From 05becbbb4be5cd18cb12d60a2d2bc0fbcda74fe4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Sun, 26 Dec 2021 15:52:04 +0100 Subject: [PATCH] Use list for ip4 addresses --- modules/private/coturn.nix | 8 ++++---- modules/private/databases/default.nix | 2 +- modules/private/databases/redis_replication.nix | 2 +- modules/private/dns.nix | 6 +++--- modules/private/environment.nix | 5 +++-- modules/private/mail/postfix.nix | 2 +- modules/private/mail/relay.nix | 2 +- modules/private/mail/sympa.nix | 2 +- modules/private/system.nix | 2 +- modules/private/system/backup-2.nix | 12 ++++++------ modules/private/system/dilion.nix | 10 +++++----- modules/private/system/eldiron.nix | 11 +++++------ modules/private/system/monitoring-1.nix | 10 +++++----- modules/private/system/quatresaisons.nix | 4 ++-- modules/private/websites/default.nix | 6 +++--- 15 files changed, 42 insertions(+), 42 deletions(-) diff --git a/modules/private/coturn.nix b/modules/private/coturn.nix index 5750482..41e836b 100644 --- a/modules/private/coturn.nix +++ b/modules/private/coturn.nix @@ -41,13 +41,13 @@ listening-ips = [ "127.0.0.1" "::1" - config.myEnv.servers.eldiron.ips.main.ip4 - ] ++ config.myEnv.servers.eldiron.ips.main.ip6; + ] ++ config.myEnv.servers.eldiron.ips.main.ip4 + ++ config.myEnv.servers.eldiron.ips.main.ip6; relay-ips = [ "127.0.0.1" "::1" - config.myEnv.servers.eldiron.ips.main.ip4 - ] ++ config.myEnv.servers.eldiron.ips.main.ip6; + ] ++ config.myEnv.servers.eldiron.ips.main.ip4 + ++ config.myEnv.servers.eldiron.ips.main.ip6; }; }; } diff --git a/modules/private/databases/default.nix b/modules/private/databases/default.nix index 1241658..1b9fd00 100644 --- a/modules/private/databases/default.nix +++ b/modules/private/databases/default.nix @@ -45,7 +45,7 @@ in }; replicationHosts = { backup-2 = { - ip4 = [config.myEnv.servers.backup-2.ips.main.ip4]; + ip4 = config.myEnv.servers.backup-2.ips.main.ip4; ip6 = config.myEnv.servers.backup-2.ips.main.ip6; }; }; diff --git a/modules/private/databases/redis_replication.nix b/modules/private/databases/redis_replication.nix index 9e48939..53fa904 100644 --- a/modules/private/databases/redis_replication.nix +++ b/modules/private/databases/redis_replication.nix @@ -63,7 +63,7 @@ in config.redis = { encrypt = true; source = "127.0.0.1:16379"; - target = "${config.myEnv.servers.eldiron.ips.main.ip4}:16379"; + target = "${lib.head config.myEnv.servers.eldiron.ips.main.ip4}:16379"; keyfile = config.secrets.fullPaths."redis/spiped_eldiron_keyfile"; }; }; diff --git a/modules/private/dns.nix b/modules/private/dns.nix index 1d7fd52..120c46c 100644 --- a/modules/private/dns.nix +++ b/modules/private/dns.nix @@ -75,7 +75,7 @@ (n: v: v.mx.enable) config.myEnv.servers; ip4mxes = builtins.concatStringsSep "\n" (lib.mapAttrsToList - (n: v: "${v.mx.subdomain} IN A ${v.ips.main.ip4}") + (n: v: builtins.concatStringsSep "\n" (map (i: "${v.mx.subdomain} IN A ${i}") v.ips.main.ip4)) mxes); ip6mxes = builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: v: builtins.concatStringsSep "\n" (map (i: "${v.mx.subdomain} IN AAAA ${i}") v.ips.main.ip6)) @@ -108,7 +108,7 @@ allow-recursion { 127.0.0.1; }; allow-transfer { none; }; - notify-source ${config.myEnv.servers.eldiron.ips.main.ip4}; + notify-source ${lib.head config.myEnv.servers.eldiron.ips.main.ip4}; notify-source-v6 ${lib.head config.myEnv.servers.eldiron.ips.main.ip6}; version none; hostname none; @@ -169,7 +169,7 @@ ; https://support.google.com/a/answer/9261504 _mta-sts${suffix} IN TXT "v=STSv1;id=20200109150200Z" _smtp._tls${suffix} IN TXT "v=TLSRPTv1;rua=mailto:postmaster+mta-sts@immae.eu" - mta-sts${suffix} IN A ${config.myEnv.servers.eldiron.ips.main.ip4} + ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix} IN A ${i}") config.myEnv.servers.eldiron.ips.main.ip4)} ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix} IN AAAA ${i}") config.myEnv.servers.eldiron.ips.main.ip6)} ; Mail sender authentications diff --git a/modules/private/environment.nix b/modules/private/environment.nix index e52665f..0b60338 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix @@ -169,9 +169,10 @@ let type = attrsOf (submodule { options = { ip4 = mkOption { - type = str; + type = listOf str; + default = []; description = '' - ip4 address of the host + ip4 addresses of the host ''; }; ip6 = mkOption { diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix index ae98a8a..0dfa3a4 100644 --- a/modules/private/mail/postfix.nix +++ b/modules/private/mail/postfix.nix @@ -325,7 +325,7 @@ smtp_tls_loglevel = "1"; ### Force ip bind for smtp - smtp_bind_address = config.hostEnv.ips.main.ip4; + smtp_bind_address = builtins.head config.hostEnv.ips.main.ip4; smtp_bind_address6 = builtins.head config.hostEnv.ips.main.ip6; # Use some relays when authorized senders are not myself diff --git a/modules/private/mail/relay.nix b/modules/private/mail/relay.nix index 668d365..bba9324 100644 --- a/modules/private/mail/relay.nix +++ b/modules/private/mail/relay.nix @@ -210,7 +210,7 @@ smtp_tls_loglevel = "1"; ### Force ip bind for smtp - smtp_bind_address = config.myEnv.servers."${name}".ips.main.ip4; + smtp_bind_address = builtins.head config.myEnv.servers."${name}".ips.main.ip4; smtp_bind_address6 = builtins.head config.myEnv.servers."${name}".ips.main.ip6; smtpd_milters = [ diff --git a/modules/private/mail/sympa.nix b/modules/private/mail/sympa.nix index 9eac574..420f706 100644 --- a/modules/private/mail/sympa.nix +++ b/modules/private/mail/sympa.nix @@ -10,7 +10,7 @@ in { username = "sympa"; database = "sympa"; - ip4 = [config.myEnv.servers.backup-2.ips.main.ip4]; + ip4 = config.myEnv.servers.backup-2.ips.main.ip4; ip6 = map (v: "${v}/128") config.myEnv.servers.backup-2.ips.main.ip6; } ]; diff --git a/modules/private/system.nix b/modules/private/system.nix index 5f3d79e..949f07d 100644 --- a/modules/private/system.nix +++ b/modules/private/system.nix @@ -10,7 +10,7 @@ }; networking.extraHosts = builtins.concatStringsSep "\n" - (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes); + (lib.mapAttrsToList (n: v: "${lib.head v.config.hostEnv.ips.main.ip4} ${n}") nodes); users.extraUsers.root.openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.nix_repository ]; secrets.deleteSecretsVars = true; diff --git a/modules/private/system/backup-2.nix b/modules/private/system/backup-2.nix index c01a666..8f66381 100644 --- a/modules/private/system/backup-2.nix +++ b/modules/private/system/backup-2.nix @@ -1,8 +1,8 @@ -{ config, pkgs, resources, name, ... }: +{ config, pkgs, resources, name, lib, ... }: { deployment = { targetUser = "root"; - targetHost = config.hostEnv.ips.main.ip4; + targetHost = lib.head config.hostEnv.ips.main.ip4; substituteOnDestination = true; }; # ssh-keyscan backup-2 | nix-shell -p ssh-to-age --run ssh-to-age @@ -36,9 +36,9 @@ networking = { firewall.enable = true; - interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList - (n: ips: { address = ips.ip4; prefixLength = 32; }) - (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips); + interfaces."ens3".ipv4.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList + (n: ips: map (ip: { address = ip; prefixLength = 32; }) (ips.ip4 or [])) + (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips)); interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) config.hostEnv.ips); @@ -95,7 +95,7 @@ eldiron = { serverId = 2; # mysql resolves "backup-2" host and checks the ip, but uses /etc/hosts which only contains ip4 - host = config.myEnv.servers.eldiron.ips.main.ip4; + host = lib.head config.myEnv.servers.eldiron.ips.main.ip4; port = "3306"; user = "backup-2"; password = config.hostEnv.ldap.password; diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix index 98c5c8b..cf00ba6 100644 --- a/modules/private/system/dilion.nix +++ b/modules/private/system/dilion.nix @@ -2,7 +2,7 @@ { deployment = { targetUser = "root"; - targetHost = config.hostEnv.ips.main.ip4; + targetHost = lib.head config.hostEnv.ips.main.ip4; substituteOnDestination = true; }; # ssh-keyscan dilion | nix-shell -p ssh-to-age --run ssh-to-age @@ -55,10 +55,10 @@ hostId = "27c3048d"; # generated with head -c4 /dev/urandom | od -A none -t x4 firewall.enable = false; interfaces."eth0".ipv4.addresses = - [ { address = config.hostEnv.ips.main.ip4; prefixLength = 27; } ] - ++ pkgs.lib.attrsets.mapAttrsToList - (n: ips: { address = ips.ip4; prefixLength = 32; }) - (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips); + [ { address = lib.head config.hostEnv.ips.main.ip4; prefixLength = 27; } ] + ++ pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList + (n: ips: map (ip: { address = ip; prefixLength = 32; }) (ips.ip4 or [])) + (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips)); interfaces."eth0".ipv6.addresses = [ { address = "2a01:4f8:141:53e7::"; prefixLength = 64; } ] ++ pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix index 8b2784d..32f0e19 100644 --- a/modules/private/system/eldiron.nix +++ b/modules/private/system/eldiron.nix @@ -2,7 +2,7 @@ { deployment = { targetUser = "root"; - targetHost = config.hostEnv.ips.main.ip4; + targetHost = lib.head config.hostEnv.ips.main.ip4; substituteOnDestination = true; }; # ssh-keyscan eldiron | nix-shell -p ssh-to-age --run ssh-to-age @@ -73,11 +73,10 @@ hostId = "8262ca33"; # generated with head -c4 /dev/urandom | od -A none -t x4 firewall.enable = true; # FIXME: on next reboot, remove the /27 and the localCommands - interfaces."eth0".ipv4.addresses = - pkgs.lib.attrsets.mapAttrsToList - (n: ips: { address = ips.ip4; prefixLength = 32; }) - (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips) - ++ [ { address = config.hostEnv.ips.main.ip4; prefixLength = 27; } ]; + interfaces."eth0".ipv4.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList + (n: ips: map (ip: { address = ip; prefixLength = 32; }) (ips.ip4 or [])) + (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips)) + ++ [ { address = lib.head config.hostEnv.ips.main.ip4; prefixLength = 27; } ]; interfaces."eth0".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) config.hostEnv.ips); diff --git a/modules/private/system/monitoring-1.nix b/modules/private/system/monitoring-1.nix index dea5f45..192aa93 100644 --- a/modules/private/system/monitoring-1.nix +++ b/modules/private/system/monitoring-1.nix @@ -1,8 +1,8 @@ -{ config, pkgs, resources, ... }: +{ config, pkgs, lib, resources, ... }: { deployment = { targetUser = "root"; - targetHost = config.hostEnv.ips.main.ip4; + targetHost = lib.head config.hostEnv.ips.main.ip4; substituteOnDestination = true; }; # ssh-keyscan monitoring-1 | nix-shell -p ssh-to-age --run ssh-to-age @@ -17,9 +17,9 @@ myServices.status.enable = true; networking = { firewall.enable = true; - interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList - (n: ips: { address = ips.ip4; prefixLength = 32; }) - (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips); + interfaces."ens3".ipv4.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList + (n: ips: map (ip: { address = ip; prefixLength = 32; }) (ips.ip4 or [])) + (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips)); interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) config.hostEnv.ips); diff --git a/modules/private/system/quatresaisons.nix b/modules/private/system/quatresaisons.nix index 82db70f..b0a1715 100644 --- a/modules/private/system/quatresaisons.nix +++ b/modules/private/system/quatresaisons.nix @@ -160,7 +160,7 @@ in { deployment = { targetUser = "root"; - targetHost = config.hostEnv.ips.main.ip4; + targetHost = lib.head config.hostEnv.ips.main.ip4; substituteOnDestination = true; }; # ssh-keyscan quatresaison | nix-shell -p ssh-to-age --run ssh-to-age @@ -368,7 +368,7 @@ in '' ]; ips = let ips = config.hostEnv.ips.main; - in [ips.ip4] ++ (ips.ip6 or []); + in (ips.ip4 or []) ++ (ips.ip6 or []); fallbackVhost = { certName = "quatresaisons"; diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index 98c766c..eed2b27 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix @@ -154,7 +154,7 @@ in httpdName = "Prod"; ips = let ips = config.myEnv.servers.eldiron.ips.production; - in [ips.ip4] ++ (ips.ip6 or []); + in (ips.ip4 or []) ++ (ips.ip6 or []); modules = makeModules; extraConfig = makeExtraConfig; fallbackVhost = { @@ -171,7 +171,7 @@ in httpdName = "Inte"; ips = let ips = config.myEnv.servers.eldiron.ips.integration; - in [ips.ip4] ++ (ips.ip6 or []); + in (ips.ip4 or []) ++ (ips.ip6 or []); modules = makeModules; extraConfig = makeExtraConfig ++ moomin; fallbackVhost = { @@ -188,7 +188,7 @@ in httpdName = "Tools"; ips = let ips = config.myEnv.servers.eldiron.ips.main; - in [ips.ip4] ++ (ips.ip6 or []); + in (ips.ip4 or []) ++ (ips.ip6 or []); modules = makeModules; extraConfig = makeExtraConfig ++ [ '' -- 2.41.0