From 44589ddc773f4103e93d3b2684981b8108fd9439 Mon Sep 17 00:00:00 2001 From: niten Date: Wed, 15 Nov 2023 12:22:14 -0800 Subject: [PATCH] Working vm-nameserver --- config/hardware/system3.nix | 9 +- config/host-config/system3.nix | 176 +++++++++++++++++++++---------- config/service/local-network.nix | 15 ++- flake.lock | 42 ++++---- flake.nix | 30 ++++-- 5 files changed, 177 insertions(+), 95 deletions(-) diff --git a/config/hardware/system3.nix b/config/hardware/system3.nix index 543cbc6..f2e351b 100644 --- a/config/hardware/system3.nix +++ b/config/hardware/system3.nix @@ -1,8 +1,7 @@ { config, lib, pkgs, ... }: with lib; -let - +let inherit (config.instance) hostname; in { system.stateVersion = "21.11"; @@ -116,10 +115,8 @@ in { }; interfaces = { - intif0 = { - # output of: echo lambda-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/' - macAddress = "02:0d:df:2d:46:90"; - }; + intif0.macAddress = + pkgs.lib.network.generate-mac-address hostname "intif0"; }; }; diff --git a/config/host-config/system3.nix b/config/host-config/system3.nix index c8164dd..7f6e9f9 100644 --- a/config/host-config/system3.nix +++ b/config/host-config/system3.nix @@ -1,70 +1,140 @@ { config, lib, pkgs, ... }: with lib; -let state-dir = "/state"; +let + state-dir = "/state"; + + inherit (config.instance) hostname; + + vmConfig = { pkgs, lib, ... }: { + config = { + containers.tester = { + autoStart = true; + # hostAddress = "10.0.0.14"; + additionalCapabilities = [ "CAP_NET_ADMIN" ]; + # privateNetwork = true; + macvlans = [ "enp7s0" ]; + # hostBridge = "tester0"; + config = { + imports = [ pkgs.moduleRegistry.authoritativeDns ]; + + services.openssh.enable = true; + + users.users.niten = config.users.users.niten; + + services.authoritative-dns = { + enable = true; + identity = "ns.sea.fudo.org"; + listen-ips = [ "10.0.0.14" ]; + state-directory = "/var/lib/nsd"; + timestamp = toString config.instance.build-timestamp; + domains = { + "sea.fudo.org" = { zone = config.fudo.zones."sea.fudo.org"; }; + }; + }; + + networking = { + defaultGateway = pkgs.lib.getHostGatewayV4 hostname; + firewall = { + enable = true; + allowedTCPPorts = [ 22 53 ]; + allowedUDPPorts = [ 53 ]; + }; + interfaces = { + mv-enp7s0.ipv4.addresses = [{ + address = "10.0.0.14"; + prefixLength = 24; + }]; + }; + }; + }; + }; + }; + }; + in { - fudo = { - slynk.enable = true; - wallfly.location = "office"; - }; + imports = [ vmConfig ]; - networking = { - interfaces.intif0.useDHCP = true; - firewall.enable = false; - }; + config = { + fudo = { + slynk.enable = true; + wallfly.location = "office"; + }; - systemd.tmpfiles.rules = [ - "L /root/.gnupg - - - - ${state-dir}/user/root/gnupg" - "L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa" - "L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub" - "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts" - "L /var/lib/flatpak - - - - ${state-dir}/lib/flatpak" - "L /etc/adjtime - - - - ${state-dir}/etc/adjtime" - "d ${state-dir}/lib/cups 755 root root - -" - ]; + networking = { + defaultGateway = { + address = pkgs.lib.getHostGatewayV4 hostname; + interface = "intif0"; + }; - services = { - blueman.enable = true; + interfaces = { + intif0 = { + ipv4.addresses = [{ + address = pkgs.lib.getHostIpv4 hostname; + prefixLength = 16; + }]; + }; + # intif1.ipv4.addresses = [{ + # address = "10.0.0.14"; + # prefixLength = 32; + # }]; + }; + firewall.enable = false; + }; - openssh.hostKeys = [ - { - path = "${state-dir}/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - { - path = "${state-dir}/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } + systemd.tmpfiles.rules = [ + "L /root/.gnupg - - - - ${state-dir}/user/root/gnupg" + "L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa" + "L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub" + "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts" + "L /var/lib/flatpak - - - - ${state-dir}/lib/flatpak" + "L /etc/adjtime - - - - ${state-dir}/etc/adjtime" + "d ${state-dir}/lib/cups 755 root root - -" ]; - }; - fileSystems = { - "/var/lib/cups" = { - device = "${state-dir}/lib/cups"; - options = [ "bind" ]; + services = { + blueman.enable = true; + + openssh.hostKeys = [ + { + path = "${state-dir}/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + { + path = "${state-dir}/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; }; - }; - fonts.fontconfig = { - hinting = { - enable = true; - style = "hintfull"; + fileSystems = { + "/var/lib/cups" = { + device = "${state-dir}/lib/cups"; + options = [ "bind" ]; + }; }; - subpixel.lcdfilter = "default"; - antialias = true; - }; - environment.etc = { - nixos.source = "/etc/nixos-live"; - NIXOS.source = "${state-dir}/etc/NIXOS"; - }; - - hardware = { - bluetooth = { - enable = true; - package = pkgs.bluezFull; + fonts.fontconfig = { + hinting = { + enable = true; + style = "hintfull"; + }; + subpixel.lcdfilter = "default"; + antialias = true; + }; + + environment.etc = { + nixos.source = "/etc/nixos-live"; + NIXOS.source = "${state-dir}/etc/NIXOS"; + }; + + hardware = { + bluetooth = { + enable = true; + package = pkgs.bluezFull; + }; + xpadneo.enable = true; }; - xpadneo.enable = true; }; } diff --git a/config/service/local-network.nix b/config/service/local-network.nix index c72ba1e..f2480e7 100644 --- a/config/service/local-network.nix +++ b/config/service/local-network.nix @@ -99,7 +99,7 @@ in { config = mkIf (site.local-gateway != null) (let host-ipv4 = pkgs.lib.network.host-ipv4 config; - gateway-host = site.local-gateway; + gateway-host = site.local-gateway; nameserver-host = gateway-host; gateway-ip = host-ipv4 gateway-host; nameserver-ip = host-ipv4 gateway-host; @@ -140,8 +140,7 @@ in { zones.${zone-name} = { aliases = { - ${agp.http-host-alias} = optionalAttrs (agp.enable) - (fqdn gateway-host); + "${agp.http-host-alias}" = mkIf (agp.enable) (fqdn gateway-host); ns = (fqdn nameserver-host); gw = (fqdn gateway-host); }; @@ -151,9 +150,7 @@ in { nameserver.ipv4-address = nameserver-ip; }; - nameservers = [ - "nameserver" - ]; + nameservers = [ "nameserver" ]; srv-records = { tcp.domain = [{ @@ -173,8 +170,10 @@ in { dns-servers = [ nameserver-ip ]; gateway = gateway-ip; dhcp-interfaces = cfg.internal-interfaces; - dns-listen-ips = optionals is-gateway [ nameserver-ip "127.0.0.1" "127.0.1.1" ]; - dns-listen-ipv6s = optionals (is-gateway && config.networking.enableIPv6) [ "::1" ]; + dns-listen-ips = + optionals is-gateway [ nameserver-ip "127.0.0.1" "127.0.1.1" ]; + dns-listen-ipv6s = + optionals (is-gateway && config.networking.enableIPv6) [ "::1" ]; recursive-resolver = if agp.enable then { host = "127.0.0.1"; port = agp.dns-listen-port; diff --git a/flake.lock b/flake.lock index 1723d33..85a6625 100644 --- a/flake.lock +++ b/flake.lock @@ -2234,11 +2234,11 @@ ] }, "locked": { - "lastModified": 1699558182, - "narHash": "sha256-kWbn5DqGLUtdV2nFmVIQ9w6HExqHuYSi3stK+auWtz8=", + "lastModified": 1699981257, + "narHash": "sha256-6ChJQ12nQDOEKiEJKP9FgeChlpsd/+CClYyCotk6sg8=", "ref": "refs/heads/master", - "rev": "4688003535cb66705e772141ce9df0fd589056a1", - "revCount": 187, + "rev": "16e3ad53e9b707a8c7903f2a5bb9a19c65214829", + "revCount": 192, "type": "git", "url": "https://git.fudo.org/fudo-nix/entities.git" }, @@ -2259,11 +2259,11 @@ ] }, "locked": { - "lastModified": 1699638724, - "narHash": "sha256-E0iO/2oenWuG+hwivnVEEJGA2H94e32Ciz3L/1gbVYk=", + "lastModified": 1699903682, + "narHash": "sha256-agoWZQ/EORRiHiJt0f40GrkJbJEQ/+duCXniu59yOZs=", "ref": "refs/heads/master", - "rev": "c4455794bf6b1b498b79acd0ed4ff82bdf0349b9", - "revCount": 401, + "rev": "6b29e60a8792b29f4e7db4c28a1e0513ffef5aa3", + "revCount": 403, "type": "git", "url": "https://git.fudo.org/fudo-nix/home.git" }, @@ -2939,11 +2939,11 @@ ] }, "locked": { - "lastModified": 1695108154, - "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", + "lastModified": 1699748081, + "narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=", "owner": "nix-community", "repo": "home-manager", - "rev": "07682fff75d41f18327a871088d20af2710d4744", + "rev": "04bac349d585c9df38d78e0285b780a140dc74a4", "type": "github" }, "original": { @@ -3253,11 +3253,11 @@ "niten-doom-config": { "flake": false, "locked": { - "lastModified": 1699638681, - "narHash": "sha256-nfHEoSGTQrPQNFXp+7CljKTP98/CKqrQb049NZ4uPTs=", + "lastModified": 1699894688, + "narHash": "sha256-Kp0qfQGDkGxkcyk4GL9HBQZcunKBSdOig+8q4NiZKVs=", "ref": "refs/heads/master", - "rev": "7e5e35f66df30db7baa4dbee3f401395a498d99b", - "revCount": 67, + "rev": "92718c3f315411abfb7ef623cc4239204dbc4b19", + "revCount": 68, "type": "git", "url": "https://git.fudo.org/niten/doom-emacs.git" }, @@ -3351,11 +3351,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1699099776, - "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=", + "lastModified": 1699781429, + "narHash": "sha256-UYefjidASiLORAjIvVsUHG6WBtRhM67kTjEY4XfZOFs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb", + "rev": "e44462d6021bfe23dfb24b775cc7c390844f773d", "type": "github" }, "original": { @@ -3548,11 +3548,11 @@ }, "nixpkgs_21": { "locked": { - "lastModified": 1699596684, - "narHash": "sha256-XSXP8zjBZJBVvpNb2WmY0eW8O2ce+sVyj1T0/iBRIvg=", + "lastModified": 1699994397, + "narHash": "sha256-xxNeIcMNMXH2EA9IAX6Cny+50mvY22LhIBiGZV363gc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73", + "rev": "d4b5a67bbe9ef750bd2fdffd4cad400dd5553af8", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7176b67..a910251 100644 --- a/flake.nix +++ b/flake.nix @@ -174,6 +174,7 @@ fudo-pkgs.overlays.default fudo-secrets.overlays.default fudo-entities.overlays.default + self.overlays.fudoHostConfig (final: prev: { chute = chute.packages.${arch}.chute; chuteUnstable = chuteUnstable.packages.${arch}.chute; @@ -202,7 +203,7 @@ concat-timestamp = timestamp: toInt (substring 0 10 (toString timestamp)); - common-host-config = hostname: hostOpts: + mkFudoHostConfig = hostname: hostOpts: let config-dir = ./config; build-timestamp = concat-timestamp latest-modified-timestamp; @@ -264,18 +265,18 @@ }; }; - nixos-host-config = hostname: hostOpts: + mkFudoNixOsSystem = hostname: hostOpts: let system = hostOpts.arch; in nixosSystem { inherit system; - modules = [ (common-host-config hostname hostOpts) ]; + modules = [ (mkFudoHostConfig hostname hostOpts) ]; }; - nixops-host-config = hostname: hostOpts: + mkFudoNixopsHostConfig = hostname: hostOpts: let zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts; in { imports = [ - (common-host-config hostname hostOpts) + (mkFudoHostConfig hostname hostOpts) (_: { config.deployment.targetHost = @@ -285,7 +286,22 @@ }; in { - nixosConfigurations = mapAttrs nixos-host-config fudo-nixos-hosts; - nixopsHostConfigurations = mapAttrs nixops-host-config fudo-nixos-hosts; + nixosConfigurations = mapAttrs mkFudoNixOsSystem fudo-nixos-hosts; + nixopsHostConfigurations = + mapAttrs mkFudoNixopsHostConfig fudo-nixos-hosts; + + lib = { + inherit mkFudoHostConfig mkFudoNixOsSystem mkFudoNixopsHostConfig; + }; + + overlays = rec { + default = fudoHostConfig; + fudoHostConfig = (final: prev: { + lib = prev.lib // self.lib; + moduleRegistry = { + authoritativeDns = authoritative-dns.nixosModules.default; + }; + }); + }; }; }