summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-06-30 16:31:05 +0200
committertv <tv@krebsco.de>2016-06-30 16:31:05 +0200
commitd81b068113325fb7604089c3647c365a41804978 (patch)
tree4c43ad2142825ac7c0a7045e5c48a039b25f6786 /krebs/3modules
parent1542f9bbee823025f703e6abf3836905cee416fd (diff)
parentf12578c66f8b7b829c0dec5255f358778c0d3366 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/iptables.nix2
-rw-r--r--krebs/3modules/lass/default.nix38
-rw-r--r--krebs/3modules/makefu/default.nix93
-rw-r--r--krebs/3modules/repo-sync.nix135
-rw-r--r--krebs/3modules/tinc_graphs.nix59
5 files changed, 214 insertions, 113 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index dccc11b3f..b610ff3d1 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -1,4 +1,4 @@
-arg@{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
let
inherit (pkgs) writeText;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 65da85ac4..d2542041f 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -91,6 +91,7 @@ with config.krebs.lib;
"prism.retiolum"
"prism.r"
"cgit.prism.retiolum"
+ "cache.prism.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -107,36 +108,17 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
};
- fastpoke = {
+ domsen-nas = {
nets = rec {
internet = {
- ip4.addr = "193.22.164.36";
aliases = [
- "fastpoke.internet"
+ "domsen-nas.internet"
];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.253.152";
- ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00";
- aliases = [
- "fastpoke.retiolum"
- "fastpoke.r"
- "cgit.fastpoke.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
- DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
- FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
- ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
- EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
- rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ ip4.addr = "87.138.180.167";
+ ssh.port = 2223;
};
};
- ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b";
+ ssh.pubkey = "ssh-dss AAAAB3NzaC1kc3MAAAEBAPH5Hcrc2QzIi7KQLf17N+aUuFfwb7uKxuojzmO3kyb3nMdn3s+rfTCJLWTJeHCeKb6yMpDF1XGXZwVN+omWV8CsA9tivOHYzZws3b0QB/JENjYmhHbNkKijm6EWXSyvsJ2RuFj0PC8+cv77ZFx7VTnrwZk6Excv7v51j+qo5BejLL1ZybISld/n3kQWE+GJqBYJ9zp/25XEl7macH02o58lRhfqygunDlKm4yiq34pfkA7FS4eHNzcXGvmtQlAHeDts1APbKq8OAoYoyCo0gjK9nbAwbfm0yqM51+eIo3H6xLWjSBdMI9guqndNJWps9PpKHa3bvM1xFB3vfoQZ6m8AAAAVAKf8ZCwMgP4ZpqwwNw4vIn1AuLnfAAABAQCVfUrpUWFvf/TXPucJde4CuAmtoMOrjpepAiXK7N9dwGyq/PbVxr4tnJ/RTyNGOFmBroc6/n0MnxR0qmkQPJNtM/Yz+kk+BCgwsyu2uenVOIX/eJFuQPQYiUdktTcgAyChMp99WF4yfKKgv1CDdMkpFi8xgBEN03s1sOKCRNwJ5rlpTNqh9LatuRyzWOIjNd7atkEYIQK92idJgqSmleo+UhJFfoOGjYlRbsnRVbvfqh7GVd7SSydhKhdb2eZjj2J8eMBwHNl1FLtqt02cnFW3FQDdXPbYYakN25z3F3sex/CPuBGJ0HRGq+y/Ynj/m99TPq9vLkzSUQPR4MmQ5feoAAABAG5L9ffMc/8T9dTeF7FEPlS54ka73M+pNY/5ehMykrrS9CVjFmvpeclnxkBpvjt3G5IlvkSsjUEE6kMk7mW9EV+USL0TTU/LavxXD8fLCSiIwResfLDRxjixjxVI1ouZeKNQ6B3tPOWOEIKR5nPlc7iy435nS77/NM3yBFH0KGdepr+3ZmdgWAjDLKjQhNyCz4Joc1IH1Vf5Ccvb6rsaJ91ajiq29iI2ZpLXXIQsS1ZYzO1Gr9xBTNgmzEmeLqFMcxDSJ+rLMF4VDjRdL2zz5BSmv/Ffj2nICMgv/gj3zzuk7zcMpnbvGyA3W8VWb6IjJDvww4rJ21Q2gHBC5XCohJs=";
};
cloudkrebs = {
cores = 1;
@@ -314,5 +296,13 @@ with config.krebs.lib;
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
+ prism-repo-sync = {
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
+ mail = "lass@prism.r";
+ };
+ mors-repo-sync = {
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
+ mail = "lass@mors.r";
+ };
};
}
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 7d4bef9ad..0b58c75cb 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -48,6 +48,12 @@ with config.krebs.lib;
-----END RSA PUBLIC KEY-----
'';
};
+ siem = {
+ ip4.addr = "10.8.10.2";
+ aliases = [
+ "darth.siem"
+ ];
+ };
};
};
tsp = {
@@ -98,6 +104,12 @@ with config.krebs.lib;
-----END RSA PUBLIC KEY-----
'';
};
+ siem = {
+ ip4.addr = "10.8.10.4";
+ aliases = [
+ "arch.siem"
+ ];
+ };
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster";
@@ -184,6 +196,8 @@ with config.krebs.lib;
internet = {
ip4.addr = "104.233.87.86";
aliases = [
+ "wry.i"
+ "paste.i"
"wry.internet"
"paste.internet"
];
@@ -194,10 +208,10 @@ with config.krebs.lib;
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
aliases = [
"graphs.wry.retiolum"
- "graphs.retiolum"
+ "graphs.r" "graphs.retiolum"
"paste.wry.retiolum"
- "paste.retiolum"
- "wry.retiolum"
+ "paste.r" "paste.retiolum"
+ "wry.r" "wry.retiolum"
"wiki.makefu.retiolum"
"wiki.wry.retiolum"
"blog.makefu.retiolum"
@@ -232,15 +246,16 @@ with config.krebs.lib;
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
aliases = [
"filepimp.retiolum"
+ "filepimp.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
- BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
- i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
- 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
- u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
- OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
+ MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
+ 3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
+ wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
+ oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
+ UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
+ 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
@@ -339,6 +354,42 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
+ shoney = rec {
+ cores = 1;
+ nets = {
+ siem = {
+ ip4.addr = "10.8.10.1";
+ aliases = [
+ "sjump.siem"
+ "graphs.siem"
+ ];
+ };
+ internet = {
+ ip4.addr = "64.137.234.215";
+ aliases = [
+ "shoney.i"
+ ];
+ };
+ retiolum = {
+ ip4.addr = "10.243.205.131";
+ ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4";
+ aliases = [
+ "shoney.retiolum"
+ "shoney.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL
+ ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4
+ okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht
+ M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO
+ +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
+ uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
# non-stockholm
@@ -426,6 +477,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
+ lariat = rec {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.64.7";
+ aliases = [
+ "lariat.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX
+ eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA
+ 269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ
+ unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv
+ d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o
+ yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
soundflower = rec {
cores = 1;
nets = {
@@ -568,6 +641,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
+ } // { # hosts only maintained in stockholm, not owned by me
muhbaasu = rec {
cores = 1;
nets = {
@@ -596,7 +670,6 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
};
- } // { # hosts only maintained in stockholm, not owned by me
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index c5c806cdf..0317d1eca 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -11,38 +11,39 @@ let
api = {
enable = mkEnableOption "repo-sync";
- config = mkOption {
- type = with types;attrsOf (attrsOf (attrsOf str));
+ repos = mkOption {
+ type = with types;attrsOf (attrsOf (attrsOf (attrsOf str)));
example = literalExample ''
# see `repo-sync --help`
# `ref` provides sane defaults and can be omitted
# attrset will be converted to json and be used as config
- {
+ { repo = {
makefu = {
- origin = {
- url = http://github.com/makefu/repo ;
- ref = "heads/dev" ;
- };
- mirror = {
- url = "git@internal:mirror" ;
- ref = "heads/github-mirror-dev" ;
- };
+ origin = {
+ url = http://github.com/makefu/repo ;
+ ref = "heads/dev" ;
+ };
+ mirror = {
+ url = "git@internal:mirror" ;
+ ref = "heads/github-mirror-dev" ;
+ };
};
lass = {
- origin = {
- url = http://github.com/lass/repo ;
- };
- mirror = {
- url = "git@internal:mirror" ;
- };
+ origin = {
+ url = http://github.com/lass/repo ;
+ };
+ mirror = {
+ url = "git@internal:mirror" ;
+ };
};
"@latest" = {
- mirror = {
- url = "git@internal:mirror";
- ref = "heads/master";
- };
+ mirror = {
+ url = "git@internal:mirror";
+ ref = "heads/master";
+ };
};
+ };
};
'';
};
@@ -56,53 +57,75 @@ let
type = types.str;
default = "/var/lib/repo-sync";
};
+
+ user = mkOption {
+ type = types.user;
+ default = {
+ name = "repo-sync";
+ home = cfg.stateDir;
+ };
+ };
+
privateKeyFile = mkOption {
- type = types.str;
- description = ''
- used by repo-sync to identify with ssh service
+ type = types.secret-file;
+ default = {
+ path = "${cfg.stateDir}/ssh.priv";
+ owner = cfg.user;
+ source-path = toString <secrets> + "/repo-sync.ssh.key";
+ };
+ };
+
+ unitConfig = mkOption {
+ type = types.attrsOf types.str;
+ description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit";
+ example = literalExample ''
+ # do not start when running on umts
+ { ConditionPathExists = "!/var/run/ppp0.pid"; }
'';
- default = toString <secrets/wolf-repo-sync.rsa_key.priv>;
+ default = {};
};
+
};
- repo-sync-config = pkgs.writeText "repo-sync-config.json"
- (builtins.toJSON cfg.config);
imp = {
- users.users.repo-sync = {
- name = "repo-sync";
- uid = genid "repo-sync";
- description = "repo-sync user";
- home = cfg.stateDir;
+ krebs.secret.files.repo-sync-key = cfg.privateKeyFile;
+ users.users.${cfg.user.name} = {
+ inherit (cfg.user) home name uid;
createHome = true;
+ description = "repo-sync user";
};
- systemd.timers.repo-sync = {
- description = "repo-sync timer";
- wantedBy = [ "timers.target" ];
+ systemd.timers = mapAttrs' (name: repo:
+ nameValuePair "repo-sync-${name}" {
+ description = "repo-sync timer";
+ wantedBy = [ "timers.target" ];
- timerConfig = cfg.timerConfig;
- };
- systemd.services.repo-sync = {
- description = "repo-sync";
- after = [ "network.target" ];
+ timerConfig = cfg.timerConfig;
+ }
+ ) cfg.repos;
- path = with pkgs; [ ];
+ systemd.services = mapAttrs' (name: repo:
+ let
+ repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json"
+ (builtins.toJSON repo);
+ in nameValuePair "repo-sync-${name}" {
+ description = "repo-sync";
+ after = [ "network.target" "secret.service" ];
- environment = {
- GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
- };
+ environment = {
+ GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
+ REPONAME = "${name}.git";
+ };
- serviceConfig = {
- Type = "simple";
- PermissionsStartOnly = true;
- ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
- cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
- chown repo-sync ${cfg.stateDir}/ssh.priv
- '';
- ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
- WorkingDirectory = cfg.stateDir;
- User = "repo-sync";
- };
- };
+ serviceConfig = {
+ Type = "simple";
+ PermissionsStartOnly = true;
+ ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
+ WorkingDirectory = cfg.stateDir;
+ User = "repo-sync";
+ };
+ unitConfig = cfg.unitConfig;
+ }
+ ) cfg.repos;
};
in out
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index dec89d249..0f1bae090 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -20,6 +20,18 @@ let
default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat";
};
+ hostsPath = mkOption {
+ type = types.str;
+ description = "Path to Hosts directory";
+ default = "${config.krebs.retiolum.hostsPackage}";
+ };
+
+ network = mkOption {
+ type = types.str;
+ description = "Tinc Network to use";
+ default = "retiolum";
+ };
+
nginx = {
enable = mkEnableOption "enable tinc_graphs to be served with nginx";
@@ -73,10 +85,10 @@ let
};
imp = {
- environment.systemPackages = [ pkgs.tinc_graphs];
+ environment.systemPackages = [ pkgs.tinc_graphs ];
systemd.timers.tinc_graphs = {
description = "Build Tinc Graphs via via timer";
- wantedBy = [ "timers.target"];
+ wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig;
};
systemd.services.tinc_graphs = {
@@ -85,7 +97,8 @@ let
EXTERNAL_FOLDER = external_dir;
INTERNAL_FOLDER = internal_dir;
GEODB = cfg.geodbPath;
- TINC_HOSTPATH = config.krebs.retiolum.hostsPackage;
+ TINC_HOSTPATH = cfg.hostsPath;
+ TINC_NETWORK = cfg.network;
};
restartIfChanged = true;
@@ -103,7 +116,7 @@ let
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
fi
'';
- ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
+ ExecStart = ''${pkgs.tinc_graphs}/bin/all-the-graphs "${cfg.network}"'';
ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
# TODO: this may break if workingDir is set to something stupid
@@ -121,24 +134,26 @@ let
uid = genid "tinc_graphs";
home = "/var/spool/tinc_graphs";
};
-
- krebs.nginx.servers = mkIf cfg.nginx.enable {
- tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
- locations = [
- (nameValuePair "/" ''
- autoindex on;
- root ${internal_dir};
- '')
- ];
- }] ;
- tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous {
- locations = [
- (nameValuePair "/" ''
- autoindex on;
- root ${external_dir};
- '')
- ];
- }];
+ krebs.nginx = mkIf cfg.nginx.enable {
+ enable = mkDefault true;
+ servers = {
+ tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
+ locations = [
+ (nameValuePair "/" ''
+ autoindex on;
+ root ${internal_dir};
+ '')
+ ];
+ }] ;
+ tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous {
+ locations = [
+ (nameValuePair "/" ''
+ autoindex on;
+ root ${external_dir};
+ '')
+ ];
+ }];
+ };
};
};