diff --git a/depot/hosts/athame/meta.nix b/depot/hosts/athame/meta.nix index 4ba83ad3..7ab984b0 100644 --- a/depot/hosts/athame/meta.nix +++ b/depot/hosts/athame/meta.nix @@ -7,7 +7,7 @@ config = { type = "resource"; connection = { port = 62954; - host = "athame.kittywit.ch"; + host = config.network.nodes.athame.network.addresses.public.ipv4.address; }; }; }; diff --git a/depot/hosts/beltane/meta.nix b/depot/hosts/beltane/meta.nix index cc54d915..b86dcb75 100644 --- a/depot/hosts/beltane/meta.nix +++ b/depot/hosts/beltane/meta.nix @@ -7,8 +7,7 @@ type = "resource"; connection = { port = 62954; - host = "192.168.1.223"; - #host = network.nodes.beltane.network.addresses.private.ipv4.address; + host = config.network.nodes.beltane.network.addresses.private.ipv4.address; }; }; }; diff --git a/depot/hosts/beltane/nixos.nix b/depot/hosts/beltane/nixos.nix index c831d3dd..48997ed5 100644 --- a/depot/hosts/beltane/nixos.nix +++ b/depot/hosts/beltane/nixos.nix @@ -46,6 +46,14 @@ with lib; device = "/dev/disk/by-uuid/4520-4E5F"; fsType = "vfat"; }; + "/mnt/zraw" = { + device = "zstore/raw"; + fsType = "zfs"; + }; + "/mnt/zenc" = { + device = "zstore/enc"; + fsType = "zfs"; + }; }; swapDevices = [ @@ -86,7 +94,7 @@ with lib; network = { addresses = { private = { - ipv4.address = "10.1.2.2"; + ipv4.address = "192.168.1.2"; # TODO ipv6.address }; }; diff --git a/depot/hosts/ostara/meta.nix b/depot/hosts/ostara/meta.nix index a308f91e..b81c3a31 100644 --- a/depot/hosts/ostara/meta.nix +++ b/depot/hosts/ostara/meta.nix @@ -1,4 +1,4 @@ -{ profiles, config, lib, ... }: with lib; { +{ meta, profiles, config, lib, ... }: with lib; { config = { deploy.targets.ostara = { tf = { @@ -7,7 +7,7 @@ type = "resource"; connection = { port = 62954; - host = "192.168.1.171"; + host = meta.network.nodes.ostara.network.addresses.private.ipv4.address; }; }; }; diff --git a/depot/hosts/ostara/nixos.nix b/depot/hosts/ostara/nixos.nix index ecb453f1..b9b14b4b 100644 --- a/depot/hosts/ostara/nixos.nix +++ b/depot/hosts/ostara/nixos.nix @@ -38,8 +38,18 @@ with lib; networking = { hostId = "9f89b327"; useDHCP = false; - interfaces = { - enp1s0.useDHCP = true; + interfaces.enp1s0.ipv4.addresses = singleton { + inherit (config.network.addresses.private.ipv4) address; + prefixLength = 24; + }; + defaultGateway = config.network.privateGateway; + }; + + network = { + addresses = { + private = { + ipv4.address = "192.168.1.32"; + }; }; }; diff --git a/depot/hosts/samhain/nixos.nix b/depot/hosts/samhain/nixos.nix index 41240cc0..917f8819 100644 --- a/depot/hosts/samhain/nixos.nix +++ b/depot/hosts/samhain/nixos.nix @@ -120,7 +120,7 @@ in { network = { addresses = { private = { - ipv4.address = "10.1.2.3"; + ipv4.address = "192.168.1.1"; }; }; dns.dynamic = true; diff --git a/depot/hosts/yule/meta.nix b/depot/hosts/yule/meta.nix index ff866ddc..761bec81 100644 --- a/depot/hosts/yule/meta.nix +++ b/depot/hosts/yule/meta.nix @@ -1,4 +1,4 @@ -{ profiles, config, lib, ... }: with lib; { +{ meta, profiles, config, lib, ... }: with lib; { config = { deploy.targets.personal = { tf = { @@ -7,7 +7,7 @@ type = "resource"; connection = { port = 62954; - host = "192.168.1.92"; + host = meta.network.nodes.yule.network.addresses.private.ipv4.address; }; }; }; diff --git a/depot/hosts/yule/nixos.nix b/depot/hosts/yule/nixos.nix index a84af657..e15db898 100644 --- a/depot/hosts/yule/nixos.nix +++ b/depot/hosts/yule/nixos.nix @@ -57,8 +57,29 @@ with lib; useDHCP = false; wireless.interfaces = singleton "wlp2s0"; interfaces = { - enp1s0.useDHCP = true; - wlp2s0.useDHCP = true; + enp1s0.ipv4.addresses = singleton { + inherit (config.network.addresses.private.ipv4) address; + prefixLength = 24; + }; + wlp2s0.ipv4.addresses = singleton { + inherit (config.network.addresses.private.ipv4) address; + prefixLength = 24; + }; + }; + defaultGateway = config.network.privateGateway; + }; + + network = { + addresses = { + private = { + ipv4.address = "192.168.1.3"; + }; + }; + yggdrasil = { + enable = true; + pubkey = "9779fd6b5bdba6b9e0f53c96e141f4b11ce5ef749d1b9e77a759a3fdbd33a653"; + listen.enable = false; + listen.endpoints = [ "tcp://0.0.0.0:0" ]; }; }; @@ -69,16 +90,6 @@ with lib; private.interfaces = singleton "yggdrasil"; }; - # Yggdrasil - - network.yggdrasil = { - enable = true; - pubkey = "9779fd6b5bdba6b9e0f53c96e141f4b11ce5ef749d1b9e77a759a3fdbd33a653"; - # if server, enable this and set endpoint: - listen.enable = false; - listen.endpoints = [ "tcp://0.0.0.0:0" ]; - }; - # State system.stateVersion = "20.09"; diff --git a/depot/modules/nixos/network.nix b/depot/modules/nixos/network.nix index c1856ced..00ab8a00 100644 --- a/depot/modules/nixos/network.nix +++ b/depot/modules/nixos/network.nix @@ -40,15 +40,22 @@ in { type = types.nullOr types.str; default = "${config.subdomain}.${cfg.dns.domain}"; }; - out.addressList = mkOption { - default = singleton config.domain ++ concatMap (i: optional i.enable i.address) [ config.ipv4 config.ipv6 ]; + out = { + identifierList = mkOption { + type = types.listOf types.str; + default = if config.enable then singleton config.domain ++ config.out.addressList else [ ]; + }; + addressList = mkOption { + type = types.listOf types.str; + default = if config.enable then concatMap (i: optional i.enable i.address) [ config.ipv4 config.ipv6 ] else [ ]; + }; }; }; })); }; privateGateway = mkOption { type = types.str; - default = "10.1.2.1"; + default = "192.168.1.254"; }; tf = { enable = mkEnableOption "Was the system provisioned by terraform?"; @@ -87,7 +94,7 @@ in { domain = builtins.substring 0 ((builtins.stringLength cfg.dns.tld) - 1) cfg.dns.tld; }; addresses = { - private = { + private = { prefix = "int"; subdomain = "${config.networking.hostName}.${cfg.addresses.private.prefix}"; }; @@ -109,6 +116,7 @@ in { }; networking = mkIf cfg.addresses.private.enable { + inherit (config.network.dns) domain; defaultGateway = cfg.privateGateway; }; @@ -129,19 +137,19 @@ in { }) networksWithDomains; in recordsV4 // recordsV6; - security.acme.certs = mapAttrs' (n: v: + security.acme.certs = mkIf config.services.nginx.enable (mapAttrs' (n: v: nameValuePair "cert_${n}_${config.networking.hostName}" { inherit (v) domain; dnsProvider = "rfc2136"; credentialsFile = config.secrets.files.dns_creds.path; group = "nginx"; - }) networksWithDomains; + }) networksWithDomains); - services.nginx.virtualHosts = mapAttrs' (n: v: + services.nginx.virtualHosts = mkIf config.services.nginx.enable (mapAttrs' (n: v: nameValuePair v.domain { useACMEHost = "cert_${n}_${config.networking.hostName}"; forceSSL = true; - }) networksWithDomains; + }) networksWithDomains); _module.args = { inherit (config.lib) kw; }; }; diff --git a/depot/profiles/base/home.nix b/depot/profiles/base/home.nix index 7f93afa1..22a24cd0 100644 --- a/depot/profiles/base/home.nix +++ b/depot/profiles/base/home.nix @@ -1,4 +1,4 @@ -{ config, lib, sources, tf, ... }: +{ meta, config, lib, sources, tf, ... }: with lib; @@ -7,7 +7,7 @@ with lib; type = types.attrsOf (types.submoduleWith { modules = singleton ../../modules/home; specialArgs = { - inherit sources tf; + inherit sources tf meta; superConfig = config; modulesPath = sources.home-manager + "/modules"; }; diff --git a/depot/services/kattv/default.nix b/depot/services/kattv/default.nix index 66e016d7..f740a633 100644 --- a/depot/services/kattv/default.nix +++ b/depot/services/kattv/default.nix @@ -35,7 +35,7 @@ let { element.matroskamux.streamable = true; } { element.tcpclientsink = { - host = meta.network.nodes.beltane.network.private.ipv4.address; + host = meta.network.nodes.beltane.network.addresses.private.ipv4.address; port = "4953"; sync = false; }; @@ -52,7 +52,7 @@ in { description = "RTMP stream of kat cam"; bindsTo = [ "dev-videomew.device" ]; environment = env; - script = "exec ${pkgs.gst_all_1.gstreamer.dev}/bin/gst-launch-1.0 -e --no-position ${pipeline}"; + script = "exec ${pkgs.gst_all_1.gstreamer.dev}/bin/gst-launch-1.0 -e --no-position ${pkgs.lib.gst.pipelineShellString pipeline}"; serviceConfig = { Restart = "on-failure"; RestartSec = "10s"; diff --git a/depot/users/kat/base/ssh.nix b/depot/users/kat/base/ssh.nix index 8627dff5..1ccdf62c 100644 --- a/depot/users/kat/base/ssh.nix +++ b/depot/users/kat/base/ssh.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ meta, config, pkgs, lib, ... }: { programs.ssh = { @@ -17,11 +17,8 @@ port = 62954; }; in - { - "athame" = { hostname = "athame.kittywit.ch"; } // common; - "samhain" = { hostname = "192.168.1.135"; } // common; - "yule" = { hostname = "192.168.1.92"; } // common; - "ostara" = { hostname = "192.168.1.245"; } // common; - }; + (lib.foldAttrList (map (network: + lib.mapAttrs (n: v: { hostname = v.address; } // common) (lib.filterAttrs (n: v: v.enable ) (lib.mapAttrs (n: v: v.network.addresses.${network}.ipv4) meta.network.nodes)) + ) ["private" "public"])); }; } diff --git a/pkgs/lib/virtual-host-gen.nix b/pkgs/lib/virtual-host-gen.nix index fa216177..a3066c6a 100644 --- a/pkgs/lib/virtual-host-gen.nix +++ b/pkgs/lib/virtual-host-gen.nix @@ -4,6 +4,6 @@ let networks = config.network.addresses; filteredNetworks = filterAttrs (n: v: elem n networkFilter && v.enable) networks; networkValues = attrValues filteredNetworks; - addressList = concatMap (n: n.out.addressList) networkValues; + addressList = concatMap (n: n.out.identifierList) networkValues; hostBlocks = map (host: nameValuePair host block) addressList; in listToAttrs hostBlocks