gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

WIP network rework part 2

Browse source
This commit is contained in:
kat witch 2021-08-12 05:18:57 +01:00
parent 2dbe01524d
commit 8f42a2fda8
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
13 changed files with 76 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

2
depot/hosts/athame/meta.nix
View file

@ -7,7 +7,7 @@ config = {
type = "resource";
connection = {
port = 62954;
host = "athame.kittywit.ch";
host = config.network.nodes.athame.network.addresses.public.ipv4.address;
};
};
};

3
depot/hosts/beltane/meta.nix
View file

@ -7,8 +7,7 @@
type = "resource";
connection = {
port = 62954;
host = "192.168.1.223";
#host = network.nodes.beltane.network.addresses.private.ipv4.address;
host = config.network.nodes.beltane.network.addresses.private.ipv4.address;
};
};
};

10
depot/hosts/beltane/nixos.nix
View file

@ -46,6 +46,14 @@ with lib;
device = "/dev/disk/by-uuid/4520-4E5F";
fsType = "vfat";
};
"/mnt/zraw" = {
device = "zstore/raw";
fsType = "zfs";
};
"/mnt/zenc" = {
device = "zstore/enc";
fsType = "zfs";
};
};
swapDevices = [
@ -86,7 +94,7 @@ with lib;
network = {
addresses = {
private = {
ipv4.address = "10.1.2.2";
ipv4.address = "192.168.1.2";
# TODO ipv6.address
};
};

4
depot/hosts/ostara/meta.nix
View file

@ -1,4 +1,4 @@
{ profiles, config, lib, ... }: with lib; {
{ meta, profiles, config, lib, ... }: with lib; {
config = {
deploy.targets.ostara = {
tf = {
@ -7,7 +7,7 @@
type = "resource";
connection = {
port = 62954;
host = "192.168.1.171";
host = meta.network.nodes.ostara.network.addresses.private.ipv4.address;
};
};
};

14
depot/hosts/ostara/nixos.nix
View file

@ -38,8 +38,18 @@ with lib;
networking = {
hostId = "9f89b327";
useDHCP = false;
interfaces = {
enp1s0.useDHCP = true;
interfaces.enp1s0.ipv4.addresses = singleton {
inherit (config.network.addresses.private.ipv4) address;
prefixLength = 24;
};
defaultGateway = config.network.privateGateway;
};
network = {
addresses = {
private = {
ipv4.address = "192.168.1.32";
};
};
};

2
depot/hosts/samhain/nixos.nix
View file

@ -120,7 +120,7 @@ in {
network = {
addresses = {
private = {
ipv4.address = "10.1.2.3";
ipv4.address = "192.168.1.1";
};
};
dns.dynamic = true;

4
depot/hosts/yule/meta.nix
View file

@ -1,4 +1,4 @@
{ profiles, config, lib, ... }: with lib; {
{ meta, profiles, config, lib, ... }: with lib; {
config = {
deploy.targets.personal = {
tf = {
@ -7,7 +7,7 @@
type = "resource";
connection = {
port = 62954;
host = "192.168.1.92";
host = meta.network.nodes.yule.network.addresses.private.ipv4.address;
};
};
};

35
depot/hosts/yule/nixos.nix
View file

@ -57,8 +57,29 @@ with lib;
useDHCP = false;
wireless.interfaces = singleton "wlp2s0";
interfaces = {
enp1s0.useDHCP = true;
wlp2s0.useDHCP = true;
enp1s0.ipv4.addresses = singleton {
inherit (config.network.addresses.private.ipv4) address;
prefixLength = 24;
};
wlp2s0.ipv4.addresses = singleton {
inherit (config.network.addresses.private.ipv4) address;
prefixLength = 24;
};
};
defaultGateway = config.network.privateGateway;
};
network = {
addresses = {
private = {
ipv4.address = "192.168.1.3";
};
};
yggdrasil = {
enable = true;
pubkey = "9779fd6b5bdba6b9e0f53c96e141f4b11ce5ef749d1b9e77a759a3fdbd33a653";
listen.enable = false;
listen.endpoints = [ "tcp://0.0.0.0:0" ];
};
};
@ -69,16 +90,6 @@ with lib;
private.interfaces = singleton "yggdrasil";
};
# Yggdrasil
network.yggdrasil = {
enable = true;
pubkey = "9779fd6b5bdba6b9e0f53c96e141f4b11ce5ef749d1b9e77a759a3fdbd33a653";
# if server, enable this and set endpoint:
listen.enable = false;
listen.endpoints = [ "tcp://0.0.0.0:0" ];
};
# State
system.stateVersion = "20.09";

24
depot/modules/nixos/network.nix
View file

@ -40,15 +40,22 @@ in {
type = types.nullOr types.str;
default = "${config.subdomain}.${cfg.dns.domain}";
};
out.addressList = mkOption {
default = singleton config.domain ++ concatMap (i: optional i.enable i.address) [ config.ipv4 config.ipv6 ];
out = {
identifierList = mkOption {
type = types.listOf types.str;
default = if config.enable then singleton config.domain ++ config.out.addressList else [ ];
};
addressList = mkOption {
type = types.listOf types.str;
default = if config.enable then concatMap (i: optional i.enable i.address) [ config.ipv4 config.ipv6 ] else [ ];
};
};
};
}));
};
privateGateway = mkOption {
type = types.str;
default = "10.1.2.1";
default = "192.168.1.254";
};
tf = {
enable = mkEnableOption "Was the system provisioned by terraform?";
@ -87,7 +94,7 @@ in {
domain = builtins.substring 0 ((builtins.stringLength cfg.dns.tld) - 1) cfg.dns.tld;
};
addresses = {
private = {
private = {
prefix = "int";
subdomain = "${config.networking.hostName}.${cfg.addresses.private.prefix}";
};
@ -109,6 +116,7 @@ in {
};
networking = mkIf cfg.addresses.private.enable {
inherit (config.network.dns) domain;
defaultGateway = cfg.privateGateway;
};
@ -129,19 +137,19 @@ in {
}) networksWithDomains;
in recordsV4 // recordsV6;
security.acme.certs = mapAttrs' (n: v:
security.acme.certs = mkIf config.services.nginx.enable (mapAttrs' (n: v:
nameValuePair "cert_${n}_${config.networking.hostName}" {
inherit (v) domain;
dnsProvider = "rfc2136";
credentialsFile = config.secrets.files.dns_creds.path;
group = "nginx";
}) networksWithDomains;
}) networksWithDomains);
services.nginx.virtualHosts = mapAttrs' (n: v:
services.nginx.virtualHosts = mkIf config.services.nginx.enable (mapAttrs' (n: v:
nameValuePair v.domain {
useACMEHost = "cert_${n}_${config.networking.hostName}";
forceSSL = true;
}) networksWithDomains;
}) networksWithDomains);
_module.args = { inherit (config.lib) kw; };
};

4
depot/profiles/base/home.nix
View file

@ -1,4 +1,4 @@
{ config, lib, sources, tf, ... }:
{ meta, config, lib, sources, tf, ... }:
with lib;
@ -7,7 +7,7 @@ with lib;
type = types.attrsOf (types.submoduleWith {
modules = singleton ../../modules/home;
specialArgs = {
inherit sources tf;
inherit sources tf meta;
superConfig = config;
modulesPath = sources.home-manager + "/modules";
};

4
depot/services/kattv/default.nix
View file

@ -35,7 +35,7 @@ let
{ element.matroskamux.streamable = true; }
{
element.tcpclientsink = {
host = meta.network.nodes.beltane.network.private.ipv4.address;
host = meta.network.nodes.beltane.network.addresses.private.ipv4.address;
port = "4953";
sync = false;
};
@ -52,7 +52,7 @@ in {
description = "RTMP stream of kat cam";
bindsTo = [ "dev-videomew.device" ];
environment = env;
script = "exec ${pkgs.gst_all_1.gstreamer.dev}/bin/gst-launch-1.0 -e --no-position ${pipeline}";
script = "exec ${pkgs.gst_all_1.gstreamer.dev}/bin/gst-launch-1.0 -e --no-position ${pkgs.lib.gst.pipelineShellString pipeline}";
serviceConfig = {
Restart = "on-failure";
RestartSec = "10s";

11
depot/users/kat/base/ssh.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ meta, config, pkgs, lib, ... }:
{
programs.ssh = {
@ -17,11 +17,8 @@
port = 62954;
};
in
{
"athame" = { hostname = "athame.kittywit.ch"; } // common;
"samhain" = { hostname = "192.168.1.135"; } // common;
"yule" = { hostname = "192.168.1.92"; } // common;
"ostara" = { hostname = "192.168.1.245"; } // common;
};
(lib.foldAttrList (map (network:
lib.mapAttrs (n: v: { hostname = v.address; } // common) (lib.filterAttrs (n: v: v.enable ) (lib.mapAttrs (n: v: v.network.addresses.${network}.ipv4) meta.network.nodes))
) ["private" "public"]));
};
}

2
pkgs/lib/virtual-host-gen.nix
View file

@ -4,6 +4,6 @@ let
networks = config.network.addresses;
filteredNetworks = filterAttrs (n: v: elem n networkFilter && v.enable) networks;
networkValues = attrValues filteredNetworks;
addressList = concatMap (n: n.out.addressList) networkValues;
addressList = concatMap (n: n.out.identifierList) networkValues;
hostBlocks = map (host: nameValuePair host block) addressList;
in listToAttrs hostBlocks