Merge pull request #67 from fsr/domain-refactor

Remove fsr domain option and use the native networking ones

flake.nix

@@ -52,7 +52,6 @@
             ./modules/course-management.nix
             ./modules/gitea.nix
             {
-              fsr.domain = "ifsr.de";
               sops.defaultSopsFile = ./secrets/quitte.yaml;
             }
           ];

hosts/quitte/configuration.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 
 {
   imports =
@@ -15,7 +15,6 @@
   #boot.supportedFilesystems = [ "zfs" ];
   #boot.zfs.devNodes = "/dev/";
 
-  networking.hostName = "quitte"; # Define your hostname.
   services.qemuGuest.enable = true;
 
   # Set your time zone.

hosts/quitte/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, modulesPath, ... }:
 
 {
   imports =

hosts/quitte/network.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, lib, ... }:
+{ config, ... }:
 let
   wireguard_port = 51820;
 in
@@ -11,7 +11,9 @@ in
 
   networking = {
     hostId = "a71c81fc";
-    rdns = "quitte.ifsr.de";
+    domain = "ifsr.de";
+    hostName = "quitte";
+    rDNS = config.networking.fqdn;
     enableIPv6 = true;
     useDHCP = true;
     interfaces.ens18.useDHCP = true;

modules/bacula.nix

@@ -57,7 +57,7 @@ in
     '';
     extraMessagesConfig = ''
       director = abel-dir = all, !skipped, !restored
-      mailcommand = "${bacula_package}/bin/bsmtp -f \"Bacula <bacula@${config.fsr.domain}>\" -s \"Bacula report" %r"
+      mailcommand = "${bacula_package}/bin/bsmtp -f \"Bacula <bacula@${config.networking.domain}>\" -s \"Bacula report" %r"
       mail = root+backup = all, !skipped
     '';
     director."abel-dir".password = "@${config.sops.secrets."bacula/password".path}";

modules/course-management.nix

@@ -1,7 +1,6 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 let
-  # hostName = "kurse.${config.fsr.domain}";
+  hostName = "kurse.${config.networking.domain}";
-  hostName = "kurse.ifsr.de";
 in
 {
   sops.secrets =
@@ -22,15 +21,15 @@ in
       adminPassFile = config.sops.secrets."course-management/adminpass".path;
       admins = [{
         name = "Root iFSR";
-        email = "root@${config.fsr.domain}";
+        email = "root@${config.networking.domain}";
       }];
       database = {
         ENGINE = "django.db.backends.postgresql";
         NAME = "course-management";
       };
       email = lib.mkDefault {
-        fromEmail = "noreply@${config.fsr.domain}";
+        fromEmail = "noreply@${config.networking.domain}";
-        serverEmail = "root@${config.fsr.domain}";
+        serverEmail = "root@${config.networking.domain}";
       };
     };
   };

modules/ftp.nix

@@ -1,6 +1,6 @@
 { config, pkgs, ... }:
 let
-  domain = "ftp.ifsr.de";
+  domain = "ftp.${config.networking.domain}";
 in
 {
   services.nginx.additionalModules = [ pkgs.nginxModules.fancyindex ];

modules/gitea.nix

@@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 let
-  domain = "git.${config.fsr.domain}";
+  domain = "git.${config.networking.domain}";
   giteaUser = "git";
 in
 {
@@ -38,7 +38,7 @@ in
       server = {
         PROTOCOL = "http+unix";
         DOMAIN = domain;
-        SSH_DOMAIN = config.fsr.domain;
+        SSH_DOMAIN = config.networking.domain;
         ROOT_URL = "https://${domain}";
         OFFLINE_MODE = true; # disable use of CDNs
       };
@@ -46,7 +46,7 @@ in
       service = {
         DISABLE_REGISTRATION = true;
         ENABLE_NOTIFY_MAIL = true;
-        NO_REPLY_ADDRESS = "noreply.${config.fsr.domain}";
+        NO_REPLY_ADDRESS = "noreply.${config.networking.domain}";
       };
       "service.explore".DISABLE_USERS_PAGE = true;
       openid = {
@@ -55,7 +55,7 @@ in
       };
       mailer = {
         ENABLED = true;
-        FROM = "\"iFSR Git\" <git@${config.fsr.domain}>";
+        FROM = "\"iFSR Git\" <git@${config.networking.domain}>";
         SMTP_ADDR = "localhost";
         SMTP_PORT = 25;
       };

modules/hedgedoc.nix

@@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }:
 let
-  domain = "pad.ifsr.de";
+  domain = "pad.${config.networking.domain}";
   template = pkgs.writeText "hedgedoc-template.md" ''
     ---
     tags: listed

modules/hydra.nix

@@ -1,6 +1,6 @@
 { config, ... }:
 let
-  domain = "hydra.ifsr.de";
+  domain = "hydra.${config.networking.domain}";
 in
 {
   sops.secrets."hydra_ldap_search" = { owner = "hydra"; group = "hydra"; mode = "440"; };

modules/kpp.nix

@@ -1,6 +1,6 @@
 { config, ... }:
 let
-  domain = "kpp.ifsr.de";
+  domain = "kpp.${config.networking.domain}";
 in
 {
   services.kpp = {

modules/ldap/default.nix

@@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 let
-  domain = "auth.${config.fsr.domain}";
+  domain = "auth.${config.networking.domain}";
   seed = {
     groups = [
       {
@@ -55,7 +55,7 @@ in
 
   services.portunus = {
     enable = true;
-    package = pkgs.portunus.overrideAttrs (old: {
+    package = pkgs.portunus.overrideAttrs (_old: {
       patches = [
         ./0001-update-user-validation-regex.patch
         ./0002-both-ldap-and-ldaps.patch

modules/mail/default.nix

@@ -1,8 +1,8 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, ... }:
 let
-  hostname = "mail.${config.fsr.domain}";
+  hostname = "mail.${config.networking.domain}";
-  domain = config.fsr.domain;
+  domain = config.networking.domain;
-  rspamd-domain = "rspamd.${config.fsr.domain}";
+  rspamd-domain = "rspamd.${config.networking.domain}";
   dovecot-ldap-args = pkgs.writeText "ldap-args" ''
     uris = ldap://localhost
     dn = uid=search, ou=users, dc=ifsr, dc=de
@@ -84,8 +84,7 @@ in
       config = {
         home_mailbox = "Maildir/";
         # hostname used in helo command. It is recommended to have this match the reverse dns entry
-        # smtp_helo_name = "x8d1e1ea9.agdsn.tu-dresden.de";
+        smtp_helo_name = config.networking.rDNS;
-        smtp_helo_name = config.networking.rdns;
         smtp_use_tls = true;
         # smtp_tls_security_level = "encrypt";
         smtpd_use_tls = true;
@@ -239,7 +238,7 @@ in
     };
     opendkim = {
       enable = true;
-      domains = "csl:${config.fsr.domain}";
+      domains = "csl:${config.networking.domain}";
       selector = config.networking.hostName;
       configFile = pkgs.writeText "opendkim-config" ''
         UMask 0117

modules/mailman.nix

@@ -7,10 +7,10 @@
   services.mailman = {
     enable = true;
     serve.enable = true;
-    webHosts = [ "lists.${config.fsr.domain}" ];
+    webHosts = [ "lists.${config.networking.domain}" ];
     hyperkitty.enable = true;
     enablePostfix = true;
-    siteOwner = "mailman@${config.fsr.domain}";
+    siteOwner = "mailman@${config.networking.domain}";
     settings = {
       database = {
         class = "mailman.database.postgresql.PostgreSQLDatabase";
@@ -58,7 +58,7 @@
     ];
     ensureDatabases = [ "mailman" "mailmanweb" ];
   };
-  services.nginx.virtualHosts."lists.${config.fsr.domain}" = {
+  services.nginx.virtualHosts."lists.${config.networking.domain}" = {
     enableACME = true;
     forceSSL = true;
   };

modules/matrix.nix

@@ -1,7 +1,7 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, ... }:
 let
-  domainServer = "matrix.staging.ifsr.de";
+  domainServer = "matrix.staging.${config.networking.domain}";
-  domainClient = "chat.staging.ifsr.de";
+  domainClient = "chat.staging.${config.networking.domain}";
 
   clientConfig = {
     "m.homeserver" = {

modules/mautrix-telegram.nix

@@ -1,4 +1,4 @@
-{ config, options, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
   homeserverDomain = config.services.matrix-synapse.settings.server_name;
   registrationFileSynapse = "/var/lib/matrix-synapse/telegram-registration.yaml";

modules/nextcloud.nix

@@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 let
-  domain = "nc.staging.ifsr.de";
+  domain = "nc.staging.${config.networking.domain}";
-  legacy_domain = "oc.ifsr.de";
+  legacy_domain = "oc.${config.networking.domain}";
 in
 {
   sops.secrets = {

modules/nginx.nix

@@ -29,7 +29,7 @@
     acceptTerms = true;
     defaults = {
       #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
-      email = "root@ifsr.de";
+      email = "root@${config.networking.domain}";
     };
   };
   security.pam.services.nginx.text = ''

modules/options.nix

@@ -1,17 +1,5 @@
-{ config, lib, ... }: with lib; {
+{ lib, ... }: with lib; {
-  options.fsr = {
+  options.networking.rDNS = mkOption {
-    enable_office_bloat = mkOption {
-      type = types.bool;
-      default = false;
-      description = "install heavy office bloat like texlive, okular, ...";
-    };
-    domain = mkOption {
-      type = types.str;
-      default = "ifsr.de";
-      description = "under which top level domain the services should run";
-    };
-  };
-  options.networking.rdns = mkOption {
     type = types.str;
     default = networking.fqdn;
     description = "The reverse dns record known to be set for this host.";

modules/padlist.nix

@@ -1,7 +1,7 @@
 # php pad lister tool written by jonas
 { pkgs, config, lib, ... }:
 let
-  domain = "list.pad.ifsr.de";
+  domain = "list.pad.${config.networking.domain}";
 in
 {
   services.phpfpm.pools.padlist = {

modules/sogo.nix

@@ -1,7 +1,6 @@
-{ config, pkgs, lib, ... }:
+{ config, lib, ... }:
 let
-  sogo-hostname = "mail.${config.fsr.domain}";
+  sogo-hostname = "mail.${config.networking.domain}";
-  domain = config.fsr.domain;
 in
 {
   sops.secrets = {

modules/sops.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ ... }:
 {
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
   sops.age.generateKey = false;

modules/stream.nix

@@ -1,10 +1,9 @@
-{ pkgs, config, ... }:
+{ config, ... }:
 {
   services = {
     nginx = {
       virtualHosts = {
-        # "stream.${config.fsr.domain}" = {
+        "stream.${config.networking.domain}" = {
-        "stream.ifsr.de" = {
           enableACME = true;
           forceSSL = true;
           locations."/" =
@@ -17,13 +16,6 @@
             };
         };
       };
-      #streamConfig = ''
-      #  server {
-      #  listen            1935;
-      #  proxy_pass        [::1]:1935;
-      #  proxy_buffer_size 32k;
-      #}
-      #'';
     };
     owncast = {
       enable = true;

modules/userdir.nix

@@ -1,6 +1,6 @@
-{ config, lib, pkgs, ... }:
+{ config, ... }:
 let
-  domain = "users.${config.fsr.domain}";
+  domain = "users.${config.networking.domain}";
   port = 8083;
   apacheUser = config.services.httpd.user;
 in

modules/vaultwarden.nix

@@ -1,6 +1,6 @@
 { config, ... }:
 let
-  domain = "vault.ifsr.de";
+  domain = "vault.${config.networking.domain}";
 in
 {
   sops.secrets."vaultwarden_env".owner = "vaultwarden";
@@ -16,7 +16,7 @@ in
       smtpHost = "127.0.0.1";
       smtpPort = 25;
       smtpSSL = false;
-      smtpFrom = "noreply@${config.fsr.domain}";
+      smtpFrom = "noreply@${config.networking.domain}";
       smtpFromName = "iFSR Vaultwarden";
     };
   };

modules/website.nix

@@ -31,13 +31,13 @@ in
 
   services.nginx = {
 
-    virtualHosts."www.${config.fsr.domain}" = {
+    virtualHosts."www.${config.networking.domain}" = {
       enableACME = true;
       forceSSL = true;
       locations."/".return = "301 $scheme://ifsr.de$request_uri";
 
     };
-    virtualHosts."${config.fsr.domain}" = {
+    virtualHosts."${config.networking.domain}" = {
       enableACME = true;
       forceSSL = true;
       root = "/srv/web/ifsrde";

modules/wiki.nix

@@ -1,6 +1,6 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, ... }:
 let
-  domain = "wiki.ifsr.de";
+  domain = "wiki.${config.networking.domain}";
   listenPort = 8080;
 in
 {