infrastructure/machines/core-services-01/my.nix

123 lines
3.2 KiB
Nix
Raw Normal View History

{ config, lib, ... }:
with lib;
with types;
let
cfg = config.my;
mkAddress = addr: let
splitted = lib.splitString "/" addr;
elemAt = builtins.elemAt splitted;
in
{ address = (elemAt 0); prefixLength = lib.toInt (elemAt 1); };
in
{
options.my = {
email = mkOption {
description = "Admin email";
type = str;
default = "";
example = "clipper@ens.fr";
};
emailWithDot = mkOption {
description = "Admin email with dots";
type = str;
default = lib.replaceStrings ["@"] ["."] cfg.email;
example = "clipper.ens.fr";
};
acmeStaging = mkOption {
description = "Enable staging servers";
type = bool;
default = false;
};
subZone = mkOption {
description = "Sub zone for hosting the services";
type = str;
default = "";
example = "ens.pizza";
};
ipv4 = mkOption {
description = "Public IPv4 addresses without prefix";
type = listOf str;
example = [ "192.186.1.153" ];
default = map (v: (mkAddress v).address) cfg.ipv4Full;
};
ipv4Internal = mkOption {
description = "Private IPv4 addresses without prefix";
type = listOf str;
example = [ "192.186.1.153" ];
default = map (v: (mkAddress v).address) cfg.ipv4InternalFull;
};
ipv4InternalFull = mkOption {
description = "Private IPv4 addresses with prefix";
type = listOf str;
default = [];
example = [ "192.168.1.153/24" ];
};
ipv4Full = mkOption {
description = "Public IPv4 addresses with prefix";
type = listOf str;
default = [];
example = [ "192.186.1.153/24" ];
};
ipv6.standard = mkOption {
description = "Public IPv6 addresses for standard services without prefix";
type = listOf str;
example = [ "2001:470:1f13:21d:f515:b348:cd48:e064" ];
default = map (v: (mkAddress v).address) cfg.ipv6.standardFull;
};
ipv6.standardFull = mkOption {
description = "Public IPv6 addresses for standard services with prefix";
type = listOf str;
example = [ "2001:470:1f13:21d:f515:b348:cd48:e064/64" ];
};
ipv6.acme = mkOption {
description = "Public IPv6 address for ACME services (acme-dns) without prefix";
type = str;
default = (mkAddress cfg.ipv6.acmeFull).address;
example = "2001:470:1f13:21d:f515:b348:cd48:e064/64";
};
ipv6.acmeFull = mkOption {
description = "Public IPv6 address for ACME services (acme-dns) with prefix";
type = str;
example = "2001:470:1f13:21d:f515:b348:cd48:e064/64";
};
privateRanges = mkOption {
description = "Internal management ranges for access control";
type = listOf str;
example = [ "10.1.0.0/22" ];
};
};
config = {
# Default IPv4 exit route
networking.defaultGateway = {
address = "";
interface = "ens18";
};
networking.interfaces.ens20 = {
ipv4.addresses = map mkAddress cfg.ipv4InternalFull;
};
networking.interfaces.ens19 = {
ipv6.addresses = map mkAddress (cfg.ipv6.standardFull ++ [ cfg.ipv6.acmeFull ]);
};
networking.interfaces.ens18 = {
ipv4.addresses = map mkAddress cfg.ipv4Full;
};
};
}