forked from hacc/haccfiles
Compare commits
2 commits
Author | SHA1 | Date | |
---|---|---|---|
|
584460b1c7 | ||
|
0c076f9805 |
10 changed files with 246 additions and 113 deletions
|
@ -19,6 +19,7 @@
|
||||||
./services/hasenloch.nix
|
./services/hasenloch.nix
|
||||||
./services/syncthing.nix
|
./services/syncthing.nix
|
||||||
./services/monitoring.nix
|
./services/monitoring.nix
|
||||||
|
../../services/dns
|
||||||
];
|
];
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
boot.loader.grub.version = 2;
|
||||||
|
@ -54,6 +55,11 @@
|
||||||
interface = "enp6s0";
|
interface = "enp6s0";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
hexchen.dns.zones."hacc.space".subdomains.hainich = {
|
||||||
|
A = [ (lib.head config.networking.interfaces.enp6s0.ipv4.addresses).address ];
|
||||||
|
AAAA = [ (lib.head config.networking.interfaces.enp6s0.ipv6.addresses).address ];
|
||||||
|
};
|
||||||
|
|
||||||
hacc.nftables.nat.enable = true;
|
hacc.nftables.nat.enable = true;
|
||||||
networking.nat.internalInterfaces = ["ve-+"];
|
networking.nat.internalInterfaces = ["ve-+"];
|
||||||
networking.nat.internalIPs = [ "192.168.100.0/24" "172.17.0.0/16" ];
|
networking.nat.internalIPs = [ "192.168.100.0/24" "172.17.0.0/16" ];
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
hexchen.dns.zones."hacc.space".subdomains."pad".CNAME = [ "hainich.hacc.space" ];
|
||||||
containers.codimd = {
|
containers.codimd = {
|
||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
hostAddress = "192.168.100.1";
|
hostAddress = "192.168.100.1";
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
hexchen.dns.zones."4future.dev".subdomains.waszumfff.CNAME = [ "hainich.hacc.space." ];
|
||||||
|
|
||||||
virtualisation.oci-containers.containers."ghost-waszumfff" = {
|
virtualisation.oci-containers.containers."ghost-waszumfff" = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
environment = {
|
environment = {
|
||||||
|
|
|
@ -1,12 +1,32 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
sources = import ../../../nix/sources.nix;
|
sources = import ../../../nix/sources.nix;
|
||||||
|
|
||||||
|
defaultDns = with pkgs.dns.combinators; {
|
||||||
|
MX = [ (mx.mx 10 "mail.hacc.space.") ];
|
||||||
|
TXT = [ (spf.strict [ "+mx" ]) ];
|
||||||
|
};
|
||||||
|
|
||||||
|
dkim = txt: { subdomains."mail._domainkey".TXT = [ txt ]; };
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
sources.nixos-mailserver.outPath
|
sources.nixos-mailserver.outPath
|
||||||
];
|
];
|
||||||
|
|
||||||
|
hexchen.dns.zones = {
|
||||||
|
"hacc.space" = {
|
||||||
|
inherit (defaultDns) MX TXT;
|
||||||
|
subdomains."mail".CNAME = [ "hainich.hacc.space" ];
|
||||||
|
} // (dkim "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1bIWqIW2WO5jLy2oZbvAqfCAkO6y64HiQ1lI50M36zn7xaJlRAaXo9FNdEYW09TY2dUC2dNVT7AG6EypfjHN9WNwAYoZVQOBLigZW2h47gy3LV8/GoaJLhAMfJEyTdgQUJf+ScnLKD30CLpezcVChYWljRBE1NSAHyymS9Ty/1wIDAQAB");
|
||||||
|
"infra4future.de" = {
|
||||||
|
inherit (defaultDns) MX TXT;
|
||||||
|
subdomains.discuss = defaultDns;
|
||||||
|
} // (dkim "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1KO8EiAcR57TbiVW/T57GVllZp1Kk7wlqXyRAPLqf4huk3S+KBlUtkv/6JW14jiaEnvZSWnh2B0HCdX11EdrCt9sprvbirYssUZdn2j7f4MN0fhQAxRqEFcN+zzVl90T6gqhH8Apu2LlYtFos2YisKNZcgUiuYT/Ba9bCwjnMbwIDAQAB");
|
||||||
|
"4future.dev" = defaultDns // dkim "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWQM4k4kvqoEZDEAo+li7URJ+k4aFI4C7XTIqwBT7UAXL2wHPWUmHftudK7VfemdmHdSwVdiFqAs3fMZFXTgbctc5+zG0hB03yOpm42pcf+kkYb4lvXlRoloEorN+XP9PmyNdW14p6ikQGCV//v/nliiraOSrqPaCciB0C6bD7bwIDAQAB";
|
||||||
|
# "4futu.re" = defaultDns // dkim "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIORy3U05TE0yU/778OaXZ4JDQ5ztK8Set6mClIs8s4Wrtx53Fsq3ahmnglE7ypucsQ1N87Vfv+YjI/X/ndMAYcs8ZjuJRwUqFJnMADAPkPa4lwg3+AgNQYLQsjVpKTZAz83NWWQAZ9QwukgML8sU0cP33eJkiQJ27C/L7kQNlXQIDAQAB";
|
||||||
|
# "hacc.earth" = defaultDns // dkim "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwFuOQLtDRJU+0Q63GWZocTHwh3bSVjCV4ebgVTBmLxR48RmFqoz1LnYyTBqOGZTq5lvzJuoFcvpBGyJ+jBYNeQKsMY32BHJ0ju2e4nqTPR7SL8x5fBIAj0z2C5DFUnr5S0g+yPbwziQyos9qeJMy7XdtnrLboh635qPSGTgEY/QIDAQAB";
|
||||||
|
};
|
||||||
mailserver = {
|
mailserver = {
|
||||||
mailDirectory = "/data/mail";
|
mailDirectory = "/data/mail";
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -14,110 +34,110 @@ in {
|
||||||
domains = [ "hacc.space" "hacc.earth" "4future.dev" "4futu.re" "infra4future.de" "discuss.infra4future.de" ];
|
domains = [ "hacc.space" "hacc.earth" "4future.dev" "4futu.re" "infra4future.de" "discuss.infra4future.de" ];
|
||||||
|
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"hexchen@hacc.space" = {
|
"hexchen@hacc.space" = {
|
||||||
hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
|
hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
|
||||||
|
|
||||||
aliases = [
|
aliases = [
|
||||||
"postmaster@hacc.space"
|
"postmaster@hacc.space"
|
||||||
"abuse@hacc.space"
|
"abuse@hacc.space"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
"octycs@hacc.space" = {
|
"octycs@hacc.space" = {
|
||||||
hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
|
hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
|
||||||
|
|
||||||
aliases = [
|
aliases = [
|
||||||
"markus@hacc.space"
|
"markus@hacc.space"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
"raphael@hacc.space" = {
|
"raphael@hacc.space" = {
|
||||||
hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
|
hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
|
||||||
};
|
};
|
||||||
|
|
||||||
"engelsystem@hacc.space" = {
|
"engelsystem@hacc.space" = {
|
||||||
hashedPassword = "$6$5cIAEhJ7af7M$eJBPQc3ONd.N3HKPFpxfG7liZbUXPvWuSpWVgeG7rmsG7f7.Zdxtodvt5VaXoA3AEiv3GqcY.gKHISK/Gg0ib/";
|
hashedPassword = "$6$5cIAEhJ7af7M$eJBPQc3ONd.N3HKPFpxfG7liZbUXPvWuSpWVgeG7rmsG7f7.Zdxtodvt5VaXoA3AEiv3GqcY.gKHISK/Gg0ib/";
|
||||||
};
|
};
|
||||||
|
|
||||||
"schweby@hacc.space" = {
|
"schweby@hacc.space" = {
|
||||||
hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
|
hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
|
||||||
};
|
};
|
||||||
|
|
||||||
"zauberberg@hacc.space" = {
|
"zauberberg@hacc.space" = {
|
||||||
hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
|
hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
|
||||||
aliases = [
|
aliases = [
|
||||||
"lukas@hacc.space"
|
"lukas@hacc.space"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
"talx@hacc.space" = {
|
"talx@hacc.space" = {
|
||||||
hashedPassword = "$6$0hIKRoMJS./JSE$tXizRgphhNM3ZYx216VdRv1OiyZoYXsjGqSudTDu8vB8eZb03Axi31VKV87RXiEGGixdvTsHEKpx032aOzzt31";
|
hashedPassword = "$6$0hIKRoMJS./JSE$tXizRgphhNM3ZYx216VdRv1OiyZoYXsjGqSudTDu8vB8eZb03Axi31VKV87RXiEGGixdvTsHEKpx032aOzzt31";
|
||||||
};
|
};
|
||||||
|
|
||||||
"unms@hacc.space" = {
|
"unms@hacc.space" = {
|
||||||
hashedPassword = "$6$pYlNP37913$sGE3L722ceP.1Qm5lsffYUN919hPP1xRTrzco3ic3Op21iiknBkOY04eY2l3Um/Bpk/yV89aJD0eaB/5RCbWR1";
|
hashedPassword = "$6$pYlNP37913$sGE3L722ceP.1Qm5lsffYUN919hPP1xRTrzco3ic3Op21iiknBkOY04eY2l3Um/Bpk/yV89aJD0eaB/5RCbWR1";
|
||||||
};
|
};
|
||||||
|
|
||||||
"noreply@hacc.space" = {
|
"noreply@hacc.space" = {
|
||||||
hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
|
hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
|
||||||
};
|
};
|
||||||
"stuebinm@hacc.space" = {
|
"stuebinm@hacc.space" = {
|
||||||
hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
|
hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
|
||||||
};
|
};
|
||||||
"newsletter@hacc.space" = {
|
"newsletter@hacc.space" = {
|
||||||
hashedPassword = "$6$f0xKnQxBInd$zbVIi1lTKWauqW.c8sMNLHNwzn81oQrVOiIfJwPa98n9xWz/NkjuWLYuFpK.MSZwNwP7Yv/a/qaOb9v8qv/.N1";
|
hashedPassword = "$6$f0xKnQxBInd$zbVIi1lTKWauqW.c8sMNLHNwzn81oQrVOiIfJwPa98n9xWz/NkjuWLYuFpK.MSZwNwP7Yv/a/qaOb9v8qv/.N1";
|
||||||
};
|
};
|
||||||
"lenny@hacc.space" = {
|
"lenny@hacc.space" = {
|
||||||
hashedPassword = "$6$dR.lhYiJDpsR4.dw$n7bCbyTm97v/O8Ue44n58YwOmmct..Gt5TeAmen8C5FWyPTwTh65XCjwc27gNFVGnZLwsRJwMJ.E9D0oJEzUh0";
|
hashedPassword = "$6$dR.lhYiJDpsR4.dw$n7bCbyTm97v/O8Ue44n58YwOmmct..Gt5TeAmen8C5FWyPTwTh65XCjwc27gNFVGnZLwsRJwMJ.E9D0oJEzUh0";
|
||||||
};
|
};
|
||||||
|
|
||||||
# service accounts
|
# service accounts
|
||||||
"gitlab@infra4future.de".hashedPassword = "$6$8vvkYuxv$9xV5WktsqfgM3cWSxonjtaohm7oqvDC5qsgJCJBATwesjTRxd/QTLa7t7teK8Nzyl.Py26xz.NvYowCZQ4aBE1";
|
"gitlab@infra4future.de".hashedPassword = "$6$8vvkYuxv$9xV5WktsqfgM3cWSxonjtaohm7oqvDC5qsgJCJBATwesjTRxd/QTLa7t7teK8Nzyl.Py26xz.NvYowCZQ4aBE1";
|
||||||
"noreply@infra4future.de".hashedPassword = "$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
|
"noreply@infra4future.de".hashedPassword = "$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
|
||||||
"discuss@infra4future.de".hashedPassword = "$6$8x8/OlMFjq1$S54jdBh7WjrdC6UtbYAHHzMJak7Ai/CjwmWBBbqh7yRHuZt.mfZrsfBNiL3JKBHE7seQ7JYRU99lJKCU6Aujg/";
|
"discuss@infra4future.de".hashedPassword = "$6$8x8/OlMFjq1$S54jdBh7WjrdC6UtbYAHHzMJak7Ai/CjwmWBBbqh7yRHuZt.mfZrsfBNiL3JKBHE7seQ7JYRU99lJKCU6Aujg/";
|
||||||
};
|
};
|
||||||
|
|
||||||
extraVirtualAliases = {
|
extraVirtualAliases = {
|
||||||
# address = forward address;
|
# address = forward address;
|
||||||
"info@hacc.space" = [
|
"info@hacc.space" = [
|
||||||
"hexchen@hacc.space"
|
"hexchen@hacc.space"
|
||||||
"octycs@hacc.space"
|
"octycs@hacc.space"
|
||||||
"raphael@hacc.space"
|
"raphael@hacc.space"
|
||||||
"schweby@hacc.space"
|
"schweby@hacc.space"
|
||||||
"zauberberg@hacc.space"
|
"zauberberg@hacc.space"
|
||||||
"stuebinm@hacc.space"
|
"stuebinm@hacc.space"
|
||||||
"lenny@hacc.space"
|
"lenny@hacc.space"
|
||||||
];
|
];
|
||||||
"himmel@hacc.space" = [
|
"himmel@hacc.space" = [
|
||||||
"hexchen@hacc.space"
|
"hexchen@hacc.space"
|
||||||
"schweby@hacc.space"
|
"schweby@hacc.space"
|
||||||
"zauberberg@hacc.space"
|
"zauberberg@hacc.space"
|
||||||
];
|
];
|
||||||
"admin@hacc.space" = [
|
"admin@hacc.space" = [
|
||||||
"hexchen@hacc.space"
|
"hexchen@hacc.space"
|
||||||
"schweby@hacc.space"
|
"schweby@hacc.space"
|
||||||
"zauberberg@hacc.space"
|
"zauberberg@hacc.space"
|
||||||
];
|
];
|
||||||
"voc@hacc.space" = [
|
"voc@hacc.space" = [
|
||||||
"hexchen@hacc.space"
|
"hexchen@hacc.space"
|
||||||
"schweby@hacc.space"
|
"schweby@hacc.space"
|
||||||
"octycs@hacc.space"
|
"octycs@hacc.space"
|
||||||
"stuebinm@hacc.space"
|
"stuebinm@hacc.space"
|
||||||
"zauberberg@hacc.space"
|
"zauberberg@hacc.space"
|
||||||
"lenny@hacc.space"
|
"lenny@hacc.space"
|
||||||
];
|
];
|
||||||
"vorstand@hacc.space" = [
|
"vorstand@hacc.space" = [
|
||||||
"raphael@hacc.space"
|
"raphael@hacc.space"
|
||||||
"schweby@hacc.space"
|
"schweby@hacc.space"
|
||||||
"zauberberg@hacc.space"
|
"zauberberg@hacc.space"
|
||||||
];
|
];
|
||||||
"mitglieder@hacc.space" = [
|
"mitglieder@hacc.space" = [
|
||||||
"raphael@hacc.space"
|
"raphael@hacc.space"
|
||||||
"schweby@hacc.space"
|
"schweby@hacc.space"
|
||||||
"zauberberg@hacc.space"
|
"zauberberg@hacc.space"
|
||||||
"lenny@hacc.space"
|
"lenny@hacc.space"
|
||||||
"octycs@hacc.space"
|
"octycs@hacc.space"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
hexchen.dns.zones."hacc.space".subdomains."mumble".CNAME = [ "hainich.hacc.space" ];
|
||||||
services.murmur = {
|
services.murmur = {
|
||||||
enable = true;
|
enable = true;
|
||||||
logDays = -1;
|
logDays = -1;
|
||||||
|
|
|
@ -5,5 +5,6 @@ in {
|
||||||
imports = [
|
imports = [
|
||||||
./nftnat
|
./nftnat
|
||||||
./decklink.nix
|
./decklink.nix
|
||||||
|
"${sources.nix-hexchen}/modules/dns"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
"branch": "main",
|
"branch": "main",
|
||||||
"ref": "main",
|
"ref": "main",
|
||||||
"repo": "https://gitlab.com/hexchen/nixfiles.git",
|
"repo": "https://gitlab.com/hexchen/nixfiles.git",
|
||||||
"rev": "c87f132c9d3932e61ddfeea50a6f810a19d41f79",
|
"rev": "c1575d780087a90cf38a29198aafd0139efd599f",
|
||||||
"type": "git"
|
"type": "git"
|
||||||
},
|
},
|
||||||
"nixos-mailserver": {
|
"nixos-mailserver": {
|
||||||
|
|
|
@ -6,25 +6,33 @@ let
|
||||||
# The fetchers. fetch_<type> fetches specs of type <type>.
|
# The fetchers. fetch_<type> fetches specs of type <type>.
|
||||||
#
|
#
|
||||||
|
|
||||||
fetch_file = pkgs: spec:
|
fetch_file = pkgs: name: spec:
|
||||||
if spec.builtin or true then
|
let
|
||||||
builtins_fetchurl { inherit (spec) url sha256; }
|
name' = sanitizeName name + "-src";
|
||||||
else
|
in
|
||||||
pkgs.fetchurl { inherit (spec) url sha256; };
|
if spec.builtin or true then
|
||||||
|
builtins_fetchurl { inherit (spec) url sha256; name = name'; }
|
||||||
|
else
|
||||||
|
pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
|
||||||
|
|
||||||
fetch_tarball = pkgs: name: spec:
|
fetch_tarball = pkgs: name: spec:
|
||||||
let
|
let
|
||||||
ok = str: ! builtins.isNull (builtins.match "[a-zA-Z0-9+-._?=]" str);
|
name' = sanitizeName name + "-src";
|
||||||
# sanitize the name, though nix will still fail if name starts with period
|
|
||||||
name' = stringAsChars (x: if ! ok x then "-" else x) "${name}-src";
|
|
||||||
in
|
in
|
||||||
if spec.builtin or true then
|
if spec.builtin or true then
|
||||||
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
|
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
|
||||||
else
|
else
|
||||||
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
|
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
|
||||||
|
|
||||||
fetch_git = spec:
|
fetch_git = name: spec:
|
||||||
builtins.fetchGit { url = spec.repo; inherit (spec) rev ref; };
|
let
|
||||||
|
ref =
|
||||||
|
if spec ? ref then spec.ref else
|
||||||
|
if spec ? branch then "refs/heads/${spec.branch}" else
|
||||||
|
if spec ? tag then "refs/tags/${spec.tag}" else
|
||||||
|
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
|
||||||
|
in
|
||||||
|
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
|
||||||
|
|
||||||
fetch_local = spec: spec.path;
|
fetch_local = spec: spec.path;
|
||||||
|
|
||||||
|
@ -40,11 +48,21 @@ let
|
||||||
# Various helpers
|
# Various helpers
|
||||||
#
|
#
|
||||||
|
|
||||||
|
# https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
|
||||||
|
sanitizeName = name:
|
||||||
|
(
|
||||||
|
concatMapStrings (s: if builtins.isList s then "-" else s)
|
||||||
|
(
|
||||||
|
builtins.split "[^[:alnum:]+._?=-]+"
|
||||||
|
((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
# The set of packages used when specs are fetched using non-builtins.
|
# The set of packages used when specs are fetched using non-builtins.
|
||||||
mkPkgs = sources:
|
mkPkgs = sources: system:
|
||||||
let
|
let
|
||||||
sourcesNixpkgs =
|
sourcesNixpkgs =
|
||||||
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {};
|
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; };
|
||||||
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
|
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
|
||||||
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
|
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
|
||||||
in
|
in
|
||||||
|
@ -64,9 +82,9 @@ let
|
||||||
|
|
||||||
if ! builtins.hasAttr "type" spec then
|
if ! builtins.hasAttr "type" spec then
|
||||||
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
|
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
|
||||||
else if spec.type == "file" then fetch_file pkgs spec
|
else if spec.type == "file" then fetch_file pkgs name spec
|
||||||
else if spec.type == "tarball" then fetch_tarball pkgs name spec
|
else if spec.type == "tarball" then fetch_tarball pkgs name spec
|
||||||
else if spec.type == "git" then fetch_git spec
|
else if spec.type == "git" then fetch_git name spec
|
||||||
else if spec.type == "local" then fetch_local spec
|
else if spec.type == "local" then fetch_local spec
|
||||||
else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
|
else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
|
||||||
else if spec.type == "builtin-url" then fetch_builtin-url name
|
else if spec.type == "builtin-url" then fetch_builtin-url name
|
||||||
|
@ -80,7 +98,10 @@ let
|
||||||
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
|
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
|
||||||
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
||||||
in
|
in
|
||||||
if ersatz == "" then drv else ersatz;
|
if ersatz == "" then drv else
|
||||||
|
# this turns the string into an actual Nix path (for both absolute and
|
||||||
|
# relative paths)
|
||||||
|
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
|
||||||
|
|
||||||
# Ports of functions for older nix versions
|
# Ports of functions for older nix versions
|
||||||
|
|
||||||
|
@ -98,25 +119,29 @@ let
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
|
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
|
||||||
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
|
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
|
||||||
|
concatMapStrings = f: list: concatStrings (map f list);
|
||||||
concatStrings = builtins.concatStringsSep "";
|
concatStrings = builtins.concatStringsSep "";
|
||||||
|
|
||||||
|
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
|
||||||
|
optionalAttrs = cond: as: if cond then as else {};
|
||||||
|
|
||||||
# fetchTarball version that is compatible between all the versions of Nix
|
# fetchTarball version that is compatible between all the versions of Nix
|
||||||
builtins_fetchTarball = { url, name, sha256 }@attrs:
|
builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
|
||||||
let
|
let
|
||||||
inherit (builtins) lessThan nixVersion fetchTarball;
|
inherit (builtins) lessThan nixVersion fetchTarball;
|
||||||
in
|
in
|
||||||
if lessThan nixVersion "1.12" then
|
if lessThan nixVersion "1.12" then
|
||||||
fetchTarball { inherit name url; }
|
fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
|
||||||
else
|
else
|
||||||
fetchTarball attrs;
|
fetchTarball attrs;
|
||||||
|
|
||||||
# fetchurl version that is compatible between all the versions of Nix
|
# fetchurl version that is compatible between all the versions of Nix
|
||||||
builtins_fetchurl = { url, sha256 }@attrs:
|
builtins_fetchurl = { url, name ? null, sha256 }@attrs:
|
||||||
let
|
let
|
||||||
inherit (builtins) lessThan nixVersion fetchurl;
|
inherit (builtins) lessThan nixVersion fetchurl;
|
||||||
in
|
in
|
||||||
if lessThan nixVersion "1.12" then
|
if lessThan nixVersion "1.12" then
|
||||||
fetchurl { inherit url; }
|
fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
|
||||||
else
|
else
|
||||||
fetchurl attrs;
|
fetchurl attrs;
|
||||||
|
|
||||||
|
@ -135,7 +160,8 @@ let
|
||||||
mkConfig =
|
mkConfig =
|
||||||
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
|
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
|
||||||
, sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
|
, sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
|
||||||
, pkgs ? mkPkgs sources
|
, system ? builtins.currentSystem
|
||||||
|
, pkgs ? mkPkgs sources system
|
||||||
}: rec {
|
}: rec {
|
||||||
# The sources, i.e. the attribute set of spec name to spec
|
# The sources, i.e. the attribute set of spec name to spec
|
||||||
inherit sources;
|
inherit sources;
|
||||||
|
|
|
@ -13,6 +13,13 @@ let
|
||||||
extraPath = super.extraPath + ":${pkgs.zfs}/bin";
|
extraPath = super.extraPath + ":${pkgs.zfs}/bin";
|
||||||
});
|
});
|
||||||
|
|
||||||
|
dns = import (pkgs.fetchFromGitHub {
|
||||||
|
owner = "kirelagin";
|
||||||
|
repo = "nix-dns";
|
||||||
|
rev = "v0.3.1";
|
||||||
|
sha256 = "1ykmx6b7al1sh397spnpqis7c9bp0yfmgxxp3v3j7qq45fa5fs09";
|
||||||
|
} + "/dns") { inherit pkgs; };
|
||||||
|
|
||||||
linuxPackagesFor = kernel: (pkgs.linuxPackagesFor kernel).extend (_: ksuper: {
|
linuxPackagesFor = kernel: (pkgs.linuxPackagesFor kernel).extend (_: ksuper: {
|
||||||
decklink = callPackage ./decklink { kernel = ksuper.kernel; };
|
decklink = callPackage ./decklink { kernel = ksuper.kernel; };
|
||||||
});
|
});
|
||||||
|
|
69
services/dns/default.nix
Normal file
69
services/dns/default.nix
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
hexchen.deploy.groups = [ "dns" ];
|
||||||
|
services.kresd.enable = lib.mkForce false;
|
||||||
|
hexchen.dns = {
|
||||||
|
enable = true;
|
||||||
|
dnssec = {
|
||||||
|
enable = true;
|
||||||
|
doSplitSigning = true;
|
||||||
|
};
|
||||||
|
symlinkZones = true;
|
||||||
|
allZones = with pkgs.dns.combinators; let
|
||||||
|
common = {
|
||||||
|
SOA = {
|
||||||
|
nameServer = "ns1.infra4future.de.";
|
||||||
|
adminEmail = "admin@infra4future.de";
|
||||||
|
serial = 2020022102;
|
||||||
|
};
|
||||||
|
} // delegateTo [ "ns1.infra4future.de." "ns2.infra4future.de." ];
|
||||||
|
|
||||||
|
pages = a "95.217.84.3";
|
||||||
|
minecraftSRV = port: target: { service = "minecraft"; proto = "tcp"; inherit port target; };
|
||||||
|
|
||||||
|
allZones = config.hexchen.dns.allZones;
|
||||||
|
in {
|
||||||
|
"infra4future.de" = common // {
|
||||||
|
A = [ pages ];
|
||||||
|
subdomains = {
|
||||||
|
libocedrus.A = [ (a "95.217.84.23") ];
|
||||||
|
|
||||||
|
www.CNAME = [ (cname "hacc.4future.dev") ];
|
||||||
|
|
||||||
|
auth.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||||
|
cloud.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||||
|
discuss.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||||
|
listmonk.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||||
|
mattermost.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||||
|
onlyoffice.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||||
|
survey.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||||
|
wiki.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||||
|
|
||||||
|
gitlab.CNAME = [ (cname "libocedrus.infra4future.de.") ];
|
||||||
|
registry.CNAME = [ (cname "gitlab.infra4future.de.") ];
|
||||||
|
ssh.CNAME = [ (cname "gitlab.infra4future.de.") ];
|
||||||
|
|
||||||
|
"_gitlab-pages-verification-code".TXT = [ "gitlab-pages-verification-code=3d9e1d733851cd8f7178330b62a5b783" ];
|
||||||
|
"_gitlab-pages-verification-code.www".TXT = [ "gitlab-pages-verification-code=c0472d3d954e4586def9b20a237aa141" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
"hacc.space" = common // {
|
||||||
|
inherit (allZones."infra4future.de".subdomains.libocedrus) A;
|
||||||
|
subdomains = {
|
||||||
|
wink.CNAME = [ (cname "infra4future.de.") ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
"4future.dev" = common // {
|
||||||
|
A = [ pages ];
|
||||||
|
SRV = [ (minecraftSRV 25565 "minecraft.4future.dev.") ];
|
||||||
|
subdomains = {
|
||||||
|
"*".CNAME = [ (cname "libocedrus.4future.dev.") ];
|
||||||
|
libocedrus.A = [ pages ];
|
||||||
|
|
||||||
|
minecraft.A = [ (a "95.217.84.23") ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue