24:19:C4:66:AB"
},
"local": {
"address4": null,
"address6": "fd0a::be24:11ff:fec4:66ab",
"macAddress": "BC:24:11:C4:66:AB"
},
"tail": null
}
}
},
"mediabox": {
"network": {
"hostName": "mediabox",
"networks": {
"int": {
"address4": "10.9.1.70",
"address6": "fd0c::46",
"macAddress": "BC:24:19:34:F4:A8"
},
"local": {
"address4": "10.1.1.44",
"address6": "fd0a::be24:11ff:fe34:f4a8",
"macAddress": "BC:24:11:34:F4:A8"
},
"tail": null
}
}
},
"nue": {
"network": {
"hostName": "nue",
"networks": {
"int": null,
"local": {
"address4": "10.1.1.62",
"address6": "fd0a::daf8:83ff:fe36:81b6",
"macAddress": null
},
"tail": {
"address4": "100.86.77.54",
"address6": "fd7a:115c:a1e0:ab12:4843:cd96:6256:4d36",
"macAddress": null
}
}
}
},
"reimu": {
"network": {
"hostName": "reimu",
"networks": {
"int": {
"address4": "10.9.1.72",
"address6": "fd0c::48",
"macAddress": "BC:24:19:C4:66:A8"
},
"local": {
"address4": "10.1.1.45",
"address6": "fd0a::be24:11ff:fec4:66a8",
"macAddress": "BC:24:11:C4:66:A8"
},
"tail": {
"address4": "100.113.253.48",
"address6": "fd7a:115c:a1e0::f1b1:fd30",
"macAddress": null
}
}
}
},
"reisen": {
"network": {
"hostName": "reisen",
"networks": {
"int": {
"address4": "10.9.1.2",
"address6": "fd0c::2",
"macAddress": null
},
"local": {
"address4": "10.1.1.40",
"address6": null,
"macAddress": null
},
"tail": null
}
}
},
"shanghai": {
"network": {
"hostName": "shanghai",
"networks": {
"int": null,
"local": {
"address4": "10.1.1.32",
"address6": "fd0a::1ac0:4dff:fe08:87bc",
"macAddress": "18:c0:4d:08:87:bc"
},
"tail": {
"address4": "100.104.155.122",
"address6": "fd7a:115c:a1e0:ab12:4843:cd96:6268:9b7a",
"macAddress": null
}
}
}
},
"tei": {
"network": {
"hostName": "tei",
"networks": {
"int": {
"address4": "10.9.1.69",
"address6": "fd0c::45",
"macAddress": "BC:24:19:CC:66:57"
},
"local": {
"address4": "10.1.1.39",
"address6": "fd0a::be24:11ff:fecc:6657",
"macAddress": "BC:24:11:CC:66:57"
},
"tail": {
"address4": "100.74.104.29",
"address6": "fd7a:115c:a1e0::fd8a:681d",
"macAddress": null
}
}
}
},
"tewi": {
"network": {
"hostName": "tewi",
"networks": {
"int": null,
"local": {
"address4": null,
"address6": "fd0a::eea8:6bff:fefe:3986",
"macAddress": null
},
"tail": {
"address4": "100.88.107.41",
"address6": "fd7a:115c:a1e0:ab12:4843:cd96:6258:6b29",
"macAddress": null
}
}
}
},
"u7pro": {
"network": {
"hostName": "u7-pro",
"networks": {
"int": null,
"local": {
"address4": "10.1.1.3",
"address6": null,
"macAddress": null
},
"tail": null
}
}
},
"utsuho": {
"network": {
"hostName": "utsuho",
"networks": {
"int": {
"address4": "10.9.1.76",
"address6": "fd0c::4c",
"macAddress": "BC:24:19:C4:66:A6"
},
"local": {
"address4": "10.1.1.38",
"address6": "fd0a::be24:11ff:fec4:66a6",
"macAddress": "BC:24:11:C4:66:A6"
},
"tail": null
}
}
}
}

46
generate.nix
View file

@ -3,11 +3,10 @@
tree,
}: let
nixlib = inputs.nixpkgs.lib;
inherit (nixlib.attrsets) mapAttrs filterAttrs mapAttrsToList;
inherit (nixlib.lists) elem sortOn;
inherit (nixlib.strings) removeSuffix;
inherit (nixlib.trivial) mapNullable warn;
inherit (nixlib.attrsets) mapAttrs mapAttrs' nameValuePair filterAttrs mapAttrsToList;
inherit (nixlib.lists) sortOn;
inherit (inputs.self.lib.lib) userIs;
inherit (inputs.self.lib) systems;
templateSystem = inputs.self.nixosConfigurations.reimu;
templateUsers = filterAttrs (_: userIs "peeps") templateSystem.config.users.users;
mkNodeUsers = users: let
@ -20,23 +19,24 @@
};
nodeSystems = let
matchesNode = nodeName: system: system.config.proxmox.enabled && system.config.proxmox.node.name == nodeName;
in nodeName: filterAttrs (_: matchesNode nodeName) inputs.self.lib.systems;
in nodeName: filterAttrs (_: matchesNode nodeName) systems;
mkNodeSystem = system: {
inherit (system.config.access) hostName;
network = let
inherit (system.config.proxmox) network;
inherit (network) internal local;
inherit (system.config.network) networks;
in {
int = if internal.interface != null then {
inherit (internal.interface) macAddress;
address4 = removeSuffix "/24" internal.interface.address4;
address6 = removeSuffix "/64" internal.interface.address6;
networks = {
int = if networks.int.enable or false then {
inherit (networks.int) macAddress address4 address6;
} else null;
local = if local.interface != null then {
inherit (local.interface) macAddress;
address4 = mapNullable (removeSuffix "/24") local.interface.local.address4;
address6 = mapNullable (removeSuffix "/64") local.interface.local.address6;
local = if networks.local.enable or false then {
inherit (networks.local) macAddress address4 address6;
} else null;
tail = warn "TODO: generate network.tail" null;
tail = if networks.tail.enable or false then {
inherit (networks.tail) address4 address6;
macAddress = null;
} else null;
};
};
};
mkNodeSystems = systems: mapAttrs (_: mkNodeSystem) systems;
@ -44,6 +44,20 @@
users = mkNodeUsers templateUsers;
systems = mkNodeSystems (nodeSystems name);
};
mkNetwork = system: {
inherit (system.config.access) hostName;
networks = {
int = null;
local = null;
tail = null;
} // mapAttrs' (_: network: nameValuePair network.name {
inherit (network) macAddress address4 address6;
}) system.config.network.networks;
};
mkSystem = name: system: {
network = mkNetwork system;
};
in {
reisen = mkNode {name = "reisen";};
systems = mapAttrs mkSystem systems;
}

29
lib.nix
View file

@ -4,7 +4,7 @@
systems,
}: let
nixlib = inputs.nixpkgs.lib;
inherit (nixlib.modules) mkOrder mkOverride;
inherit (nixlib.modules) mkOrder mkOverride defaultOverridePriority;
inherit (nixlib.strings) splitString toLower;
inherit (nixlib.lists) imap0 elemAt;
inherit (nixlib.attrsets) mapAttrs listToAttrs nameValuePair;
@ -38,10 +38,23 @@
mapListToAttrs = f: l: listToAttrs (map f l);
mkAlmostOptionDefault = mkOverride 1400;
overrideOptionDefault = 1500;
overrideAlmostOptionDefault = 1400;
overrideDefault = 1000;
overrideNone = defaultOverridePriority; # 100
overrideForce = 50;
overrideVM = 10;
mkAlmostOptionDefault = mkOverride overrideAlmostOptionDefault;
orderBefore = 500;
orderNone = 1000;
orderAfter = 1500;
orderAlmostAfter = 1400;
mkAlmostAfter = mkOrder 1400;
mapOverride = priority: mapAttrs (_: mkOverride priority);
mapOptionDefaults = mapOverride 1500;
mapOptionDefaults = mapOverride overrideOptionDefault;
mapAlmostOptionDefaults = mapOverride overrideAlmostOptionDefault;
mapDefaults = mapOverride overrideDefault;
treeToModulesOutput = modules:
{
@ -60,8 +73,14 @@ in {
Std = inputs.std-fl.lib;
lib = {
domain = "gensokyo.zone";
inherit treeToModulesOutput mkWinPath mkBaseDn userIs eui64 toHexStringLower hexCharToInt;
inherit mkAlmostAfter mkAlmostOptionDefault mapOptionDefaults mapOverride mapListToAttrs;
inherit treeToModulesOutput userIs
eui64 mkWinPath mkBaseDn
toHexStringLower hexCharToInt
mapListToAttrs
mkAlmostOptionDefault mapOverride mapOptionDefaults mapAlmostOptionDefaults mapDefaults
overrideOptionDefault overrideAlmostOptionDefault overrideDefault overrideNone overrideForce overrideVM
orderBefore orderNone orderAfter orderAlmostAfter
mkAlmostAfter;
inherit (inputs.arcexprs.lib) unmerged json;
};
generate = import ./generate.nix {inherit inputs tree;};

2
modules/nixos/network/netgroups.nix
View file

@ -76,7 +76,7 @@ in {
(mkIf config.services.sssd.enable [ "sss" ])
];
};
environment.etc."nssswitch.conf".text = mkIf (nssDatabases.netgroup != [ ]) (mkAfter ''
environment.etc."nsswitch.conf".text = mkIf (nssDatabases.netgroup != [ ]) (mkAfter ''
netgroup: ${concatStringsSep " " nssDatabases.netgroup}
'');
environment.etc."netgroup" = mkIf (networking.netgroups != { } || networking.extraNetgroups != "") {

54
modules/nixos/network/networks.nix
View file

@ -1,54 +0,0 @@
{
inputs,
config,
lib,
...
}: let
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkOptionDefault;
inherit (inputs.self.lib.lib) eui64;
inherit (config) networking services;
networkModule = {config, ...}: {
options = with lib.types; {
mdns = {
enable =
mkEnableOption "SLAAC"
// {
default = config.matchConfig.Type or null == "ether" && services.resolved.enable;
};
};
slaac = {
enable =
mkEnableOption "SLAAC"
// {
default = config.matchConfig.Type or null == "ether" && networking.enableIPv6;
};
postfix = mkOption {
type = str;
};
};
};
config = {
slaac.postfix = mkIf (config.matchConfig.MACAddress or null != null) (
mkOptionDefault (eui64 config.matchConfig.MACAddress)
);
networkConfig = mkMerge [
(mkIf config.slaac.enable {
IPv6AcceptRA = true;
})
(mkIf config.mdns.enable {
MulticastDNS = true;
})
];
linkConfig = mkIf config.mdns.enable {
Multicast = true;
};
};
};
in {
options = with lib.types; {
systemd.network.networks = mkOption {
type = attrsOf (submodule networkModule);
};
};
}

4
modules/system/access.nix
View file

@ -102,6 +102,9 @@
};
in {
options.access = with lib.types; {
fqdn = mkOption {
type = str;
};
hostName = mkOption {
type = str;
default = name;
@ -138,6 +141,7 @@ in {
hasLocal4 = hasLocal && local'interface.local.address4 or null != null;
hasLocal6 = hasLocal && local'interface.local.address6 or null != null;
in {
fqdn = mkOptionDefault "${cfg.hostName}.${cfg.domain}";
hostnameForNetwork = let
int = "${cfg.hostName}.int.${cfg.domain}";
local = "${cfg.hostName}.local.${cfg.domain}";

71
modules/system/network/networks.nix Normal file
View file

@ -0,0 +1,71 @@
{config, lib, inputs, ...}: let
inherit (inputs.self.lib.lib) eui64;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkOptionDefault;
inherit (lib.trivial) mapNullable;
networkModule = { config, name, system, ... }: let
slaacPrefix = {
local = "fd0a:";
#int = "fd0c:";
};
in {
options = with lib.types; {
enable = mkEnableOption "network" // {
default = true;
};
slaac = {
enable = mkOption {
type = bool;
};
prefix = mkOption {
type = str;
};
postfix = mkOption {
type = str;
};
};
name = mkOption {
type = str;
default = name;
};
domain = mkOption {
type = nullOr str;
};
fqdn = mkOption {
type = nullOr str;
};
macAddress = mkOption {
type = nullOr str;
default = null;
};
address4 = mkOption {
type = nullOr str;
};
address6 = mkOption {
type = nullOr str;
};
};
config = {
slaac = {
enable = mkOptionDefault (slaacPrefix ? ${config.name});
prefix = mkIf (slaacPrefix ? ${config.name}) (mkOptionDefault slaacPrefix.${config.name});
postfix = mkIf (config.macAddress != null) (mkOptionDefault (eui64 config.macAddress));
};
domain = mkOptionDefault "${config.name}.${system.access.domain}";
fqdn = mkOptionDefault (mapNullable (domain: "${system.access.hostName}.${domain}") config.domain);
address6 = mkIf config.slaac.enable (mkOptionDefault "${config.slaac.prefix}:${config.slaac.postfix}");
};
};
in {
options.network = with lib.types; {
networks = mkOption {
type = attrsOf (submoduleWith {
modules = [ networkModule ];
specialArgs = {
system = config;
};
});
default = { };
};
};
}

25
modules/system/proxmox/network.nix
View file

@ -1,10 +1,10 @@
{config, lib, inputs, ...}: let
inherit (inputs.self.lib.lib) unmerged eui64 toHexStringLower mkAlmostOptionDefault;
inherit (inputs.self.lib.lib) unmerged eui64 toHexStringLower mkAlmostOptionDefault mapAlmostOptionDefaults;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkOptionDefault;
inherit (lib.attrsets) attrValues;
inherit (lib.lists) elem findSingle findFirst;
inherit (lib.strings) hasPrefix removePrefix replaceStrings;
inherit (lib.strings) hasPrefix removePrefix replaceStrings removeSuffix;
inherit (lib.trivial) mapNullable;
cfg = config.proxmox.network;
internalOffset = 32;
@ -105,6 +105,10 @@
];
networkd.networkSettings = {
name = mkAlmostOptionDefault config.name;
ipv6AcceptRAConfig = mkIf (config.address6 == "auto" && config.local.enable) {
UseDNS = mkOptionDefault false;
DHCPv6Client = mkOptionDefault false;
};
matchConfig = {
MACAddress = mkIf (config.macAddress != null) (mkOptionDefault config.macAddress);
Type = mkOptionDefault "ether";
@ -117,7 +121,7 @@
IPv6AcceptRA = true;
})
(mkIf config.mdns.enable {
MulticastDNS = true;
MulticastDNS = "resolve";
})
];
address = mkMerge [
@ -179,4 +183,19 @@ in {
};
local.interface = mkOptionDefault (findFirst (interface: interface.local.enable) null (attrValues cfg.interfaces));
};
config.network.networks = let
strip4 = mapNullable (removeSuffix "/24");
strip6 = mapNullable (removeSuffix "/64");
in {
int = mkIf (cfg.internal.interface != null) (mapAlmostOptionDefaults {
inherit (cfg.internal.interface) macAddress;
address4 = strip4 cfg.internal.interface.address4;
address6 = strip6 cfg.internal.interface.address6;
});
local = mkIf (cfg.local.interface != null) (mapAlmostOptionDefaults {
inherit (cfg.local.interface) macAddress;
address4 = strip4 cfg.local.interface.local.address4;
address6 = strip6 cfg.local.interface.local.address6;
});
};
}

2
nixos/avahi.nix
View file

@ -11,6 +11,8 @@ in {
services.avahi = {
enable = mkDefault true;
ipv6 = mkDefault config.networking.enableIPv6;
nssmdns4 = mkIf (!config.services.resolved.enable) (mkDefault true);
nssmdns6 = mkIf (!config.services.resolved.enable) (mkDefault true);
publish = {
enable = mkDefault true;
domain = mkDefault true;

32
nixos/dnsmasq.nix
View file

@ -12,18 +12,22 @@
inherit (lib.strings) hasPrefix replaceStrings concatStringsSep;
inherit (lib.trivial) mapNullable;
cfg = config.services.dnsmasq;
mkHostRecordPairs = systemName: system: [
(mkHostRecordPair "int" systemName system)
(mkHostRecordPair "local" systemName system)
#(mkHostRecordPair "tail" systemName system)
inherit (inputs.self.lib) systems;
reisenSystems = filterAttrs (_: system:
system.config.proxmox.enabled && system.config.proxmox.node.name == "reisen"
) systems;
mkHostRecordPairs = _: system: [
(mkHostRecordPair "int" system)
(mkHostRecordPair "local" system)
(mkHostRecordPair "tail" system)
];
mapDynamic4 = replaceStrings [ "10.1.1." ] [ "0.0.0." ];
mapDynamic6 = replaceStrings [ "fd0a::" ] [ "2001::" ];
mkDynamicHostRecord = systemName: system: let
address4 = system.network.local.address4 or null;
address6 = system.network.local.address6 or null;
mkDynamicHostRecord = _: system: let
address4 = system.config.network.networks.local.address4 or null;
address6 = system.config.network.networks.local.address6 or null;
in concatStringsSep "," ([
"${systemName}.${config.networking.domain}"
system.config.access.fqdn
] ++ lib.optional (address4 != null)
(toString (mapNullable mapDynamic4 address4))
++ lib.optional (address6 != null)
@ -31,11 +35,11 @@
++ lib.singleton
cfg.dynamic.interface
);
mkHostRecordPair = network: systemName: system: let
address4 = system.network.${network}.address4 or null;
address6 = system.network.${network}.address6 or null;
mkHostRecordPair = network: system: let
address4 = system.config.network.networks.${network}.address4 or null;
address6 = system.config.network.networks.${network}.address6 or null;
in nameValuePair
"${systemName}.${network}.${config.networking.domain}"
system.config.network.networks.${network}.fqdn or "${network}.${system.config.access.fqdn}"
(concatStringsSep "," (
lib.optional (address4 != null)
(toString address4)
@ -43,7 +47,7 @@
(toString address6)
));
systemHosts = filterAttrs (_: value: value != "") (
listToAttrs (concatLists (mapAttrsToList mkHostRecordPairs generate.reisen.systems))
listToAttrs (concatLists (mapAttrsToList mkHostRecordPairs systems))
);
mkHostRecord = name: record: "${name},${record}";
filterns = ns: !hasPrefix "127.0.0" ns || ns == "::1";
@ -66,7 +70,7 @@ in {
resolveLocalQueries = mkForce false;
settings = {
host-record = mapAttrsToList mkHostRecord systemHosts;
dynamic-host = mapAttrsToList mkDynamicHostRecord generate.reisen.systems;
dynamic-host = mapAttrsToList mkDynamicHostRecord reisenSystems;
server =
if config.networking.nameservers' != [ ] then map (ns: ns.address) (filter filterns' config.networking.nameservers')
else filter filterns config.networking.nameservers

5
nixos/ipa.nix
View file

@ -1,6 +1,6 @@
{ inputs, pkgs, config, lib, ... }: let
inherit (inputs.self.lib.lib) mkBaseDn;
inherit (lib.modules) mkIf mkBefore mkDefault mkOptionDefault;
inherit (lib.modules) mkIf mkDefault mkOptionDefault;
inherit (lib.strings) toUpper;
inherit (config.networking) domain;
cfg = config.security.ipa;
@ -47,9 +47,6 @@ in {
] ++ config.users.groups.wheel.members;
dyndns.enable = mkDefault false;
};
networking.hosts = mkIf cfg.enable {
"10.1.1.46" = mkBefore [ "idp.${domain}" ];
};
sops.secrets = {
krb5-keytab = mkIf cfg.enable {
mode = "0400";

15
nixos/reisen-ct/network.nix
View file

@ -1,13 +1,13 @@
{
lib,
config,
inputs,
options,
meta,
access,
...
}: let
inherit (lib.modules) mkIf mkBefore;
inherit (lib.modules) mkIf mkBefore mkOrder;
enableDns = !config.services.dnsmasq.enable && config.networking.hostName != "utsuho" && config.networking.hostName != "ct";
in {
imports = let
inherit (meta) nixos;
@ -15,7 +15,7 @@ in {
nixos.avahi
];
services.resolved.enable = true;
#services.resolved.enable = mkIf enableDns false;
systemd.services.avahi-daemon = mkIf (options ? proxmoxLXC && config.services.avahi.enable) {
serviceConfig.ExecStartPre = mkIf config.services.resolved.enable [
"+-${config.systemd.package}/bin/resolvectl mdns eth0 yes"
@ -26,9 +26,16 @@ in {
linkConfig.Multicast = true;
networkConfig.MulticastDNS = true;
};
networking.nameservers' = mkIf (!config.services.dnsmasq.enable && config.networking.hostName != "utsuho" && config.networking.hostName != "ct") (mkBefore [
networking.nameservers' = mkIf enableDns (mkBefore [
{ address = access.getAddressFor "utsuho" "lan"; }
]);
# prioritize our resolver over systemd-resolved!
system.nssDatabases.hosts = let
avahiResolverEnabled = config.services.avahi.enable && (config.services.avahi.nssmdns4 || config.services.avahi.nssmdns4);
in mkIf (enableDns && (config.services.resolved.enable || avahiResolverEnabled)) (mkOrder 499 ["dns"]);
services.resolved.extraConfig = mkIf enableDns ''
DNSStubListener=no
'';
boot.kernel.sysctl = {
# not sure how to get it to overlap with subgid/idmap...

6
systems/aya/proxmox.nix
View file

@ -19,4 +19,10 @@ _: {
};
};
};
network.networks = {
tail = {
address4 = "100.109.213.94";
address6 = "fd7a:115c:a1e0::eaed:d55e";
};
};
}

1
systems/freeipa/default.nix
View file

@ -1,5 +1,6 @@
_: {
type = "Linux";
access.hostName = "idp";
proxmox = {
vm = {
id = 202;

6
systems/hakurei/default.nix
View file

@ -7,6 +7,12 @@ _: {
modules = [
./nixos.nix
];
network.networks = {
tail = {
address4 = "100.71.65.59";
address6 = "fd7a:115c:a1e0::9187:413b";
};
};
access = {
tailscale.enable = true;
global.enable = true;

2
systems/hakurei/nixos.nix
View file

@ -214,7 +214,7 @@ in {
host = getHostnameFor "utsuho" "lan";
};
access.freeipa = {
host = "idp.local.${config.networking.domain}";
host = getHostnameFor "freeipa" "lan";
kerberos.ports.kpasswd = 464;
};
access.kitchencam = {

7
systems/kitchencam/default.nix
View file

@ -8,4 +8,11 @@ _: {
source = ./motion.conf;
};
};
network.networks = {
local = {
# TODO: macAddress = ?;
address4 = null;
address6 = "fd0a::ba27:ebff:fea8:f4ff";
};
};
}

23
systems/nue/default.nix Normal file
View file

@ -0,0 +1,23 @@
{lib, ...}: let
inherit (lib.strings) concatStringsSep;
dot = concatStringsSep ".";
cutie = dot [ "cutie" "moe" ];
netname = { config, system, ... }: {
domain = dot [ config.name system.access.domain ];
};
in {
type = "Linux";
access.domain = dot [ "gensokyo" cutie ];
network.networks = {
local = {
imports = [ netname ];
address4 = "10.1.1.62";
address6 = "fd0a::daf8:83ff:fe36:81b6";
};
tail = {
imports = [ netname ];
address4 = "100.86.77.54";
address6 = "fd7a:115c:a1e0:ab12:4843:cd96:6256:4d36";
};
};
}

6
systems/reimu/proxmox.nix
View file

@ -15,4 +15,10 @@ _: {
net1.internal.enable = true;
};
};
network.networks = {
tail = {
address4 = "100.113.253.48";
address6 = "fd7a:115c:a1e0::f1b1:fd30";
};
};
}

10
systems/reisen/default.nix
View file

@ -1,3 +1,13 @@
_: {
type = "Linux";
network.networks = {
local = {
address4 = "10.1.1.40";
address6 = null;
};
int = {
address4 = "10.9.1.2";
address6 = "fd0c::2";
};
};
}

57
systems/reisen/systems.json
View file

@ -1,6 +1,8 @@
{
"aya": {
"hostName": "aya",
"network": {
"networks": {
"int": {
"address4": "10.9.1.73",
"address6": "fd0c::49",
@ -11,11 +13,18 @@
"address6": "fd0a::be24:11ff:fec4:66a9",
"macAddress": "BC:24:11:C4:66:A9"
},
"tail": null
"tail": {
"address4": "100.109.213.94",
"address6": "fd7a:115c:a1e0::eaed:d55e",
"macAddress": null
}
}
}
},
"freeipa": {
"hostName": "idp",
"network": {
"networks": {
"int": {
"address4": "10.9.1.170",
"address6": "fd0c::aa",
@ -28,9 +37,12 @@
},
"tail": null
}
}
},
"freepbx": {
"hostName": "freepbx",
"network": {
"networks": {
"int": null,
"local": {
"address4": null,
@ -39,9 +51,12 @@
},
"tail": null
}
}
},
"hakurei": {
"hostName": "hakurei",
"network": {
"networks": {
"int": {
"address4": "10.9.1.71",
"address6": "fd0c::47",
@ -52,11 +67,18 @@
"address6": "fd0a::be24:11ff:fec4:66a7",
"macAddress": "BC:24:11:C4:66:A7"
},
"tail": null
"tail": {
"address4": "100.71.65.59",
"address6": "fd7a:115c:a1e0::9187:413b",
"macAddress": null
}
}
}
},
"keycloak": {
"hostName": "keycloak",
"network": {
"networks": {
"int": {
"address4": "10.9.1.75",
"address6": "fd0c::4b",
@ -69,9 +91,12 @@
},
"tail": null
}
}
},
"kuwubernetes": {
"hostName": "kuwubernetes",
"network": {
"networks": {
"int": null,
"local": {
"address4": "10.1.1.42",
@ -80,9 +105,12 @@
},
"tail": null
}
}
},
"litterbox": {
"hostName": "litterbox",
"network": {
"networks": {
"int": {
"address4": "10.9.1.74",
"address6": "fd0c::4a",
@ -95,9 +123,12 @@
},
"tail": null
}
}
},
"mediabox": {
"hostName": "mediabox",
"network": {
"networks": {
"int": {
"address4": "10.9.1.70",
"address6": "fd0c::46",
@ -110,9 +141,12 @@
},
"tail": null
}
}
},
"reimu": {
"hostName": "reimu",
"network": {
"networks": {
"int": {
"address4": "10.9.1.72",
"address6": "fd0c::48",
@ -123,11 +157,18 @@
"address6": "fd0a::be24:11ff:fec4:66a8",
"macAddress": "BC:24:11:C4:66:A8"
},
"tail": null
"tail": {
"address4": "100.113.253.48",
"address6": "fd7a:115c:a1e0::f1b1:fd30",
"macAddress": null
}
}
}
},
"tei": {
"hostName": "tei",
"network": {
"networks": {
"int": {
"address4": "10.9.1.69",
"address6": "fd0c::45",
@ -138,11 +179,18 @@
"address6": "fd0a::be24:11ff:fecc:6657",
"macAddress": "BC:24:11:CC:66:57"
},
"tail": null
"tail": {
"address4": "100.74.104.29",
"address6": "fd7a:115c:a1e0::fd8a:681d",
"macAddress": null
}
}
}
},
"utsuho": {
"hostName": "utsuho",
"network": {
"networks": {
"int": {
"address4": "10.9.1.76",
"address6": "fd0c::4c",
@ -156,4 +204,5 @@
"tail": null
}
}
}
}

26
systems/shanghai/default.nix Normal file
View file

@ -0,0 +1,26 @@
{lib, ...}: let
inherit (lib.strings) concatStringsSep;
dot = concatStringsSep ".";
cutie = dot [ "cutie" "moe" ];
netname = { config, system, ... }: {
domain = dot [ config.name system.access.domain ];
};
in {
type = "Linux";
access.domain = dot [ "gensokyo" cutie ];
network.networks = {
local = {
imports = [ netname ];
macAddress = let
#eth = "18:c0:4d:08:87:bd";
eth25 = "18:c0:4d:08:87:bc";
in eth25;
address4 = "10.1.1.32";
};
tail = {
imports = [ netname ];
address4 = "100.104.155.122";
address6 = "fd7a:115c:a1e0:ab12:4843:cd96:6268:9b7a";
};
};
}

6
systems/tei/proxmox.nix
View file

@ -14,4 +14,10 @@ _: {
net1.internal.enable = true;
};
};
network.networks = {
tail = {
address4 = "100.74.104.29";
address6 = "fd7a:115c:a1e0::fd8a:681d";
};
};
}

10
systems/tewi/default.nix
View file

@ -4,4 +4,14 @@ _: {
modules = [
./nixos.nix
];
network.networks = {
local = {
address4 = null;
address6 = "fd0a::eea8:6bff:fefe:3986";
};
tail = {
address4 = "100.88.107.41";
address6 = "fd7a:115c:a1e0:ab12:4843:cd96:6258:6b29";
};
};
}

10
systems/u7pro/default.nix Normal file
View file

@ -0,0 +1,10 @@
_: {
type = "Linux";
access.hostName = "u7-pro";
network.networks = {
local = {
address4 = "10.1.1.3";
address6 = null;
};
};
}

57
tf/cloudflare_records.tf
View file

@ -1,21 +1,15 @@
module "reisen_system_records" {
source = "./system/records"
name = "reisen"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
local_v4 = "10.1.1.40"
int_v4 = "10.9.1.2"
int_v6 = "fd0c::2"
net_data = local.systems.reisen.network
}
module "hakurei_system_records" {
source = "./system/records"
name = "hakurei"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
net_data = local.proxmox_reisen_systems.hakurei.network
tailscale_v4 = "100.71.65.59"
tailscale_v6 = "fd7a:115c:a1e0::9187:413b"
net_data = local.systems.hakurei.network
local_subdomains = [
"prox",
"id",
@ -47,12 +41,9 @@ module "hakurei_system_records" {
module "reimu_system_records" {
source = "./system/records"
name = "reimu"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
net_data = local.proxmox_reisen_systems.reimu.network
tailscale_v4 = "100.113.253.48"
tailscale_v6 = "fd7a:115c:a1e0::f1b1:fd30"
net_data = local.systems.reimu.network
local_subdomains = [
"nfs",
]
@ -60,28 +51,23 @@ module "reimu_system_records" {
module "keycloak_system_records" {
source = "./system/records"
name = "keycloak"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
net_data = local.proxmox_reisen_systems.keycloak.network
net_data = local.systems.keycloak.network
}
module "utsuho_system_records" {
source = "./system/records"
name = "utsuho"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
net_data = local.proxmox_reisen_systems.utsuho.network
net_data = local.systems.utsuho.network
}
module "aya_system_records" {
source = "./system/records"
name = "aya"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
net_data = local.proxmox_reisen_systems.aya.network
tailscale_v4 = "100.109.213.94"
tailscale_v6 = "fd7a:115c:a1e0::eaed:d55e"
net_data = local.systems.aya.network
local_subdomains = [
"nixbld",
]
@ -89,12 +75,9 @@ module "aya_system_records" {
module "tewi_system_records" {
source = "./system/records"
name = "tei"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
net_data = local.proxmox_reisen_systems.tei.network
tailscale_v4 = "100.74.104.29"
tailscale_v6 = "fd7a:115c:a1e0::fd8a:681d"
net_data = local.systems.tei.network
local_subdomains = [
"mqtt",
"postgresql",
@ -103,10 +86,9 @@ module "tewi_system_records" {
module "mediabox_system_records" {
source = "./system/records"
name = "mediabox"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
net_data = local.proxmox_reisen_systems.mediabox.network
net_data = local.systems.mediabox.network
local_subdomains = [
"plex",
]
@ -114,18 +96,16 @@ module "mediabox_system_records" {
module "litterbox_system_records" {
source = "./system/records"
name = "litterbox"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
net_data = local.proxmox_reisen_systems.litterbox.network
net_data = local.systems.litterbox.network
}
module "idp_system_records" {
source = "./system/records"
name = "idp"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
net_data = local.proxmox_reisen_systems.freeipa.network
net_data = local.systems.freeipa.network
}
module "kubernetes_system_records" {
@ -133,23 +113,21 @@ module "kubernetes_system_records" {
name = "kubernetes"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
net_data = local.proxmox_reisen_systems.kuwubernetes.network
net_data = local.systems.kuwubernetes.network
}
module "freepbx_system_records" {
source = "./system/records"
name = "freepbx"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
net_data = local.proxmox_reisen_systems.freepbx.network
net_data = local.systems.freepbx.network
}
module "kitchencam_system_records" {
source = "./system/records"
name = "kitchencam"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
local_v6 = "fd0a::ba27:ebff:fea8:f4ff"
net_data = local.systems.kitchencam.network
}
variable "u7pro_ipv6_postfix" {
@ -158,20 +136,15 @@ variable "u7pro_ipv6_postfix" {
module "u7pro_system_records" {
source = "./system/records"
name = "u7-pro"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
local_v4 = "10.1.1.3"
net_data = local.systems.u7pro.network
local_v6 = "fd0a::${var.u7pro_ipv6_postfix}"
}
module "tewi_legacy_system_records" {
source = "./system/records"
name = "tewi"
zone_id = cloudflare_zone.gensokyo-zone_zone.id
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
tailscale_v4 = "100.88.107.41"
tailscale_v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6258:6b29"
local_v4 = "10.1.1.38"
local_v6 = "fd0a::eea8:6bff:fefe:3986"
net_data = local.systems.tewi.network
}

2
tf/proxmox_reisen.tf
View file

@ -18,6 +18,8 @@ locals {
proxmox_reisen_users = jsondecode(file("${path.root}/../systems/reisen/users.json"))
proxmox_reisen_systems = jsondecode(file("${path.root}/../systems/reisen/systems.json"))
systems = jsondecode(file("${path.root}/../ci/systems.json"))
}
resource "terraform_data" "proxmox_reisen_etc" {

25
tf/system/records/records.tf
View file

@ -8,15 +8,19 @@ variable "zone_zone" {
variable "name" {
type = string
default = null
}
variable "net_data" {
type = map(map(any))
type = any
default = {
hostName = null
networks = {
local = null
int = null
tail = null
}
}
}
variable "tailscale_name" {
@ -80,19 +84,20 @@ variable "global_v6" {
}
locals {
local_name = coalesce(var.local_name, "${var.name}.local")
local_net = coalesce(var.net_data.local, local.empty_net)
name = coalesce(var.name, var.net_data.hostName)
local_name = coalesce(var.local_name, "${local.name}.local")
local_net = coalesce(var.net_data.networks.local, local.empty_net)
local_v4 = coalesce(var.local_v4, local.local_net.address4, local.empty_address)
local_v6 = coalesce(var.local_v6, local.local_net.address6, local.empty_address)
int_name = coalesce(var.int_name, "${var.name}.int")
int_net = coalesce(var.net_data.int, local.empty_net)
int_name = coalesce(var.int_name, "${local.name}.int")
int_net = coalesce(var.net_data.networks.int, local.empty_net)
int_v4 = coalesce(var.int_v4, local.int_net.address4, local.empty_address)
int_v6 = coalesce(var.int_v6, local.int_net.address6, local.empty_address)
tailscale_name = coalesce(var.tailscale_name, "${var.name}.tail")
tailscale_net = coalesce(var.net_data.tail, local.empty_net)
tailscale_name = coalesce(var.tailscale_name, "${local.name}.tail")
tailscale_net = coalesce(var.net_data.networks.tail, local.empty_net)
tailscale_v4 = coalesce(var.tailscale_v4, local.tailscale_net.address4, local.empty_address)
tailscale_v6 = coalesce(var.tailscale_v6, local.tailscale_net.address6, local.empty_address)
global_name = coalesce(var.global_name, var.name)
global_name = coalesce(var.global_name, local.name)
has_tailscale = local.tailscale_v4 != local.empty_address || local.tailscale_v6 != local.empty_address
has_int = local.int_v4 != local.empty_address || local.int_v6 != local.empty_address
@ -117,7 +122,7 @@ locals {
},
{
name = local.tailscale_name,
value = var.tailscale_v4,
value = local.tailscale_v4,
}
]
@ -136,7 +141,7 @@ locals {
},
{
name = local.tailscale_name,
value = var.tailscale_v6,
value = local.tailscale_v6,
}
]
}

1
tree.nix
View file

@ -62,6 +62,7 @@
"modules/nixos/users".functor.enable = true;
"modules/meta".functor.enable = true;
"modules/system".functor.enable = true;
"modules/system/network".functor.enable = true;
"modules/system/proxmox".functor.enable = true;
"modules/system/extern".functor.enable = true;
"modules/home".functor.enable = true;