Restructure values file to separate hosts from services

2023-01-21 19:51:10 +01:00 · 2023-01-21 19:51:10 +01:00 · ad75cb0c88
parent cb403a7aeb
commit ad75cb0c88
6 changed files with 37 additions and 33 deletions
--- a/base.nix
+++ b/base.nix
@ -10,7 +10,7 @@
  networking.search = [ "pvv.ntnu.no" "pvv.org" ];
  networking.nameservers = lib.mkDefault [ "129.241.0.200" "129.241.0.201" ];
  networking.tempAddresses = lib.mkDefault "disabled";
-  networking.defaultGateway = values.gateway;
+  networking.defaultGateway = values.hosts.gateway;
  services.resolved = {
    enable = true;
--- a/hosts/ildkule/configuration.nix
+++ b/hosts/ildkule/configuration.nix
@ -25,7 +25,7 @@
  networking.interfaces.ens18.ipv4 = {
    addresses = [
      {
-        address = values.ildkule.ipv4;
+        address = values.hosts.ildkule.ipv4;
        prefixLength = 25;
      }
    ];
@ -33,7 +33,7 @@
  networking.interfaces.ens18.ipv6 = {
    addresses = [
      {
-        address = values.ildkule.ipv6;
+        address = values.hosts.ildkule.ipv6;
        prefixLength = 64;
      }
    ];
--- a/hosts/jokum/configuration.nix
+++ b/hosts/jokum/configuration.nix
@ -29,11 +29,11 @@
  networking.interfaces.ens18.ipv4 = {
    addresses = [
      {
-        address = values.jokum.ipv4;
+        address = values.hosts.jokum.ipv4;
        prefixLength = 25;
      }
      {
-        address = values.turn.ipv4;
+        address = values.services.turn.ipv4;
        prefixLength = 25;
      }
    ];
@ -41,11 +41,11 @@
  networking.interfaces.ens18.ipv6 = {
    addresses = [
      {
-        address = values.jokum.ipv6;
+        address = values.hosts.jokum.ipv6;
        prefixLength = 64;
      }
      {
-        address = values.turn.ipv6;
+        address = values.services.turn.ipv6;
        prefixLength = 64;
      }
    ];
--- a/hosts/jokum/services/matrix/synapse.nix
+++ b/hosts/jokum/services/matrix/synapse.nix
@ -183,8 +183,8 @@ in {
      (metricsPath v) ({
        proxyPass = proxyPath v;
        extraConfig = ''
-          allow ${values.ildkule.ipv4};
+          allow ${values.hosts.ildkule.ipv4};
-          allow ${values.ildkule.ipv6};
+          allow ${values.hosts.ildkule.ipv6};
          deny all;
        '';
      }))
@ -194,8 +194,8 @@ in {
    locations."/metrics/master/1" = {
      proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
      extraConfig = ''
-        allow ${values.ildkule.ipv4};
+        allow ${values.hosts.ildkule.ipv4};
-        allow ${values.ildkule.ipv6};
+        allow ${values.hosts.ildkule.ipv6};
        deny all;
      '';
    };
--- a/misc/metrics-exporters.nix
+++ b/misc/metrics-exporters.nix
@ -10,8 +10,8 @@
  systemd.services.prometheus-node-exporter.serviceConfig = {
    IPAddressDeny = "any";
    IPAddressAllow = [
-      values.ildkule.ipv4
+      values.hosts.ildkule.ipv4
-      values.ildkule.ipv6
+      values.hosts.ildkule.ipv6
    ];
  };
--- a/values.nix
+++ b/values.nix
@ -1,25 +1,29 @@
 # Feel free to change the structure of this file
-
+let
-rec {
+  pvv-ipv4 = suffix: "129.241.210.${toString suffix}";
-  gateway = "129.241.210.129";
+  pvv-ipv6 = suffix: "2001:700:300:1900::${toString suffix}";
-
+in rec {
-
+  services = {
-  jokum = {
+    matrix = {
-    ipv4 = "129.241.210.169";
+      ipv4 = hosts.jokum.ipv4;
-    ipv6 = "2001:700:300:1900::169";
+      ipv6 = hosts.jokum.ipv6;
-  };
+    };
-  matrix = {
+    # Also on jokum
-    ipv4 = jokum.ipv4;
+    turn = {
-    ipv6 = jokum.ipv6;
+      ipv4 = pvv-ipv4 213;
-  };
+      ipv6 = pvv-ipv6 213;
-  # Also on jokum
+    };
  turn = {
    ipv4 = "129.241.210.213";
    ipv6 = "2001:700:300:1900::213";
  };
-  ildkule = {
+  hosts = {
-    ipv4 = "129.241.210.187";
+    gateway = pvv-ipv4 129;
-    ipv6 = "2001:700:300:1900::1:187";
+    jokum = {
      ipv4 = pvv-ipv4 169;
      ipv6 = pvv-ipv6 169; 
    };
    ildkule = {
      ipv4 = pvv-ipv4 187;
      ipv6 = pvv-ipv6 "1:187";
    };
  };
 }