summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/default.nix
diff options
context:
space:
mode:
authornin <nineinchnade@gmail.com>2017-12-14 21:13:46 +0100
committernin <nineinchnade@gmail.com>2017-12-14 21:13:46 +0100
commit37771ad34e18e0657636c8d0eb5b7392e3b89ba6 (patch)
tree8abda683b425494d2a273fc42d7573499b97a657 /krebs/3modules/default.nix
parent7ed6fd18bb99884889a76ad9f597193861f44dc9 (diff)
parent04f7ae22d6d0720d06f78c712eb9cd245cefce82 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules/default.nix')
-rw-r--r--krebs/3modules/default.nix48
1 files changed, 22 insertions, 26 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index c89f3229d..caeef2885 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -44,6 +44,7 @@ let
./tinc_graphs.nix
./urlwatch.nix
./repo-sync.nix
+ ./zones.nix
];
options.krebs = api;
config = lib.mkIf cfg.enable imp;
@@ -60,6 +61,7 @@ let
hosts = mkOption {
type = with types; attrsOf host;
+ default = {};
};
users = mkOption {
@@ -171,17 +173,6 @@ let
'';
};
- # Implements environment.etc."zones/<zone-name>"
- environment.etc = let
- stripEmptyLines = s: (concatStringsSep "\n"
- (remove "\n" (remove "" (splitString "\n" s)))) + "\n";
- all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
- ([cfg.zone-head-config] ++ combined-hosts);
- combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
- in lib.mapAttrs' (name: value: nameValuePair
- ("zones/" + name)
- { text=(stripEmptyLines value); }) all-zones;
-
krebs.exim-smarthost.internet-aliases = let
format = from: to: {
inherit from;
@@ -234,21 +225,26 @@ let
};
})
//
- # GitHub's IPv4 address range is 192.30.252.0/22
- # Refs https://help.github.com/articles/github-s-ip-addresses/
- # 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
- # Because line length is limited by OPENSSH_LINE_MAX (= 8192),
- # we split each /24 into its own entry.
- listToAttrs (map
- (c: {
- name = "github${toString c}";
- value = {
- hostNames = ["github.com"] ++
- map (d: "192.30.${toString c}.${toString d}") (range 0 255);
- publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
- };
- })
- (range 252 255))
+ {
+ github = {
+ hostNames = [
+ "github.com"
+ # List generated with
+ # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
+ "192.30.253.*"
+ "192.30.254.*"
+ "192.30.255.*"
+ "185.199.108.*"
+ "185.199.109.*"
+ "185.199.110.*"
+ "185.199.111.*"
+ "18.195.85.27"
+ "18.194.104.89"
+ "35.159.8.160"
+ ];
+ publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
+ };
+ }
//
mapAttrs
(name: host: {