nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Working vm-nameserver

This commit is contained in:
niten 2023-11-15 12:22:14 -08:00
parent 5f7ff14550
commit 44589ddc77
5 changed files with 177 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
config/hardware/system3.nix
View File

@ -1,8 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let inherit (config.instance) hostname;
in { in {
system.stateVersion = "21.11"; system.stateVersion = "21.11";
@ -116,10 +115,8 @@ in {
}; };
interfaces = { interfaces = {
intif0 = { intif0.macAddress =
# output of: echo lambda-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/' pkgs.lib.network.generate-mac-address hostname "intif0";
macAddress = "02:0d:df:2d:46:90";
};
}; };
}; };

176
config/host-config/system3.nix
View File

@ -1,70 +1,140 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let state-dir = "/state"; let
state-dir = "/state";
inherit (config.instance) hostname;
vmConfig = { pkgs, lib, ... }: {
config = {
containers.tester = {
autoStart = true;
# hostAddress = "10.0.0.14";
additionalCapabilities = [ "CAP_NET_ADMIN" ];
# privateNetwork = true;
macvlans = [ "enp7s0" ];
# hostBridge = "tester0";
config = {
imports = [ pkgs.moduleRegistry.authoritativeDns ];
services.openssh.enable = true;
users.users.niten = config.users.users.niten;
services.authoritative-dns = {
enable = true;
identity = "ns.sea.fudo.org";
listen-ips = [ "10.0.0.14" ];
state-directory = "/var/lib/nsd";
timestamp = toString config.instance.build-timestamp;
domains = {
"sea.fudo.org" = { zone = config.fudo.zones."sea.fudo.org"; };
};
};
networking = {
defaultGateway = pkgs.lib.getHostGatewayV4 hostname;
firewall = {
enable = true;
allowedTCPPorts = [ 22 53 ];
allowedUDPPorts = [ 53 ];
};
interfaces = {
mv-enp7s0.ipv4.addresses = [{
address = "10.0.0.14";
prefixLength = 24;
}];
};
};
};
};
};
};
in { in {
fudo = { imports = [ vmConfig ];
slynk.enable = true;
wallfly.location = "office";
};
networking = { config = {
interfaces.intif0.useDHCP = true; fudo = {
firewall.enable = false; slynk.enable = true;
}; wallfly.location = "office";
};
systemd.tmpfiles.rules = [ networking = {
"L /root/.gnupg - - - - ${state-dir}/user/root/gnupg" defaultGateway = {
"L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa" address = pkgs.lib.getHostGatewayV4 hostname;
"L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub" interface = "intif0";
"L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts" };
"L /var/lib/flatpak - - - - ${state-dir}/lib/flatpak"
"L /etc/adjtime - - - - ${state-dir}/etc/adjtime"
"d ${state-dir}/lib/cups 755 root root - -"
];
services = { interfaces = {
blueman.enable = true; intif0 = {
ipv4.addresses = [{
address = pkgs.lib.getHostIpv4 hostname;
prefixLength = 16;
}];
};
# intif1.ipv4.addresses = [{
# address = "10.0.0.14";
# prefixLength = 32;
# }];
};
firewall.enable = false;
};
openssh.hostKeys = [ systemd.tmpfiles.rules = [
{ "L /root/.gnupg - - - - ${state-dir}/user/root/gnupg"
path = "${state-dir}/ssh/ssh_host_rsa_key"; "L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa"
type = "rsa"; "L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub"
bits = 4096; "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts"
} "L /var/lib/flatpak - - - - ${state-dir}/lib/flatpak"
{ "L /etc/adjtime - - - - ${state-dir}/etc/adjtime"
path = "${state-dir}/ssh/ssh_host_ed25519_key"; "d ${state-dir}/lib/cups 755 root root - -"
type = "ed25519";
}
]; ];
};
fileSystems = { services = {
"/var/lib/cups" = { blueman.enable = true;
device = "${state-dir}/lib/cups";
options = [ "bind" ]; openssh.hostKeys = [
{
path = "${state-dir}/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
{
path = "${state-dir}/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
}; };
};
fonts.fontconfig = { fileSystems = {
hinting = { "/var/lib/cups" = {
enable = true; device = "${state-dir}/lib/cups";
style = "hintfull"; options = [ "bind" ];
};
}; };
subpixel.lcdfilter = "default";
antialias = true;
};
environment.etc = { fonts.fontconfig = {
nixos.source = "/etc/nixos-live"; hinting = {
NIXOS.source = "${state-dir}/etc/NIXOS"; enable = true;
}; style = "hintfull";
};
hardware = { subpixel.lcdfilter = "default";
bluetooth = { antialias = true;
enable = true; };
package = pkgs.bluezFull;
environment.etc = {
nixos.source = "/etc/nixos-live";
NIXOS.source = "${state-dir}/etc/NIXOS";
};
hardware = {
bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
xpadneo.enable = true;
}; };
xpadneo.enable = true;
}; };
} }

15
config/service/local-network.nix
View File

@ -99,7 +99,7 @@ in {
config = mkIf (site.local-gateway != null) (let config = mkIf (site.local-gateway != null) (let
host-ipv4 = pkgs.lib.network.host-ipv4 config; host-ipv4 = pkgs.lib.network.host-ipv4 config;
gateway-host = site.local-gateway; gateway-host = site.local-gateway;
nameserver-host = gateway-host; nameserver-host = gateway-host;
gateway-ip = host-ipv4 gateway-host; gateway-ip = host-ipv4 gateway-host;
nameserver-ip = host-ipv4 gateway-host; nameserver-ip = host-ipv4 gateway-host;
@ -140,8 +140,7 @@ in {
zones.${zone-name} = { zones.${zone-name} = {
aliases = { aliases = {
${agp.http-host-alias} = optionalAttrs (agp.enable) "${agp.http-host-alias}" = mkIf (agp.enable) (fqdn gateway-host);
(fqdn gateway-host);
ns = (fqdn nameserver-host); ns = (fqdn nameserver-host);
gw = (fqdn gateway-host); gw = (fqdn gateway-host);
}; };
@ -151,9 +150,7 @@ in {
nameserver.ipv4-address = nameserver-ip; nameserver.ipv4-address = nameserver-ip;
}; };
nameservers = [ nameservers = [ "nameserver" ];
"nameserver"
];
srv-records = { srv-records = {
tcp.domain = [{ tcp.domain = [{
@ -173,8 +170,10 @@ in {
dns-servers = [ nameserver-ip ]; dns-servers = [ nameserver-ip ];
gateway = gateway-ip; gateway = gateway-ip;
dhcp-interfaces = cfg.internal-interfaces; dhcp-interfaces = cfg.internal-interfaces;
dns-listen-ips = optionals is-gateway [ nameserver-ip "127.0.0.1" "127.0.1.1" ]; dns-listen-ips =
dns-listen-ipv6s = optionals (is-gateway && config.networking.enableIPv6) [ "::1" ]; optionals is-gateway [ nameserver-ip "127.0.0.1" "127.0.1.1" ];
dns-listen-ipv6s =
optionals (is-gateway && config.networking.enableIPv6) [ "::1" ];
recursive-resolver = if agp.enable then { recursive-resolver = if agp.enable then {
host = "127.0.0.1"; host = "127.0.0.1";
port = agp.dns-listen-port; port = agp.dns-listen-port;

42
flake.lock
View File

@ -2234,11 +2234,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1699558182, "lastModified": 1699981257,
"narHash": "sha256-kWbn5DqGLUtdV2nFmVIQ9w6HExqHuYSi3stK+auWtz8=", "narHash": "sha256-6ChJQ12nQDOEKiEJKP9FgeChlpsd/+CClYyCotk6sg8=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "4688003535cb66705e772141ce9df0fd589056a1", "rev": "16e3ad53e9b707a8c7903f2a5bb9a19c65214829",
"revCount": 187, "revCount": 192,
"type": "git", "type": "git",
"url": "https://git.fudo.org/fudo-nix/entities.git" "url": "https://git.fudo.org/fudo-nix/entities.git"
}, },
@ -2259,11 +2259,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1699638724, "lastModified": 1699903682,
"narHash": "sha256-E0iO/2oenWuG+hwivnVEEJGA2H94e32Ciz3L/1gbVYk=", "narHash": "sha256-agoWZQ/EORRiHiJt0f40GrkJbJEQ/+duCXniu59yOZs=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c4455794bf6b1b498b79acd0ed4ff82bdf0349b9", "rev": "6b29e60a8792b29f4e7db4c28a1e0513ffef5aa3",
"revCount": 401, "revCount": 403,
"type": "git", "type": "git",
"url": "https://git.fudo.org/fudo-nix/home.git" "url": "https://git.fudo.org/fudo-nix/home.git"
}, },
@ -2939,11 +2939,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695108154, "lastModified": 1699748081,
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", "narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "07682fff75d41f18327a871088d20af2710d4744", "rev": "04bac349d585c9df38d78e0285b780a140dc74a4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -3253,11 +3253,11 @@
"niten-doom-config": { "niten-doom-config": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1699638681, "lastModified": 1699894688,
"narHash": "sha256-nfHEoSGTQrPQNFXp+7CljKTP98/CKqrQb049NZ4uPTs=", "narHash": "sha256-Kp0qfQGDkGxkcyk4GL9HBQZcunKBSdOig+8q4NiZKVs=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "7e5e35f66df30db7baa4dbee3f401395a498d99b", "rev": "92718c3f315411abfb7ef623cc4239204dbc4b19",
"revCount": 67, "revCount": 68,
"type": "git", "type": "git",
"url": "https://git.fudo.org/niten/doom-emacs.git" "url": "https://git.fudo.org/niten/doom-emacs.git"
}, },
@ -3351,11 +3351,11 @@
}, },
"nixpkgsUnstable": { "nixpkgsUnstable": {
"locked": { "locked": {
"lastModified": 1699099776, "lastModified": 1699781429,
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=", "narHash": "sha256-UYefjidASiLORAjIvVsUHG6WBtRhM67kTjEY4XfZOFs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb", "rev": "e44462d6021bfe23dfb24b775cc7c390844f773d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -3548,11 +3548,11 @@
}, },
"nixpkgs_21": { "nixpkgs_21": {
"locked": { "locked": {
"lastModified": 1699596684, "lastModified": 1699994397,
"narHash": "sha256-XSXP8zjBZJBVvpNb2WmY0eW8O2ce+sVyj1T0/iBRIvg=", "narHash": "sha256-xxNeIcMNMXH2EA9IAX6Cny+50mvY22LhIBiGZV363gc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73", "rev": "d4b5a67bbe9ef750bd2fdffd4cad400dd5553af8",
"type": "github" "type": "github"
}, },
"original": { "original": {

30
flake.nix
View File

@ -174,6 +174,7 @@
fudo-pkgs.overlays.default fudo-pkgs.overlays.default
fudo-secrets.overlays.default fudo-secrets.overlays.default
fudo-entities.overlays.default fudo-entities.overlays.default
self.overlays.fudoHostConfig
(final: prev: { (final: prev: {
chute = chute.packages.${arch}.chute; chute = chute.packages.${arch}.chute;
chuteUnstable = chuteUnstable.packages.${arch}.chute; chuteUnstable = chuteUnstable.packages.${arch}.chute;
@ -202,7 +203,7 @@
concat-timestamp = timestamp: toInt (substring 0 10 (toString timestamp)); concat-timestamp = timestamp: toInt (substring 0 10 (toString timestamp));
common-host-config = hostname: hostOpts: mkFudoHostConfig = hostname: hostOpts:
let let
config-dir = ./config; config-dir = ./config;
build-timestamp = concat-timestamp latest-modified-timestamp; build-timestamp = concat-timestamp latest-modified-timestamp;
@ -264,18 +265,18 @@
}; };
}; };
nixos-host-config = hostname: hostOpts: mkFudoNixOsSystem = hostname: hostOpts:
let system = hostOpts.arch; let system = hostOpts.arch;
in nixosSystem { in nixosSystem {
inherit system; inherit system;
modules = [ (common-host-config hostname hostOpts) ]; modules = [ (mkFudoHostConfig hostname hostOpts) ];
}; };
nixops-host-config = hostname: hostOpts: mkFudoNixopsHostConfig = hostname: hostOpts:
let zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts; let zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts;
in { in {
imports = [ imports = [
(common-host-config hostname hostOpts) (mkFudoHostConfig hostname hostOpts)
(_: { (_: {
config.deployment.targetHost = config.deployment.targetHost =
@ -285,7 +286,22 @@
}; };
in { in {
nixosConfigurations = mapAttrs nixos-host-config fudo-nixos-hosts; nixosConfigurations = mapAttrs mkFudoNixOsSystem fudo-nixos-hosts;
nixopsHostConfigurations = mapAttrs nixops-host-config fudo-nixos-hosts; nixopsHostConfigurations =
mapAttrs mkFudoNixopsHostConfig fudo-nixos-hosts;
lib = {
inherit mkFudoHostConfig mkFudoNixOsSystem mkFudoNixopsHostConfig;
};
overlays = rec {
default = fudoHostConfig;
fudoHostConfig = (final: prev: {
lib = prev.lib // self.lib;
moduleRegistry = {
authoritativeDns = authoritative-dns.nixosModules.default;
};
});
};
}; };
} }