feat: renko hostname

2026-02-09 12:29:19 -08:00 · 2023-01-30 10:04:27 -08:00 · 2023-01-30 10:04:27 -08:00 · 26b3c66d22
commit 26b3c66d22
parent b01c6222f8
7 changed files with 102 additions and 48 deletions
--- a/common/nix.nix
+++ b/common/nix.nix
@ -5,19 +5,13 @@
  inputs,
  ...
 }: let
-  inherit (std) set tuple list;
+  inherit (std) set tuple list function;
  inherit (lib.strings) versionAtLeast;
-  renameAttrs = names:
-    set.remap ({
-      _0,
-      _1,
-    }:
-      tuple.tuple2 (names.${_0} or _0) _1);
-  renameAttr = oldName: newName: renameAttrs {${oldName} = newName;};
+  inputs' = set.filter (n: _: !list.elem n ["pypi-deps-db"]) (set.rename "self" "kat" inputs);
 in {
  nix = {
-    nixPath = set.mapToValues (name: flake: "${name}=${flake.outPath}") (renameAttr "self" "kat" inputs);
-    registry = set.map (_: flake: {inherit flake;}) inputs;
+    nixPath = set.mapToValues (name: flake: "${name}=${flake.outPath}") inputs';
+    registry = set.map (_: flake: {inherit flake;}) inputs';

    settings = {
      experimental-features = list.optional (versionAtLeast config.nix.package.version "2.4") "nix-command flakes";
--- a/iac/dns.go
+++ b/iac/dns.go
@ -6,10 +6,10 @@ import(
  "fmt"
 )

-func HandleDNS(ctx *pulumi.Context, config KatConfig) (zones map[string]*cloudflare.Zone, dnssec map[string]*cloudflare.ZoneDnssec, records map[string][]*cloudflare.Record, err error) {
+func HandleDNS(ctx *pulumi.Context, config KatConfig) (zones map[string]*cloudflare.Zone, dnssec map[string]*cloudflare.ZoneDnssec, records map[string]*cloudflare.Record, err error) {
    zones = make(map[string]*cloudflare.Zone)
    dnssec = make(map[string]*cloudflare.ZoneDnssec)
-    records = make(map[string][]*cloudflare.Record)
+    records = make(map[string]*cloudflare.Record)

    for name, zone := range config.Zones {
      ctx.Log.Info(fmt.Sprintf("Handling zone %s", name), nil)
@ -24,20 +24,12 @@ func HandleDNS(ctx *pulumi.Context, config KatConfig) (zones map[string]*cloudfl
        return nil, nil, nil, err
      }
      for _, record := range zone.Records {
-        _, exists := records[name]
-        if exists {
        record_, err := record.handle(ctx, name, zones[name])
        if err != nil {
          return nil, nil, nil, err
        }
-          records[name] = append(records[name], record_)
-        } else {
-          record_, err := record.handle(ctx, name, zones[name])
-          if err != nil {
-            return nil, nil, nil, err
-          }
-          records[name] = []*cloudflare.Record{record_}
-        }
+        record_index := record.getName(name, zones[name])
+        records[record_index] = record_
      }
    }

--- a/iac/files.go
+++ b/iac/files.go
@ -0,0 +1,41 @@
+package iac
+
+import (
+  "github.com/pulumi/pulumi-command/sdk/go/command/local"
+  "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
+  "github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
+  "fmt"
+  "os"
+  "path"
+)
+
+func createPulumiFile(ctx *pulumi.Context, name string, value pulumi.StringOutput, resource pulumi.Resource) (*local.Command, error) {
+  repo_root := os.Getenv("REPO_ROOT")
+  data_root := path.Join(repo_root, "./data")
+  ctx.Export(name, value)
+  return local.NewCommand(ctx, name, &local.CommandArgs{
+    Create: pulumi.String(fmt.Sprintf("pulumi stack output %s --show-secrets > %s", name, name)),
+    Update: pulumi.String(fmt.Sprintf("pulumi stack output %s --show-secrets > %s", name, name)),
+    Delete: pulumi.String(fmt.Sprintf("rm %s", name)),
+    Dir: pulumi.String(data_root),
+  }, pulumi.DependsOn([]pulumi.Resource{resource}))
+}
+
+func PKITLSFiles(ctx *pulumi.Context, files_ map[string]*local.Command, keys map[string]*tls.PrivateKey, certs map[string]*tls.LocallySignedCert) (files map[string]*local.Command, err error) {
+  for name_, key := range keys {
+    ctx.Log.Info("mew!", nil)
+    name := fmt.Sprintf("%s-file", name_)
+    files_[name], err = createPulumiFile(ctx, name, key.PrivateKeyPem, key)
+    if err != nil {
+      return nil, err
+    }
+  }
+  for name_, cert := range certs {
+    name := fmt.Sprintf("%s-file", name_)
+    files_[name], err = createPulumiFile(ctx, name, cert.CertPem, cert)
+    if err != nil {
+      return nil, err
+    }
+  }
+  return files_, err
+}
--- a/iac/tailscale.go
+++ b/iac/tailscale.go
@ -10,10 +10,10 @@ import (
  "fmt"
 )

-func MakeRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, name string, address string) (record *cloudflare.Record, err error) {
+func MakeRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, name string, address string) (record *cloudflare.Record, index string, err error) {
  ip := net.ParseIP(address)
  kind := A;
-  if ip.To4() != nil {
+  if ip.To4() == nil {
    kind = AAAA;
  }
  record_ := DNSRecord{
@ -23,41 +23,45 @@ func MakeRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, name str
    Ttl: 3600,
  }
  record, err = record_.handle(ctx, "inskip", zones["inskip"])
+  index = record_.getName("inskip", zones["inskip"])
  if err != nil {
-    return nil, err
+    return nil, "", err
  }
-  return record, err
+  return record, index, err
 }

-func HandleTSRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, device tailscale.GetDevicesDevice) (records []*cloudflare.Record, err error) {
+func HandleTSRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, device tailscale.GetDevicesDevice) (new_records map[string]*cloudflare.Record, err error) {
  if device.User != "kat@inskip.me" {
-    return []*cloudflare.Record{}, nil
+    return nil, nil
  }
+  new_records = make(map[string]*cloudflare.Record)
  name := strings.Split(device.Name, ".")[0]
  for _, address := range device.Addresses {
-    record, err := MakeRecord(ctx, zones, name, address)
+    new_record, index, err := MakeRecord(ctx, zones, name, address)
+    new_records[index] = new_record
    if err != nil {
      return nil, err
    }
-    records = append(records, record)
  }
-  return records, err
+  return new_records, err
 }

 func HandleTSRecords(ctx *pulumi.Context,
  tailnet *tailscale.GetDevicesResult,
  zones map[string]*cloudflare.Zone,
-  records map[string][]*cloudflare.Record,
-) (records_ map[string][]*cloudflare.Record, err error) {
+  input_records map[string]*cloudflare.Record,
+) (records map[string]*cloudflare.Record, err error) {
  for _, device := range tailnet.Devices {
-    record, err := HandleTSRecord(ctx, zones, device)
+    new_records, err := HandleTSRecord(ctx, zones, device)
    if err != nil {
      return nil, err
    }
-    records["inskip"] = append(records["inskip"], record...)
+    for k,v := range new_records {
+        input_records[k] = v
    }
-  records_ = records
-  return records_, err
+    records = input_records
+  }
+  return records, err
 }

 func HandleTSHostCert(ctx *pulumi.Context,
@ -73,8 +77,8 @@ func HandleTSHostCert(ctx *pulumi.Context,
    fmt.Sprintf("ts-%s-host", name),
    ca_key,
    ca_cert,
-    device.Addresses,
    []string{fmt.Sprintf("%s.inskip.me", name)},
+    device.Addresses,
  )
  if err != nil {
    return nil, nil, nil, err
@ -94,6 +98,9 @@ func HandleTSHostCerts(ctx *pulumi.Context,
  certs = make(map[string]*tls.LocallySignedCert)

  for _, device := range tailnet.Devices {
+    if device.User != "kat@inskip.me" {
+      return nil, nil, nil, err
+    }
    name := strings.Split(device.Name, ".")[0]
    keys[name], crs[name], certs[name], err = HandleTSHostCert(ctx, device, ca_key, ca_cert)
    if err != nil {
--- a/kat/shell/packages.nix
+++ b/kat/shell/packages.nix
@ -21,6 +21,8 @@
    fd
    # ripgrep / grep replacement
    ripgrep
+    # rename with sed
+    rename
    # remote tmux
    tmate
    # remote utilities
--- a/main.go
+++ b/main.go
@ -2,10 +2,11 @@ package main

 import (
  "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
-  tailscale "github.com/pulumi/pulumi-tailscale/sdk/go/tailscale"
+  "github.com/pulumi/pulumi-tailscale/sdk/go/tailscale"
  "gopkg.in/yaml.v3"
  "os"
-  iac "kittywitch/iac"
+  "kittywitch/iac"
+  "github.com/pulumi/pulumi-command/sdk/go/command/local"
 )

 func main() {
@ -46,12 +47,22 @@ func main() {
      return err
    }

-    // keys, crs, certs
-    _, _, _, err = iac.HandleTSHostCerts(ctx, tailnet, ca_key, ca_cert)
+    keys, _, certs, err := iac.HandleTSHostCerts(ctx, tailnet, ca_key, ca_cert)

    if err != nil {
      return err
    }
+
+    // files for those certs
+
+    files := make(map[string]*local.Command)
+
+    files, err = iac.PKITLSFiles(ctx, files, keys, certs)
+
+    if err != nil {
+      return err
+    }
+
    return err
  })
 }
--- a/std.nix
+++ b/std.nix
@ -1,7 +1,7 @@
 {inputs, ...}: let
  std = let
    baseStd = inputs.std.lib;
-    inherit (baseStd) set function list bool types optional;
+    inherit (baseStd) set function list bool types optional tuple;
    mergeWith = let
      append = {
        path,
@ -50,6 +50,14 @@
      mergeWith {
        inherit sets;
      };
+    remap = f: s: set.fromList (list.map f (set.toList s));
+    renames = names:
+      remap ({
+        _0,
+        _1,
+      }:
+        tuple.tuple2 (names.${_0} or _0) _1);
+    rename = oldName: newName: renames {${oldName} = newName;};
  in
    merge [
      baseStd
@ -58,8 +66,7 @@
          pipe = list.foldl' (function.flip function.compose) function.id;
        };
        set = {
-          inherit merge mergeWith;
-          remap = f: s: set.fromList (list.map f (set.toList s));
+          inherit merge mergeWith remap renames rename;
          recursiveMap = f: s: let
            recurse = str: s: let
              g = str1: str2: