From ad75cb0c8860839430f17ed2beed3c4d247c5427 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Sat, 21 Jan 2023 19:51:10 +0100 Subject: [PATCH] Restructure values file to separate hosts from services --- base.nix | 2 +- hosts/ildkule/configuration.nix | 4 +-- hosts/jokum/configuration.nix | 8 ++--- hosts/jokum/services/matrix/synapse.nix | 8 ++--- misc/metrics-exporters.nix | 4 +-- values.nix | 44 ++++++++++++++----------- 6 files changed, 37 insertions(+), 33 deletions(-) diff --git a/base.nix b/base.nix index c9c99bc..2bc45bb 100644 --- a/base.nix +++ b/base.nix @@ -10,7 +10,7 @@ networking.search = [ "pvv.ntnu.no" "pvv.org" ]; networking.nameservers = lib.mkDefault [ "129.241.0.200" "129.241.0.201" ]; networking.tempAddresses = lib.mkDefault "disabled"; - networking.defaultGateway = values.gateway; + networking.defaultGateway = values.hosts.gateway; services.resolved = { enable = true; diff --git a/hosts/ildkule/configuration.nix b/hosts/ildkule/configuration.nix index 9651141..15bf2d5 100644 --- a/hosts/ildkule/configuration.nix +++ b/hosts/ildkule/configuration.nix @@ -25,7 +25,7 @@ networking.interfaces.ens18.ipv4 = { addresses = [ { - address = values.ildkule.ipv4; + address = values.hosts.ildkule.ipv4; prefixLength = 25; } ]; @@ -33,7 +33,7 @@ networking.interfaces.ens18.ipv6 = { addresses = [ { - address = values.ildkule.ipv6; + address = values.hosts.ildkule.ipv6; prefixLength = 64; } ]; diff --git a/hosts/jokum/configuration.nix b/hosts/jokum/configuration.nix index 4866abe..e91e476 100644 --- a/hosts/jokum/configuration.nix +++ b/hosts/jokum/configuration.nix @@ -29,11 +29,11 @@ networking.interfaces.ens18.ipv4 = { addresses = [ { - address = values.jokum.ipv4; + address = values.hosts.jokum.ipv4; prefixLength = 25; } { - address = values.turn.ipv4; + address = values.services.turn.ipv4; prefixLength = 25; } ]; @@ -41,11 +41,11 @@ networking.interfaces.ens18.ipv6 = { addresses = [ { - address = values.jokum.ipv6; + address = values.hosts.jokum.ipv6; prefixLength = 64; } { - address = values.turn.ipv6; + address = values.services.turn.ipv6; prefixLength = 64; } ]; diff --git a/hosts/jokum/services/matrix/synapse.nix b/hosts/jokum/services/matrix/synapse.nix index d3ad9ce..7b87f02 100644 --- a/hosts/jokum/services/matrix/synapse.nix +++ b/hosts/jokum/services/matrix/synapse.nix @@ -183,8 +183,8 @@ in { (metricsPath v) ({ proxyPass = proxyPath v; extraConfig = '' - allow ${values.ildkule.ipv4}; - allow ${values.ildkule.ipv6}; + allow ${values.hosts.ildkule.ipv4}; + allow ${values.hosts.ildkule.ipv6}; deny all; ''; })) @@ -194,8 +194,8 @@ in { locations."/metrics/master/1" = { proxyPass = "http://127.0.0.1:9000/_synapse/metrics"; extraConfig = '' - allow ${values.ildkule.ipv4}; - allow ${values.ildkule.ipv6}; + allow ${values.hosts.ildkule.ipv4}; + allow ${values.hosts.ildkule.ipv6}; deny all; ''; }; diff --git a/misc/metrics-exporters.nix b/misc/metrics-exporters.nix index e62519a..10195b6 100644 --- a/misc/metrics-exporters.nix +++ b/misc/metrics-exporters.nix @@ -10,8 +10,8 @@ systemd.services.prometheus-node-exporter.serviceConfig = { IPAddressDeny = "any"; IPAddressAllow = [ - values.ildkule.ipv4 - values.ildkule.ipv6 + values.hosts.ildkule.ipv4 + values.hosts.ildkule.ipv6 ]; }; diff --git a/values.nix b/values.nix index ccab089..00a7ab2 100644 --- a/values.nix +++ b/values.nix @@ -1,25 +1,29 @@ # Feel free to change the structure of this file - -rec { - gateway = "129.241.210.129"; - - - jokum = { - ipv4 = "129.241.210.169"; - ipv6 = "2001:700:300:1900::169"; - }; - matrix = { - ipv4 = jokum.ipv4; - ipv6 = jokum.ipv6; - }; - # Also on jokum - turn = { - ipv4 = "129.241.210.213"; - ipv6 = "2001:700:300:1900::213"; +let + pvv-ipv4 = suffix: "129.241.210.${toString suffix}"; + pvv-ipv6 = suffix: "2001:700:300:1900::${toString suffix}"; +in rec { + services = { + matrix = { + ipv4 = hosts.jokum.ipv4; + ipv6 = hosts.jokum.ipv6; + }; + # Also on jokum + turn = { + ipv4 = pvv-ipv4 213; + ipv6 = pvv-ipv6 213; + }; }; - ildkule = { - ipv4 = "129.241.210.187"; - ipv6 = "2001:700:300:1900::1:187"; + hosts = { + gateway = pvv-ipv4 129; + jokum = { + ipv4 = pvv-ipv4 169; + ipv6 = pvv-ipv6 169; + }; + ildkule = { + ipv4 = pvv-ipv4 187; + ipv6 = pvv-ipv6 "1:187"; + }; }; }