summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/krebs.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-06-10 14:07:47 +0200
committertv <tv@krebsco.de>2023-06-21 14:47:04 +0200
commitfdc364520238a38883d28bbfa05ac966e792ed8b (patch)
treecf89afd12d1872ad44607e68b5a7fae0256aae2e /krebs/3modules/krebs.nix
parent5b2ceb1f1d6809578b77db6527dde2afaee8ba54 (diff)
krebs module: pull out ssh logic from base moduleflakify
Diffstat (limited to 'krebs/3modules/krebs.nix')
-rw-r--r--krebs/3modules/krebs.nix111
1 files changed, 4 insertions, 107 deletions
diff --git a/krebs/3modules/krebs.nix b/krebs/3modules/krebs.nix
index 9d509275e..ce63135ec 100644
--- a/krebs/3modules/krebs.nix
+++ b/krebs/3modules/krebs.nix
@@ -2,110 +2,7 @@
with lib;
let
cfg = config.krebs;
-
- out = {
- options.krebs = api;
- config = lib.mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "krebs";
-
- zone-head-config = mkOption {
- type = with types; attrsOf str;
- description = ''
- The zone configuration head which is being used to create the
- zone files. The string for each key is pre-pended to the zone file.
- '';
- # TODO: configure the default somewhere else,
- # maybe use krebs.dns.providers
- default = {
-
- # github.io -> 192.30.252.154
- "krebsco.de" = ''
- $TTL 86400
- @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
- IN NS ns19.ovh.net.
- IN NS dns19.ovh.net.
- '';
- };
- };
- };
-
- imp = lib.mkMerge [
- {
- services.openssh.hostKeys =
- let inherit (config.krebs.build.host.ssh) privkey; in
- mkIf (privkey != null) [privkey];
-
- services.openssh.knownHosts =
- filterAttrs
- (knownHostName: knownHost:
- knownHost.publicKey != null &&
- knownHost.hostNames != []
- )
- (mapAttrs
- (hostName: host: {
- hostNames =
- concatLists
- (mapAttrsToList
- (netName: net:
- let
- aliases =
- concatLists [
- shortAliases
- net.aliases
- net.addrs
- ];
- shortAliases =
- optionals
- (cfg.dns.search-domain != null)
- (map (removeSuffix ".${cfg.dns.search-domain}")
- (filter (hasSuffix ".${cfg.dns.search-domain}")
- net.aliases));
- addPort = alias:
- if net.ssh.port != 22
- then "[${alias}]:${toString net.ssh.port}"
- else alias;
- in
- map addPort aliases
- )
- host.nets);
- publicKey = host.ssh.pubkey;
- })
- (foldl' mergeAttrs {} [
- cfg.hosts
- {
- localhost = {
- nets.local = {
- addrs = [ "127.0.0.1" "::1" ];
- aliases = [ "localhost" ];
- ssh.port = 22;
- };
- ssh.pubkey = config.krebs.build.host.ssh.pubkey;
- };
- }
- ]));
-
- programs.ssh.extraConfig = concatMapStrings
- (net: ''
- Host ${toString (net.aliases ++ net.addrs)}
- Port ${toString net.ssh.port}
- '')
- (filter
- (net: net.ssh.port != 22)
- (concatMap (host: attrValues host.nets)
- (mapAttrsToList
- (_: host: recursiveUpdate host
- (optionalAttrs (cfg.dns.search-domain != null &&
- hasAttr cfg.dns.search-domain host.nets) {
- nets."" = host.nets.${cfg.dns.search-domain} // {
- aliases = [host.name];
- addrs = [];
- };
- }))
- config.krebs.hosts)));
- }
- ];
-
-in out
+in {
+ options.krebs.enable = mkEnableOption "krebs";
+ config = lib.mkIf config.krebs.enable {};
+}