nix/machines
1
0
Fork 0
Code Issues Releases Packages Activity Actions

Clean up some code and fix dkim txt record length
Some checks failed
/ dev-shell (push) Successful in 32s
Details
/ rust-packages (push) Successful in 40s
Details
/ terraform-providers (push) Successful in 35s
Details
/ check (push) Failing after 2m38s
Details
/ systems (push) Successful in 20m41s
Details

Browse source
This commit is contained in:
Kaare Hoff Skovgaard 2025-07-23 23:40:47 +02:00
parent d842025c81
commit 32e827f82c
Signed by: khs
GPG key ID: C7D890804F01E9F0
4 changed files with 3 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

9
nix/modules/nixos/infrastructure/hetzner-instance/default.nix
View file

@ -37,15 +37,6 @@ let
}; };
firewallRules = firewallTcpRules ++ firewallUdpRules ++ firewallIcmpRules ++ cfg.extraFirewallRules; firewallRules = firewallTcpRules ++ firewallUdpRules ++ firewallIcmpRules ++ cfg.extraFirewallRules;
firewallEnable = config.networking.firewall.enable; firewallEnable = config.networking.firewall.enable;
tldFromFqdn =
fqdn:
let
split = lib.strings.splitString "." fqdn;
in
if lib.lists.length split < 3 then
fqdn
else
lib.strings.removePrefix "${builtins.head split}." fqdn;
in in
{ {
options.khscodes.infrastructure.hetzner-instance = { options.khscodes.infrastructure.hetzner-instance = {

9
nix/modules/nixos/infrastructure/khs-openstack-instance/default.nix
View file

@ -59,15 +59,6 @@ let
} }
]; ];
firewallRules = firewallTcpRules ++ firewallUdpRules ++ firewallIcmpRules ++ cfg.extraFirewallRules; firewallRules = firewallTcpRules ++ firewallUdpRules ++ firewallIcmpRules ++ cfg.extraFirewallRules;
tldFromFqdn =
fqdn:
let
split = lib.strings.splitString "." fqdn;
in
if lib.lists.length split < 3 then
fqdn
else
lib.strings.removePrefix "${builtins.head split}." fqdn;
in in
{ {
options.khscodes.infrastructure.khs-openstack-instance = { options.khscodes.infrastructure.khs-openstack-instance = {

4
nix/systems/aarch64-linux/kas.codes/mailserver/dkim.nix
View file

@ -79,7 +79,7 @@ in
name = "snm_rsa._domainkey"; name = "snm_rsa._domainkey";
zone_id = "\${ data.cloudflare_zone.kas_codes.id }"; zone_id = "\${ data.cloudflare_zone.kas_codes.id }";
type = "TXT"; type = "TXT";
content = ''"v=DKIM1;k=rsa;p=${dkimPublicKey "tls_private_key.dkim_rsa"}"''; content = ''"''${ join("\" \"", regexall(".{1,255}", "v=DKIM1;k=rsa;p=${dkimPublicKey "tls_private_key.dkim_rsa"}" )) }"'';
comment = "app=kas.codes"; comment = "app=kas.codes";
ttl = 600; ttl = 600;
}; };
@ -88,7 +88,7 @@ in
name = "snm_ed25519._domainkey"; name = "snm_ed25519._domainkey";
zone_id = "\${ data.cloudflare_zone.kas_codes.id }"; zone_id = "\${ data.cloudflare_zone.kas_codes.id }";
type = "TXT"; type = "TXT";
content = ''"v=DKIM1;k=ed25519;p=${dkimPublicKey "tls_private_key.dkim_ed25519"}"''; content = ''"''${ join("\" \"", regexall(".{1,255}", "v=DKIM1;k=ed25519;p=${dkimPublicKey "tls_private_key.dkim_ed25519"}" )) }"'';
comment = "app=kas.codes"; comment = "app=kas.codes";
ttl = 600; ttl = 600;
}; };

5
nix/systems/aarch64-linux/kas.codes/mailserver/forgejo-user.nix
View file

@ -1,6 +1,3 @@
let
bcrypt = expr: "\${ jsonencode(bcrypt(${expr})) }";
in
{ {
khscodes.services.vault-agent.templates = [ khscodes.services.vault-agent.templates = [
{ {
@ -42,7 +39,7 @@ in
name = "mailserver/users/forgejo"; name = "mailserver/users/forgejo";
data_json = '' data_json = ''
{ {
"hashed_password": ${bcrypt "resource.random_password.forgejo_mail_passwd.result"}, "hashed_password": ''${ jsonencode(resource.random_password.forgejo_mail_passwd.bcrypt_hash) },
"password": ''${ jsonencode(resource.random_password.forgejo_mail_passwd.result) } "password": ''${ jsonencode(resource.random_password.forgejo_mail_passwd.result) }
} }
''; '';