From 26b3c66d229296a7026c8c4d5a9592e4fe7dca42 Mon Sep 17 00:00:00 2001 From: Kat Inskip Date: Mon, 30 Jan 2023 10:04:27 -0800 Subject: [PATCH] feat: renko hostname --- common/nix.nix | 14 ++++---------- iac/dns.go | 22 +++++++--------------- iac/files.go | 41 +++++++++++++++++++++++++++++++++++++++++ iac/tailscale.go | 39 +++++++++++++++++++++++---------------- kat/shell/packages.nix | 2 ++ main.go | 19 +++++++++++++++---- std.nix | 13 ++++++++++--- 7 files changed, 102 insertions(+), 48 deletions(-) create mode 100644 iac/files.go diff --git a/common/nix.nix b/common/nix.nix index c416e2d8..988e296c 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -5,19 +5,13 @@ inputs, ... }: let - inherit (std) set tuple list; + inherit (std) set tuple list function; inherit (lib.strings) versionAtLeast; - renameAttrs = names: - set.remap ({ - _0, - _1, - }: - tuple.tuple2 (names.${_0} or _0) _1); - renameAttr = oldName: newName: renameAttrs {${oldName} = newName;}; + inputs' = set.filter (n: _: !list.elem n ["pypi-deps-db"]) (set.rename "self" "kat" inputs); in { nix = { - nixPath = set.mapToValues (name: flake: "${name}=${flake.outPath}") (renameAttr "self" "kat" inputs); - registry = set.map (_: flake: {inherit flake;}) inputs; + nixPath = set.mapToValues (name: flake: "${name}=${flake.outPath}") inputs'; + registry = set.map (_: flake: {inherit flake;}) inputs'; settings = { experimental-features = list.optional (versionAtLeast config.nix.package.version "2.4") "nix-command flakes"; diff --git a/iac/dns.go b/iac/dns.go index 3c0ab307..301234f7 100644 --- a/iac/dns.go +++ b/iac/dns.go @@ -6,10 +6,10 @@ import( "fmt" ) -func HandleDNS(ctx *pulumi.Context, config KatConfig) (zones map[string]*cloudflare.Zone, dnssec map[string]*cloudflare.ZoneDnssec, records map[string][]*cloudflare.Record, err error) { +func HandleDNS(ctx *pulumi.Context, config KatConfig) (zones map[string]*cloudflare.Zone, dnssec map[string]*cloudflare.ZoneDnssec, records map[string]*cloudflare.Record, err error) { zones = make(map[string]*cloudflare.Zone) dnssec = make(map[string]*cloudflare.ZoneDnssec) - records = make(map[string][]*cloudflare.Record) + records = make(map[string]*cloudflare.Record) for name, zone := range config.Zones { ctx.Log.Info(fmt.Sprintf("Handling zone %s", name), nil) @@ -24,20 +24,12 @@ func HandleDNS(ctx *pulumi.Context, config KatConfig) (zones map[string]*cloudfl return nil, nil, nil, err } for _, record := range zone.Records { - _, exists := records[name] - if exists { - record_, err := record.handle(ctx, name, zones[name]) - if err != nil { - return nil, nil, nil, err - } - records[name] = append(records[name], record_) - } else { - record_, err := record.handle(ctx, name, zones[name]) - if err != nil { - return nil, nil, nil, err - } - records[name] = []*cloudflare.Record{record_} + record_, err := record.handle(ctx, name, zones[name]) + if err != nil { + return nil, nil, nil, err } + record_index := record.getName(name, zones[name]) + records[record_index] = record_ } } diff --git a/iac/files.go b/iac/files.go new file mode 100644 index 00000000..18dfedd0 --- /dev/null +++ b/iac/files.go @@ -0,0 +1,41 @@ +package iac + +import ( + "github.com/pulumi/pulumi-command/sdk/go/command/local" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" + "github.com/pulumi/pulumi-tls/sdk/v4/go/tls" + "fmt" + "os" + "path" +) + +func createPulumiFile(ctx *pulumi.Context, name string, value pulumi.StringOutput, resource pulumi.Resource) (*local.Command, error) { + repo_root := os.Getenv("REPO_ROOT") + data_root := path.Join(repo_root, "./data") + ctx.Export(name, value) + return local.NewCommand(ctx, name, &local.CommandArgs{ + Create: pulumi.String(fmt.Sprintf("pulumi stack output %s --show-secrets > %s", name, name)), + Update: pulumi.String(fmt.Sprintf("pulumi stack output %s --show-secrets > %s", name, name)), + Delete: pulumi.String(fmt.Sprintf("rm %s", name)), + Dir: pulumi.String(data_root), + }, pulumi.DependsOn([]pulumi.Resource{resource})) +} + +func PKITLSFiles(ctx *pulumi.Context, files_ map[string]*local.Command, keys map[string]*tls.PrivateKey, certs map[string]*tls.LocallySignedCert) (files map[string]*local.Command, err error) { + for name_, key := range keys { + ctx.Log.Info("mew!", nil) + name := fmt.Sprintf("%s-file", name_) + files_[name], err = createPulumiFile(ctx, name, key.PrivateKeyPem, key) + if err != nil { + return nil, err + } + } + for name_, cert := range certs { + name := fmt.Sprintf("%s-file", name_) + files_[name], err = createPulumiFile(ctx, name, cert.CertPem, cert) + if err != nil { + return nil, err + } + } + return files_, err +} diff --git a/iac/tailscale.go b/iac/tailscale.go index a9df5309..5dbaddc3 100644 --- a/iac/tailscale.go +++ b/iac/tailscale.go @@ -10,10 +10,10 @@ import ( "fmt" ) -func MakeRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, name string, address string) (record *cloudflare.Record, err error) { +func MakeRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, name string, address string) (record *cloudflare.Record, index string, err error) { ip := net.ParseIP(address) kind := A; - if ip.To4() != nil { + if ip.To4() == nil { kind = AAAA; } record_ := DNSRecord{ @@ -23,41 +23,45 @@ func MakeRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, name str Ttl: 3600, } record, err = record_.handle(ctx, "inskip", zones["inskip"]) + index = record_.getName("inskip", zones["inskip"]) if err != nil { - return nil, err + return nil, "", err } - return record, err + return record, index, err } -func HandleTSRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, device tailscale.GetDevicesDevice) (records []*cloudflare.Record, err error) { +func HandleTSRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, device tailscale.GetDevicesDevice) (new_records map[string]*cloudflare.Record, err error) { if device.User != "kat@inskip.me" { - return []*cloudflare.Record{}, nil + return nil, nil } + new_records = make(map[string]*cloudflare.Record) name := strings.Split(device.Name, ".")[0] for _, address := range device.Addresses { - record, err := MakeRecord(ctx, zones, name, address) + new_record, index, err := MakeRecord(ctx, zones, name, address) + new_records[index] = new_record if err != nil { return nil, err } - records = append(records, record) } - return records, err + return new_records, err } func HandleTSRecords(ctx *pulumi.Context, tailnet *tailscale.GetDevicesResult, zones map[string]*cloudflare.Zone, - records map[string][]*cloudflare.Record, -) (records_ map[string][]*cloudflare.Record, err error) { + input_records map[string]*cloudflare.Record, +) (records map[string]*cloudflare.Record, err error) { for _, device := range tailnet.Devices { - record, err := HandleTSRecord(ctx, zones, device) + new_records, err := HandleTSRecord(ctx, zones, device) if err != nil { return nil, err } - records["inskip"] = append(records["inskip"], record...) + for k,v := range new_records { + input_records[k] = v + } + records = input_records } - records_ = records - return records_, err + return records, err } func HandleTSHostCert(ctx *pulumi.Context, @@ -73,8 +77,8 @@ func HandleTSHostCert(ctx *pulumi.Context, fmt.Sprintf("ts-%s-host", name), ca_key, ca_cert, - device.Addresses, []string{fmt.Sprintf("%s.inskip.me", name)}, + device.Addresses, ) if err != nil { return nil, nil, nil, err @@ -94,6 +98,9 @@ func HandleTSHostCerts(ctx *pulumi.Context, certs = make(map[string]*tls.LocallySignedCert) for _, device := range tailnet.Devices { + if device.User != "kat@inskip.me" { + return nil, nil, nil, err + } name := strings.Split(device.Name, ".")[0] keys[name], crs[name], certs[name], err = HandleTSHostCert(ctx, device, ca_key, ca_cert) if err != nil { diff --git a/kat/shell/packages.nix b/kat/shell/packages.nix index bb02f57b..bd1d6637 100644 --- a/kat/shell/packages.nix +++ b/kat/shell/packages.nix @@ -21,6 +21,8 @@ fd # ripgrep / grep replacement ripgrep + # rename with sed + rename # remote tmux tmate # remote utilities diff --git a/main.go b/main.go index ef5eaf26..7d5cd480 100644 --- a/main.go +++ b/main.go @@ -2,10 +2,11 @@ package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - tailscale "github.com/pulumi/pulumi-tailscale/sdk/go/tailscale" + "github.com/pulumi/pulumi-tailscale/sdk/go/tailscale" "gopkg.in/yaml.v3" "os" - iac "kittywitch/iac" + "kittywitch/iac" + "github.com/pulumi/pulumi-command/sdk/go/command/local" ) func main() { @@ -46,12 +47,22 @@ func main() { return err } - // keys, crs, certs - _, _, _, err = iac.HandleTSHostCerts(ctx, tailnet, ca_key, ca_cert) + keys, _, certs, err := iac.HandleTSHostCerts(ctx, tailnet, ca_key, ca_cert) if err != nil { return err } + + // files for those certs + + files := make(map[string]*local.Command) + + files, err = iac.PKITLSFiles(ctx, files, keys, certs) + + if err != nil { + return err + } + return err }) } diff --git a/std.nix b/std.nix index 15f9c7df..74357ddb 100644 --- a/std.nix +++ b/std.nix @@ -1,7 +1,7 @@ {inputs, ...}: let std = let baseStd = inputs.std.lib; - inherit (baseStd) set function list bool types optional; + inherit (baseStd) set function list bool types optional tuple; mergeWith = let append = { path, @@ -50,6 +50,14 @@ mergeWith { inherit sets; }; + remap = f: s: set.fromList (list.map f (set.toList s)); + renames = names: + remap ({ + _0, + _1, + }: + tuple.tuple2 (names.${_0} or _0) _1); + rename = oldName: newName: renames {${oldName} = newName;}; in merge [ baseStd @@ -58,8 +66,7 @@ pipe = list.foldl' (function.flip function.compose) function.id; }; set = { - inherit merge mergeWith; - remap = f: s: set.fromList (list.map f (set.toList s)); + inherit merge mergeWith remap renames rename; recursiveMap = f: s: let recurse = str: s: let g = str1: str2: