summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2015-10-19 23:46:10 +0200
committermakefu <github@syntax-fehler.de>2015-10-19 23:46:10 +0200
commitded0821d9bf7c85e2197cb7811d5f95987ded02e (patch)
tree2315415090766cb26f10427b797bd95ef4887874
parent8d3ebfc096c10e9d498ca0bed934ad9e35e6c022 (diff)
m 1,2 : wry serves as iodine entry point
-rw-r--r--krebs/3modules/makefu/default.nix2
-rw-r--r--makefu/1systems/wry.nix4
-rw-r--r--makefu/2configs/base-sources.nix6
-rw-r--r--makefu/2configs/iodined.nix16
4 files changed, 23 insertions, 5 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 659e71458..acc5d7dd2 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -127,7 +127,6 @@ with import ../../4lib { inherit lib; };
"krebsco.de" = ''
IN MX 10 mx42
euer IN MX 1 aspmx.l.google.com.
- io IN NS pigstarter.krebsco.de.
pigstarter IN A ${head nets.internet.addrs4}
gold IN A ${head nets.internet.addrs4}
boot IN A ${head nets.internet.addrs4}'';
@@ -165,6 +164,7 @@ with import ../../4lib { inherit lib; };
extraZones = {
"krebsco.de" = ''
wry IN A ${head nets.internet.addrs4}
+ io IN NS wry.krebsco.de.
graphs IN A ${head nets.internet.addrs4}
tinc IN A ${head nets.internet.addrs4}
'';
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 03b19d1c7..a7ed93c43 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -11,6 +11,8 @@ in {
../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
+ ../2configs/iodined.nix
+
# Reaktor
../2configs/Reaktor/simpleExtend.nix
];
@@ -46,7 +48,7 @@ in {
hostnames_anonymous = [ "graphs.krebsco.de" ];
};
- networking.firewall.allowedTCPPorts = [ 80 443 ];
+ networking.firewall.allowedTCPPorts = [ 53 80 443 ];
krebs.build = {
user = config.krebs.users.makefu;
diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix
index 826cd6fef..7e6bebec3 100644
--- a/makefu/2configs/base-sources.nix
+++ b/makefu/2configs/base-sources.nix
@@ -3,9 +3,9 @@
{
krebs.build.source = {
git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- #url = https://github.com/makefu/nixpkgs;
- rev = "dc18f39bfb2f9d1ba62c7e8ad98544bb15cb26b2"; # nixos-15.09
+ #url = https://github.com/NixOS/nixpkgs;
+ url = https://github.com/makefu/nixpkgs;
+ rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine
};
dir.secrets = {
diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix
new file mode 100644
index 000000000..db8a1bfed
--- /dev/null
+++ b/makefu/2configs/iodined.nix
@@ -0,0 +1,16 @@
+{ services,builtins,environment,pkgs, ... }:
+
+let
+ # TODO: make this a parameter
+ domain = "io.krebsco.de";
+ pw = import <secrets/iodinepw.nix>;
+in {
+
+ services.iodined = {
+ enable = true;
+ domain = domain;
+ ip = "172.16.10.1/24";
+ extraConfig = "-P ${pw}";
+ };
+
+}