tixie/nixcfg
1
0
Fork 0
forked from Deuxfleurs/nixcfg
Code Pull requests Activity

Staging: Add CNAME target meta parameter, will be used for diplonat auto dns update

Browse source
This commit is contained in:
Alex 2022-12-07 12:32:21 +01:00
parent 1d4599fc1c
commit ab97a7bffd
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE
3 changed files with 18 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
cluster/staging/site/neptune.nix
View file

@ -7,6 +7,7 @@
deuxfleurs.lan_ip_prefix_length = 24; deuxfleurs.lan_ip_prefix_length = 24;
deuxfleurs.ipv6_prefix_length = 64; deuxfleurs.ipv6_prefix_length = 64;
deuxfleurs.nameservers = [ "192.168.1.1" ]; deuxfleurs.nameservers = [ "192.168.1.1" ];
deuxfleurs.cname_target = "neptune.site.staging.deuxfleurs.org.";
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];

2
deploy_nixos
View file

@ -15,4 +15,4 @@ fi
#cmd "nix-channel --add https://nixos.org/channels/nixos-22.05 nixos" #cmd "nix-channel --add https://nixos.org/channels/nixos-22.05 nixos"
#cmd nixos-rebuild switch --upgrade --show-trace #cmd nixos-rebuild switch --upgrade --show-trace
cmd nixos-rebuild switch --show-trace cmd nixos-rebuild switch

24
nix/deuxfleurs.nix
View file

@ -90,6 +90,10 @@ in
description = "Site (availability zone) on which this node is deployed"; description = "Site (availability zone) on which this node is deployed";
type = types.str; type = types.str;
}; };
cname_target = mkOption {
description = "DNS CNAME target to use for services hosted in this site, for domain names that are updated by DiploNAT";
type = types.nullOr types.str;
};
nameservers = mkOption { nameservers = mkOption {
description = "External DNS servers to use"; description = "External DNS servers to use";
type = types.listOf types.str; type = types.listOf types.str;
@ -124,7 +128,16 @@ in
}; };
}; };
config = { config =
let node_meta = {
"site" = cfg.site_name;
"public_ipv6" = cfg.ipv6;
} //
(if cfg.cname_target != null
then { "cname_target" = cfg.cname_target; }
else {});
in
{
# Configure admin accounts on all nodes # Configure admin accounts on all nodes
users.users = builtins.mapAttrs (name: publicKeys: { users.users = builtins.mapAttrs (name: publicKeys: {
isNormalUser = true; isNormalUser = true;
@ -240,10 +253,8 @@ in
// (if cfg.bootstrap then { bootstrap_expect = 3; } else {}) // (if cfg.bootstrap then { bootstrap_expect = 3; } else {})
else {}) // else {}) //
{ {
inherit node_meta;
datacenter = cfg.cluster_name; datacenter = cfg.cluster_name;
node_meta = {
"site" = cfg.site_name;
};
ui_config = { ui_config = {
enabled = true; enabled = true;
}; };
@ -304,10 +315,7 @@ in
client = { client = {
enabled = true; enabled = true;
network_interface = "wg0"; network_interface = "wg0";
meta = { meta = node_meta;
"site" = cfg.site_name;
"public_ipv6" = cfg.ipv6;
};
}; };
telemetry = { telemetry = {
publish_allocation_metrics = true; publish_allocation_metrics = true;