2283ee602a
This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf>
95 lines
2.5 KiB
Nix
95 lines
2.5 KiB
Nix
{ config, lib, ... }:
|
|
|
|
with lib;
|
|
with types;
|
|
let
|
|
cfg = config.my;
|
|
mkAddress = addr: let
|
|
splitted = lib.splitString "/" addr;
|
|
elemAt = builtins.elemAt splitted;
|
|
in
|
|
{ address = (elemAt 0); prefixLength = lib.toInt (elemAt 1); };
|
|
in
|
|
{
|
|
options.my = {
|
|
email = mkOption {
|
|
description = "Admin email";
|
|
type = str;
|
|
default = "";
|
|
example = "clipper@ens.fr";
|
|
};
|
|
|
|
emailWithDot = mkOption {
|
|
description = "Admin email with dots";
|
|
type = str;
|
|
default = lib.replaceStrings ["@"] ["."] cfg.email;
|
|
example = "clipper.ens.fr";
|
|
};
|
|
|
|
acmeStaging = mkOption {
|
|
description = "Enable staging servers";
|
|
type = bool;
|
|
default = false;
|
|
};
|
|
|
|
subZone = mkOption {
|
|
description = "Sub zone for hosting the services";
|
|
type = str;
|
|
default = "";
|
|
example = "ens.pizza";
|
|
};
|
|
|
|
ipv4 = mkOption {
|
|
description = "Public IPv4 addresses without prefix";
|
|
type = listOf str;
|
|
example = [ "192.186.1.153" ];
|
|
default = map (v: (mkAddress v).address) cfg.ipv4Full;
|
|
};
|
|
|
|
ipv4Full = mkOption {
|
|
description = "Public IPv4 addresses with prefix";
|
|
type = listOf str;
|
|
default = [];
|
|
example = [ "192.186.1.153/24" ];
|
|
};
|
|
|
|
ipv6.standard = mkOption {
|
|
description = "Public IPv6 addresses for standard services without prefix";
|
|
type = listOf str;
|
|
example = [ "2001:470:1f13:21d:f515:b348:cd48:e064" ];
|
|
default = map (v: (mkAddress v).address) cfg.ipv6.standardFull;
|
|
};
|
|
|
|
ipv6.standardFull = mkOption {
|
|
description = "Public IPv6 addresses for standard services with prefix";
|
|
type = listOf str;
|
|
example = [ "2001:470:1f13:21d:f515:b348:cd48:e064/64" ];
|
|
};
|
|
|
|
ipv6.acme = mkOption {
|
|
description = "Public IPv6 address for ACME services (acme-dns) without prefi";
|
|
type = str;
|
|
default = (mkAddress cfg.ipv6.acmeFull).address;
|
|
example = "2001:470:1f13:21d:f515:b348:cd48:e064/64";
|
|
};
|
|
|
|
ipv6.acmeFull = mkOption {
|
|
description = "Public IPv6 address for ACME services (acme-dns) with prefix";
|
|
type = str;
|
|
example = "2001:470:1f13:21d:f515:b348:cd48:e064/64";
|
|
};
|
|
|
|
privateRanges = mkOption {
|
|
description = "Internal management ranges for access control";
|
|
type = listOf str;
|
|
example = [ "10.1.0.0/22" ];
|
|
};
|
|
};
|
|
|
|
config = {
|
|
networking.interfaces.ens19 = {
|
|
ipv4.addresses = map mkAddress cfg.ipv4Full;
|
|
ipv6.addresses = map mkAddress (cfg.ipv6.standardFull ++ [ cfg.ipv6.acmeFull ]);
|
|
};
|
|
};
|
|
}
|