diff --git a/kat/default.nix b/kat/default.nix index 626d3e4..51a4b08 100644 --- a/kat/default.nix +++ b/kat/default.nix @@ -15,7 +15,6 @@ let mkDefault ; inherit (lib.types) - str package ; in @@ -31,12 +30,6 @@ in addArgs = mkEnableOption "the extra arguments" // { default = true; }; - wireguardPubKey = mkOption { - type = str; - }; - fqdn = mkOption { - type = str; - }; anywhere = mkOption { type = package; readOnly = true; diff --git a/kat/meta.nix b/kat/meta.nix index 6a8ccd7..4178d85 100644 --- a/kat/meta.nix +++ b/kat/meta.nix @@ -16,6 +16,8 @@ let enum path unspecified + nullOr + str ; machine_meta = @@ -37,13 +39,37 @@ let default = [ ]; # /!\ Take care of imported files }; + + wg-key = mkOption { + type = nullOr str; + default = null; + }; + vpn-ip4 = mkOption { + type = nullOr str; + default = null; + }; + subnets = mkOption { + type = listOf str; + default = [ ]; + }; + fqdn = mkOption { + type = nullOr str; + default = null; + }; + node_meta = mkOption { type = unspecified; readOnly = true; }; }; config.node_meta = rec { - inherit (config) version; + inherit (config) + version + wg-key + vpn-ip4 + subnets + fqdn + ; patches = [ ./nginx-fallback.patch ] ++ config.patches; overlay-paths = [ "${sources.kat-pkgs}/overlay.nix" ] ++ config.overlay-paths; nixpkgs-paths = { diff --git a/kat/proxies/default.nix b/kat/proxies/default.nix index d93ad76..24866ac 100644 --- a/kat/proxies/default.nix +++ b/kat/proxies/default.nix @@ -2,6 +2,8 @@ pkgs, lib, config, + self-meta, + meta, nodes ? { }, ... }: @@ -36,7 +38,7 @@ let internal = port; }) (submodule redirected-ports-mod); - inherit (config.kat) fqdn; + inherit (self-meta) fqdn; hostname = config.networking.hostName; cfg = config.kat.proxies; @@ -66,7 +68,7 @@ let map ( host: let - inherit (nodes.${host}.config.kat) fqdn; + inherit (meta.machines.${host}) fqdn; host-cfg = nodes.${host}.config.kat.proxies; in { diff --git a/machines/kat-betamail/configuration.nix b/machines/kat-betamail/configuration.nix index 6a1694f..8bcddba 100644 --- a/machines/kat-betamail/configuration.nix +++ b/machines/kat-betamail/configuration.nix @@ -22,8 +22,7 @@ in users.users.root.openssh.authorizedKeys.keys = ssh-keys.sylvain; kat = { - fqdn = "betamail.katvayor.net"; - wireguardPubKey = "Znj451+hGJcPV1zFgpRMA8hg8edmUInA5zBtYBUuL3k="; + # wireguardPubKey = "Znj451+hGJcPV1zFgpRMA8hg8edmUInA5zBtYBUuL3k="; proxies = { ip = "192.168.122.3"; aliases = [ "catvayor.sh" ]; diff --git a/machines/kat-betamail/default.nix b/machines/kat-betamail/default.nix index 133db97..5cd04bb 100644 --- a/machines/kat-betamail/default.nix +++ b/machines/kat-betamail/default.nix @@ -2,6 +2,8 @@ meta = { version = "unstable"; patches = [ ./0001-revert-procmail-to-3.22.patch ]; + fqdn = "betamail.katvayor.net"; + vpn-ip4 = "192.168.122.3"; }; config = import ./configuration.nix; } diff --git a/machines/kat-darknet/default.nix b/machines/kat-darknet/default.nix index b1eb7c1..d017070 100644 --- a/machines/kat-darknet/default.nix +++ b/machines/kat-darknet/default.nix @@ -1,4 +1,7 @@ { - meta.version = "unstable"; + meta = { + version = "unstable"; + vpn-ip4 = "192.168.122.8"; + }; config = import ./configuration.nix; } diff --git a/machines/kat-degette/configuration.nix b/machines/kat-degette/configuration.nix index 3587096..5e877c4 100644 --- a/machines/kat-degette/configuration.nix +++ b/machines/kat-degette/configuration.nix @@ -20,7 +20,6 @@ }; kat = { - fqdn = "degette.katvayor.net"; proxies = { ip = "192.168.122.2"; open-tcp = [ diff --git a/machines/kat-degette/default.nix b/machines/kat-degette/default.nix index 23dfccf..bfc916f 100644 --- a/machines/kat-degette/default.nix +++ b/machines/kat-degette/default.nix @@ -1,4 +1,8 @@ { - meta.version = "stable"; + meta = { + version = "stable"; + fqdn = "degette.katvayor.net"; + vpn-ip4 = "192.168.122.2"; + }; config = import ./configuration.nix; } diff --git a/machines/kat-manah/configuration.nix b/machines/kat-manah/configuration.nix index 280b084..970a54c 100644 --- a/machines/kat-manah/configuration.nix +++ b/machines/kat-manah/configuration.nix @@ -1,6 +1,6 @@ { pkgs, - nodes, + meta, ... }: { @@ -23,7 +23,6 @@ }; kat = { - fqdn = "manah.katvayor.net"; proxies = { ip = "10.42.0.1"; open-tcp = [ @@ -38,7 +37,6 @@ "kat-betamail" ]; }; - wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM="; }; systemd.network = { @@ -92,12 +90,12 @@ wireguardPeers = [ { - Endpoint = "watcher.katvayor.net:1194"; + Endpoint = "${meta.machines.kat-watcher.fqdn}:1194"; AllowedIPs = [ "10.42.0.2/32" ]; PersistentKeepalive = 20; - PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey; + PublicKey = meta.machines.kat-watcher.wg-key; } ]; }; diff --git a/machines/kat-manah/default.nix b/machines/kat-manah/default.nix index b1eb7c1..8d3e592 100644 --- a/machines/kat-manah/default.nix +++ b/machines/kat-manah/default.nix @@ -1,4 +1,13 @@ { - meta.version = "unstable"; + meta = { + version = "unstable"; + fqdn = "manah.katvayor.net"; + vpn-ip4 = "10.42.0.1"; + wg-key = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM="; + subnets = [ + "192.168.1.0/24" + "192.168.122.0/24" + ]; + }; config = import ./configuration.nix; } diff --git a/machines/kat-orchid/configuration.nix b/machines/kat-orchid/configuration.nix index de19b98..02a3793 100644 --- a/machines/kat-orchid/configuration.nix +++ b/machines/kat-orchid/configuration.nix @@ -27,7 +27,6 @@ }; kat = { - fqdn = "orchid.katvayor.net"; proxies = { ip = "192.168.122.6"; aliases = [ diff --git a/machines/kat-orchid/default.nix b/machines/kat-orchid/default.nix index 23dfccf..9733bd9 100644 --- a/machines/kat-orchid/default.nix +++ b/machines/kat-orchid/default.nix @@ -1,4 +1,8 @@ { - meta.version = "stable"; + meta = { + version = "stable"; + fqdn = "orchid.katvayor.net"; + vpn-ip4 = "192.168.122.6"; + }; config = import ./configuration.nix; } diff --git a/machines/kat-probook/configuration.nix b/machines/kat-probook/configuration.nix index 3ded48d..ba4a98c 100644 --- a/machines/kat-probook/configuration.nix +++ b/machines/kat-probook/configuration.nix @@ -1,6 +1,6 @@ { pkgs, - nodes, + meta, users, lib, sources, @@ -55,7 +55,6 @@ in "wg0" ]; }; - kat.wireguardPubKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4="; systemd.tmpfiles.rules = [ "w /sys/devices/system/cpu/cpufreq/policy*/scaling_governor - - - - performance" "w /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference - - - - performance" @@ -99,8 +98,8 @@ in AllowedIPs = [ "10.42.0.0/16" ]; - PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey; - Endpoint = "watcher.katvayor.net:1194"; + PublicKey = meta.machines.kat-watcher.wg-key; + Endpoint = "${meta.machines.kat-watcher.fqdn}:1194"; PersistentKeepalive = 25; } ]; diff --git a/machines/kat-probook/default.nix b/machines/kat-probook/default.nix index b1eb7c1..916d3f6 100644 --- a/machines/kat-probook/default.nix +++ b/machines/kat-probook/default.nix @@ -1,4 +1,8 @@ { - meta.version = "unstable"; + meta = { + version = "unstable"; + wg-key = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4="; + vpn-ip4 = "10.42.1.1"; + }; config = import ./configuration.nix; } diff --git a/machines/kat-son/configuration.nix b/machines/kat-son/configuration.nix index 81e88bc..59e1b1a 100644 --- a/machines/kat-son/configuration.nix +++ b/machines/kat-son/configuration.nix @@ -22,7 +22,6 @@ }; kat = { - fqdn = "son.katvayor.net"; proxies = { ip = "192.168.122.5"; aliases = [ diff --git a/machines/kat-son/default.nix b/machines/kat-son/default.nix index b1eb7c1..de75c20 100644 --- a/machines/kat-son/default.nix +++ b/machines/kat-son/default.nix @@ -1,4 +1,8 @@ { - meta.version = "unstable"; + meta = { + version = "unstable"; + fqdn = "son.katvayor.net"; + vpn-ip4 = "192.168.122.5"; + }; config = import ./configuration.nix; } diff --git a/machines/kat-watcher/configuration.nix b/machines/kat-watcher/configuration.nix index c55e717..0c20c3c 100644 --- a/machines/kat-watcher/configuration.nix +++ b/machines/kat-watcher/configuration.nix @@ -1,6 +1,6 @@ { pkgs, - nodes, + meta, ... }: { @@ -21,8 +21,6 @@ }; kat = { - wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg="; - fqdn = "watcher.katvayor.net"; proxies.redirects = [ "kat-manah" ]; }; @@ -83,19 +81,13 @@ AllowedIPs = [ "10.42.0.1/32" ]; - PublicKey = nodes.kat-manah.config.kat.wireguardPubKey; + PublicKey = meta.machines.kat-manah.wg-key; } { AllowedIPs = [ "10.42.1.1/32" ]; - PublicKey = nodes.kat-probook.config.kat.wireguardPubKey; - } - { - AllowedIPs = [ - "10.42.2.1/32" - ]; - PublicKey = nodes.kat-betamail.config.kat.wireguardPubKey; + PublicKey = meta.machines.kat-probook.wg-key; } ]; }; diff --git a/machines/kat-watcher/default.nix b/machines/kat-watcher/default.nix index b1eb7c1..7c9c39b 100644 --- a/machines/kat-watcher/default.nix +++ b/machines/kat-watcher/default.nix @@ -1,4 +1,9 @@ { - meta.version = "unstable"; + meta = { + version = "unstable"; + wg-key = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg="; + fqdn = "watcher.katvayor.net"; + vpn-ip4 = "10.42.0.2"; + }; config = import ./configuration.nix; } diff --git a/machines/kat-www/configuration.nix b/machines/kat-www/configuration.nix index 4163c24..d51a4eb 100644 --- a/machines/kat-www/configuration.nix +++ b/machines/kat-www/configuration.nix @@ -24,7 +24,6 @@ }; kat = { - fqdn = "website.katvayor.net"; proxies = { aliases = [ "www.katvayor.net" diff --git a/machines/kat-www/default.nix b/machines/kat-www/default.nix index 23dfccf..030f344 100644 --- a/machines/kat-www/default.nix +++ b/machines/kat-www/default.nix @@ -1,4 +1,8 @@ { - meta.version = "stable"; + meta = { + version = "stable"; + fqdn = "website.katvayor.net"; + vpn-ip4 = "192.168.122.7"; + }; config = import ./configuration.nix; }