From 8f53937c40a88fc59c02a993315c29d32ff2d09c Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 16:52:32 +0100 Subject: types host: cores can also be 0 --- lib/types.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/types.nix b/lib/types.nix index 016853300..41e75154e 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -19,7 +19,7 @@ rec { default = config._module.args.name; }; cores = mkOption { - type = positive; + type = uint; }; nets = mkOption { type = attrsOf net; -- cgit v1.2.3 From 8ce6ab8401a243bdc7b9bfa56a861276ca279a73 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 7 Dec 2018 13:16:41 +0100 Subject: lib.krebs: init --- lib/default.nix | 1 + lib/krebs/default.nix | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 lib/krebs/default.nix (limited to 'lib') diff --git a/lib/default.nix b/lib/default.nix index 348d47e85..bf8c65e21 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -5,6 +5,7 @@ let evalSource = import ./eval-source.nix; git = import ./git.nix { inherit lib; }; + krebs = import ./krebs lib; krops = import ../submodules/krops/lib; shell = import ./shell.nix { inherit lib; }; types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; diff --git a/lib/krebs/default.nix b/lib/krebs/default.nix new file mode 100644 index 000000000..c9d9bef63 --- /dev/null +++ b/lib/krebs/default.nix @@ -0,0 +1,3 @@ +lib: +with lib; +mapNixDir (flip import lib) ./. -- cgit v1.2.3 From 24c9ea126b620f341ec95b9c779fddb55c144ab2 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 7 Dec 2018 13:17:16 +0100 Subject: lib.krebs.genipv6: init --- lib/krebs/genipv6.nix | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 lib/krebs/genipv6.nix (limited to 'lib') diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix new file mode 100644 index 000000000..8d5ca1667 --- /dev/null +++ b/lib/krebs/genipv6.nix @@ -0,0 +1,92 @@ +lib: +with lib; +let { + body = netname: subnetname: suffix: rec { + address = let + suffix' = + if hasEmptyGroup (parseAddress suffix) + then suffix + else joinAddress "::" suffix; + in + checkAddress addressLength (joinAddress subnetPrefix suffix'); + addressCIDR = "${address}/${toString addressLength}"; + addressLength = 128; + + inherit netname; + netCIDR = "${netAddress}/${toString netPrefixLength}"; + netAddress = joinAddress netPrefix "::"; + netHash = toString { + retiolum = 0; + wirelum = 1; + }.${netname}; + netPrefix = "42:${netHash}"; + netPrefixLength = { + retiolum = 32; + wirelum = 32; + }.${netname}; + + inherit subnetname; + subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}"; + subnetAddress = joinAddress subnetPrefix "::"; + subnetHash = hash subnetname; + subnetPrefix = joinAddress netPrefix subnetHash; + subnetPrefixLength = netPrefixLength + 16; + + inherit suffix; + suffixLength = addressLength - subnetPrefixLength; + }; + + hash = s: head (match "0*(.*)" (substring 0 4 (hashString "sha256" s))); + + dropLast = n: xs: reverseList (drop n (reverseList xs)); + takeLast = n: xs: reverseList (take n (reverseList xs)); + + hasEmptyPrefix = xs: take 2 xs == ["" ""]; + hasEmptySuffix = xs: takeLast 2 xs == ["" ""]; + hasEmptyInfix = xs: any (x: x == "") (trimEmpty 2 xs); + + hasEmptyGroup = xs: + any (p: p xs) [hasEmptyPrefix hasEmptyInfix hasEmptySuffix]; + + ltrimEmpty = n: xs: if hasEmptyPrefix xs then drop n xs else xs; + rtrimEmpty = n: xs: if hasEmptySuffix xs then dropLast n xs else xs; + trimEmpty = n: xs: rtrimEmpty n (ltrimEmpty n xs); + + parseAddress = splitString ":"; + formatAddress = concatStringsSep ":"; + + check = s: c: if !c then throw "${s}" else true; + + checkAddress = maxaddrlen: addr: let + parsedaddr = parseAddress addr; + normalizedaddr = trimEmpty 1 parsedaddr; + in + assert (check "address malformed; lone leading colon: ${addr}" ( + head parsedaddr == "" -> tail (take 2 parsedaddr) == "" + )); + assert (check "address malformed; lone trailing colon ${addr}" ( + last parsedaddr == "" -> head (takeLast 2 parsedaddr) == "" + )); + assert (check "address malformed; too many successive colons: ${addr}" ( + length (filter (x: x == "") normalizedaddr) > 1 -> addr == [""] + )); + assert (check "address malformed: ${addr}" ( + all (test "[0-9a-f]{0,4}") parsedaddr + )); + assert (check "address is too long: ${addr}" ( + length normalizedaddr * 16 <= maxaddrlen + )); + addr; + + joinAddress = prefix: suffix: let + parsedPrefix = parseAddress prefix; + parsedSuffix = parseAddress suffix; + normalizePrefix = rtrimEmpty 2 parsedPrefix; + normalizeSuffix = ltrimEmpty 2 parsedSuffix; + delimiter = + optional (length (normalizePrefix ++ normalizeSuffix) < 8 && + (hasEmptySuffix parsedPrefix || hasEmptyPrefix parsedSuffix)) + ""; + in + formatAddress (normalizePrefix ++ delimiter ++ normalizeSuffix); +} -- cgit v1.2.3 From 149b7f49ec23eaeb9236d1b9b85d7a6bd1b611ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 16:50:58 +0100 Subject: lib types nets: add wireguard --- lib/types.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'lib') diff --git a/lib/types.nix b/lib/types.nix index 41e75154e..17c1688fa 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -192,6 +192,28 @@ rec { })); default = null; }; + wireguard = mkOption { + type = nullOr (submodule ({ config, ... }: { + options = { + port = mkOption { + type = int; + description = "tinc port to use to connect to host"; + default = 51820; + }; + pubkey = mkOption { + type = wireguard-pubkey; + }; + subnets = mkOption { + type = listOf cidr; + description = '' + wireguard subnets, + this defines how routing behaves for hosts that can't reach each other. + ''; + default = []; + }; + }; + })); + }; }; }); @@ -548,4 +570,6 @@ rec { check = filename.check; merge = mergeOneOption; }; + + wireguard-pubkey = str; } -- cgit v1.2.3 From c36a52fb672e585d89db469a075593ef34351207 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 19:52:12 +0100 Subject: =?UTF-8?q?lib.krebs.genipv6=20hash:=200000=20->=200=20instead=20o?= =?UTF-8?q?f=20=CE=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/krebs/genipv6.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index 8d5ca1667..27df8bf55 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -36,7 +36,7 @@ let { suffixLength = addressLength - subnetPrefixLength; }; - hash = s: head (match "0*(.*)" (substring 0 4 (hashString "sha256" s))); + hash = s: head (match "0*(.+)" (substring 0 4 (hashString "sha256" s))); dropLast = n: xs: reverseList (drop n (reverseList xs)); takeLast = n: xs: reverseList (take n (reverseList xs)); -- cgit v1.2.3 From 46275b41edaa6063bdfb3ba040421b79ebd27b35 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 21:37:52 +0100 Subject: lib.krebs.genipv6: can compute suffix from name --- lib/krebs/genipv6.nix | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index 27df8bf55..8e105ab49 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -1,7 +1,7 @@ lib: with lib; let { - body = netname: subnetname: suffix: rec { + body = netname: subnetname: suffixSpec: rec { address = let suffix' = if hasEmptyGroup (parseAddress suffix) @@ -28,15 +28,45 @@ let { inherit subnetname; subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}"; subnetAddress = joinAddress subnetPrefix "::"; - subnetHash = hash subnetname; + subnetHash = simplify (hash 4 subnetname); subnetPrefix = joinAddress netPrefix subnetHash; subnetPrefixLength = netPrefixLength + 16; - inherit suffix; + suffix = getAttr (typeOf suffixSpec) { + set = + concatMapStringsSep + ":" + simplify + (stringToGroupsOf 4 (hash (suffixLength / 8) suffixSpec.hostName)); + string = suffixSpec; + }; suffixLength = addressLength - subnetPrefixLength; }; - hash = s: head (match "0*(.+)" (substring 0 4 (hashString "sha256" s))); + # Split string into list of chunks where each chunk is at most n chars long. + # The leftmost chunk might shorter. + # Example: stringToGroupsOf "123456" -> ["12" "3456"] + stringToGroupsOf = n: s: let + acc = + foldl' + (acc: c: if stringLength acc.chunk < n then { + chunk = acc.chunk + c; + chunks = acc.chunks; + } else { + chunk = c; + chunks = acc.chunks ++ [acc.chunk]; + }) + { + chunk = ""; + chunks = []; + } + (stringToCharacters s); + in + filter (x: x != []) ([acc.chunk] ++ acc.chunks); + + simplify = s: head (match "0*(.+)" s); + + hash = n: s: substring 0 n (hashString "sha256" s); dropLast = n: xs: reverseList (drop n (reverseList xs)); takeLast = n: xs: reverseList (take n (reverseList xs)); -- cgit v1.2.3 From facbcdafc891094fa62857089b13fcc9926a4485 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 21:59:41 +0100 Subject: lib.setAttr: RIP --- lib/default.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib') diff --git a/lib/default.nix b/lib/default.nix index bf8c65e21..54597e5fd 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -29,8 +29,6 @@ let listToAttrs (map (name: nameValuePair name set.${name}) (filter (flip hasAttr set) names)); - setAttr = name: value: set: set // { ${name} = value; }; - test = re: x: isString x && testString re x; testString = re: x: match re x != null; -- cgit v1.2.3 From b6e1cef6a5d0235a049b8d7606ebf053d8ab1516 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 22:47:27 +0100 Subject: lib.normalize-ip6-addr: only normalize addrs w/o :: --- lib/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/default.nix b/lib/default.nix index 54597e5fd..e352c7be9 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -107,7 +107,11 @@ let in a: concatStringsSep ":" (map f (splitString ":" a)); in - a: toLower (group-zeros (drop-leading-zeros a)); + a: + toLower + (if test ".*::.*" a + then a + else group-zeros (drop-leading-zeros a)); }; in -- cgit v1.2.3 From cee44811cdc5fbc0d46efd96439885065627aa1a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 22:49:14 +0100 Subject: lib.krebs.genipv6: use normalize-ip6-addr --- lib/krebs/genipv6.nix | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) (limited to 'lib') diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index 8e105ab49..bf3ebab38 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -3,18 +3,16 @@ with lib; let { body = netname: subnetname: suffixSpec: rec { address = let - suffix' = - if hasEmptyGroup (parseAddress suffix) - then suffix - else joinAddress "::" suffix; + suffix' = prependZeros suffixLength suffix; in - checkAddress addressLength (joinAddress subnetPrefix suffix'); + normalize-ip6-addr + (checkAddress addressLength (joinAddress subnetPrefix suffix')); addressCIDR = "${address}/${toString addressLength}"; addressLength = 128; inherit netname; netCIDR = "${netAddress}/${toString netPrefixLength}"; - netAddress = joinAddress netPrefix "::"; + netAddress = appendZeros netPrefixLength netPrefix; netHash = toString { retiolum = 0; wirelum = 1; @@ -27,22 +25,35 @@ let { inherit subnetname; subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}"; - subnetAddress = joinAddress subnetPrefix "::"; - subnetHash = simplify (hash 4 subnetname); + subnetAddress = appendZeros subnetPrefixLength subnetPrefix; + subnetHash = hash 4 subnetname; subnetPrefix = joinAddress netPrefix subnetHash; subnetPrefixLength = netPrefixLength + 16; suffix = getAttr (typeOf suffixSpec) { set = - concatMapStringsSep + concatStringsSep ":" - simplify - (stringToGroupsOf 4 (hash (suffixLength / 8) suffixSpec.hostName)); + (stringToGroupsOf 4 (hash (suffixLength / 4) suffixSpec.hostName)); string = suffixSpec; }; suffixLength = addressLength - subnetPrefixLength; }; + appendZeros = n: s: let + n' = n / 16; + zeroCount = n' - length parsedaddr; + parsedaddr = parseAddress s; + in + formatAddress (parsedaddr ++ map (const "0") (range 1 zeroCount)); + + prependZeros = n: s: let + n' = n / 16; + zeroCount = n' - length parsedaddr; + parsedaddr = parseAddress s; + in + formatAddress (map (const "0") (range 1 zeroCount) ++ parsedaddr); + # Split string into list of chunks where each chunk is at most n chars long. # The leftmost chunk might shorter. # Example: stringToGroupsOf "123456" -> ["12" "3456"] @@ -64,8 +75,6 @@ let { in filter (x: x != []) ([acc.chunk] ++ acc.chunks); - simplify = s: head (match "0*(.+)" s); - hash = n: s: substring 0 n (hashString "sha256" s); dropLast = n: xs: reverseList (drop n (reverseList xs)); -- cgit v1.2.3 From 474e3e2e4513a5d2df89789885725b176e7ec532 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 23:21:42 +0100 Subject: lib: import generally useful stuff from genipv6 --- lib/default.nix | 27 +++++++++++++++++++++++++++ lib/krebs/genipv6.nix | 32 ++++---------------------------- 2 files changed, 31 insertions(+), 28 deletions(-) (limited to 'lib') diff --git a/lib/default.nix b/lib/default.nix index e352c7be9..64b2d48ab 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -112,6 +112,33 @@ let (if test ".*::.*" a then a else group-zeros (drop-leading-zeros a)); + + hashToLength = n: s: substring 0 n (hashString "sha256" s); + + dropLast = n: xs: reverseList (drop n (reverseList xs)); + takeLast = n: xs: reverseList (take n (reverseList xs)); + + # Split string into list of chunks where each chunk is at most n chars long. + # The leftmost chunk might shorter. + # Example: stringToGroupsOf "123456" -> ["12" "3456"] + stringToGroupsOf = n: s: let + acc = + foldl' + (acc: c: if stringLength acc.chunk < n then { + chunk = acc.chunk + c; + chunks = acc.chunks; + } else { + chunk = c; + chunks = acc.chunks ++ [acc.chunk]; + }) + { + chunk = ""; + chunks = []; + } + (stringToCharacters s); + in + filter (x: x != []) ([acc.chunk] ++ acc.chunks); + }; in diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index bf3ebab38..af1df6d0e 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -26,7 +26,7 @@ let { inherit subnetname; subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}"; subnetAddress = appendZeros subnetPrefixLength subnetPrefix; - subnetHash = hash 4 subnetname; + subnetHash = hashToLength 4 subnetname; subnetPrefix = joinAddress netPrefix subnetHash; subnetPrefixLength = netPrefixLength + 16; @@ -34,7 +34,9 @@ let { set = concatStringsSep ":" - (stringToGroupsOf 4 (hash (suffixLength / 4) suffixSpec.hostName)); + (stringToGroupsOf + 4 + (hashToLength (suffixLength / 4) suffixSpec.hostName)); string = suffixSpec; }; suffixLength = addressLength - subnetPrefixLength; @@ -54,32 +56,6 @@ let { in formatAddress (map (const "0") (range 1 zeroCount) ++ parsedaddr); - # Split string into list of chunks where each chunk is at most n chars long. - # The leftmost chunk might shorter. - # Example: stringToGroupsOf "123456" -> ["12" "3456"] - stringToGroupsOf = n: s: let - acc = - foldl' - (acc: c: if stringLength acc.chunk < n then { - chunk = acc.chunk + c; - chunks = acc.chunks; - } else { - chunk = c; - chunks = acc.chunks ++ [acc.chunk]; - }) - { - chunk = ""; - chunks = []; - } - (stringToCharacters s); - in - filter (x: x != []) ([acc.chunk] ++ acc.chunks); - - hash = n: s: substring 0 n (hashString "sha256" s); - - dropLast = n: xs: reverseList (drop n (reverseList xs)); - takeLast = n: xs: reverseList (take n (reverseList xs)); - hasEmptyPrefix = xs: take 2 xs == ["" ""]; hasEmptySuffix = xs: takeLast 2 xs == ["" ""]; hasEmptyInfix = xs: any (x: x == "") (trimEmpty 2 xs); -- cgit v1.2.3 From 35be9c66bfa6dd03437f919ec610aed0e9b20b58 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 12 Dec 2018 00:34:32 +0100 Subject: lib.normalize-ip6-addr: no :: for single section --- lib/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/default.nix b/lib/default.nix index 64b2d48ab..347830e8c 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -93,7 +93,13 @@ let in if max.pos == 0 then a - else "${concatStringsSep ":" lhs}::${concatStringsSep ":" rhs}"; + else let + sep = + if 8 - (length lhs + length rhs) == 1 + then ":0:" + else "::"; + in + "${concatStringsSep ":" lhs}${sep}${concatStringsSep ":" rhs}"; drop-leading-zeros = let -- cgit v1.2.3 From 2d243bbeac37b2bf63dedb88588d7e7da9c0db26 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 14 Dec 2018 20:02:17 +0100 Subject: lib.krebs.genipv6: make net addresses 128 bit long --- lib/krebs/genipv6.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index af1df6d0e..b4806e156 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -12,7 +12,7 @@ let { inherit netname; netCIDR = "${netAddress}/${toString netPrefixLength}"; - netAddress = appendZeros netPrefixLength netPrefix; + netAddress = appendZeros addressLength netPrefix; netHash = toString { retiolum = 0; wirelum = 1; @@ -25,7 +25,7 @@ let { inherit subnetname; subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}"; - subnetAddress = appendZeros subnetPrefixLength subnetPrefix; + subnetAddress = appendZeros addressLength subnetPrefix; subnetHash = hashToLength 4 subnetname; subnetPrefix = joinAddress netPrefix subnetHash; subnetPrefixLength = netPrefixLength + 16; -- cgit v1.2.3 From ede763d77af82763d45ae4c3edb01d26f68581d5 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 14 Dec 2018 20:03:26 +0100 Subject: lib.krebs.genipv6: normalize net addresses --- lib/krebs/genipv6.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index b4806e156..1d3f398ec 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -12,7 +12,8 @@ let { inherit netname; netCIDR = "${netAddress}/${toString netPrefixLength}"; - netAddress = appendZeros addressLength netPrefix; + netAddress = + normalize-ip6-addr (appendZeros addressLength netPrefix); netHash = toString { retiolum = 0; wirelum = 1; @@ -25,7 +26,8 @@ let { inherit subnetname; subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}"; - subnetAddress = appendZeros addressLength subnetPrefix; + subnetAddress = + normalize-ip6-addr (appendZeros addressLength subnetPrefix); subnetHash = hashToLength 4 subnetname; subnetPrefix = joinAddress netPrefix subnetHash; subnetPrefixLength = netPrefixLength + 16; -- cgit v1.2.3 From 24330950fe2bd31056e3ae1d58c1965c8a736f1f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 16:11:02 +0100 Subject: wirelum -> wiregrill --- lib/krebs/genipv6.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index 1d3f398ec..22a23fcef 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -16,12 +16,12 @@ let { normalize-ip6-addr (appendZeros addressLength netPrefix); netHash = toString { retiolum = 0; - wirelum = 1; + wiregrill = 1; }.${netname}; netPrefix = "42:${netHash}"; netPrefixLength = { retiolum = 32; - wirelum = 32; + wiregrill = 32; }.${netname}; inherit subnetname; -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/a9100000.lock: Permission denied (13)