nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Working vm-nameserver

This commit is contained in:
niten 2023-11-15 12:22:14 -08:00
parent 5f7ff14550
commit 44589ddc77
5 changed files with 177 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
config/hardware/system3.nix
View File

@ -1,8 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
let
let inherit (config.instance) hostname;
in {
system.stateVersion = "21.11";
@ -116,10 +115,8 @@ in {
};
interfaces = {
intif0 = {
# output of: echo lambda-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
macAddress = "02:0d:df:2d:46:90";
};
intif0.macAddress =
pkgs.lib.network.generate-mac-address hostname "intif0";
};
};

176
config/host-config/system3.nix
View File

@ -1,70 +1,140 @@
{ config, lib, pkgs, ... }:
with lib;
let state-dir = "/state";
let
state-dir = "/state";
inherit (config.instance) hostname;
vmConfig = { pkgs, lib, ... }: {
config = {
containers.tester = {
autoStart = true;
# hostAddress = "10.0.0.14";
additionalCapabilities = [ "CAP_NET_ADMIN" ];
# privateNetwork = true;
macvlans = [ "enp7s0" ];
# hostBridge = "tester0";
config = {
imports = [ pkgs.moduleRegistry.authoritativeDns ];
services.openssh.enable = true;
users.users.niten = config.users.users.niten;
services.authoritative-dns = {
enable = true;
identity = "ns.sea.fudo.org";
listen-ips = [ "10.0.0.14" ];
state-directory = "/var/lib/nsd";
timestamp = toString config.instance.build-timestamp;
domains = {
"sea.fudo.org" = { zone = config.fudo.zones."sea.fudo.org"; };
};
};
networking = {
defaultGateway = pkgs.lib.getHostGatewayV4 hostname;
firewall = {
enable = true;
allowedTCPPorts = [ 22 53 ];
allowedUDPPorts = [ 53 ];
};
interfaces = {
mv-enp7s0.ipv4.addresses = [{
address = "10.0.0.14";
prefixLength = 24;
}];
};
};
};
};
};
};
in {
fudo = {
slynk.enable = true;
wallfly.location = "office";
};
imports = [ vmConfig ];
networking = {
interfaces.intif0.useDHCP = true;
firewall.enable = false;
};
config = {
fudo = {
slynk.enable = true;
wallfly.location = "office";
};
systemd.tmpfiles.rules = [
"L /root/.gnupg - - - - ${state-dir}/user/root/gnupg"
"L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa"
"L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub"
"L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts"
"L /var/lib/flatpak - - - - ${state-dir}/lib/flatpak"
"L /etc/adjtime - - - - ${state-dir}/etc/adjtime"
"d ${state-dir}/lib/cups 755 root root - -"
];
networking = {
defaultGateway = {
address = pkgs.lib.getHostGatewayV4 hostname;
interface = "intif0";
};
services = {
blueman.enable = true;
interfaces = {
intif0 = {
ipv4.addresses = [{
address = pkgs.lib.getHostIpv4 hostname;
prefixLength = 16;
}];
};
# intif1.ipv4.addresses = [{
# address = "10.0.0.14";
# prefixLength = 32;
# }];
};
firewall.enable = false;
};
openssh.hostKeys = [
{
path = "${state-dir}/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
{
path = "${state-dir}/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
systemd.tmpfiles.rules = [
"L /root/.gnupg - - - - ${state-dir}/user/root/gnupg"
"L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa"
"L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub"
"L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts"
"L /var/lib/flatpak - - - - ${state-dir}/lib/flatpak"
"L /etc/adjtime - - - - ${state-dir}/etc/adjtime"
"d ${state-dir}/lib/cups 755 root root - -"
];
};
fileSystems = {
"/var/lib/cups" = {
device = "${state-dir}/lib/cups";
options = [ "bind" ];
services = {
blueman.enable = true;
openssh.hostKeys = [
{
path = "${state-dir}/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
{
path = "${state-dir}/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
};
fonts.fontconfig = {
hinting = {
enable = true;
style = "hintfull";
fileSystems = {
"/var/lib/cups" = {
device = "${state-dir}/lib/cups";
options = [ "bind" ];
};
};
subpixel.lcdfilter = "default";
antialias = true;
};
environment.etc = {
nixos.source = "/etc/nixos-live";
NIXOS.source = "${state-dir}/etc/NIXOS";
};
hardware = {
bluetooth = {
enable = true;
package = pkgs.bluezFull;
fonts.fontconfig = {
hinting = {
enable = true;
style = "hintfull";
};
subpixel.lcdfilter = "default";
antialias = true;
};
environment.etc = {
nixos.source = "/etc/nixos-live";
NIXOS.source = "${state-dir}/etc/NIXOS";
};
hardware = {
bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
xpadneo.enable = true;
};
xpadneo.enable = true;
};
}

15
config/service/local-network.nix
View File

@ -99,7 +99,7 @@ in {
config = mkIf (site.local-gateway != null) (let
host-ipv4 = pkgs.lib.network.host-ipv4 config;
gateway-host = site.local-gateway;
gateway-host = site.local-gateway;
nameserver-host = gateway-host;
gateway-ip = host-ipv4 gateway-host;
nameserver-ip = host-ipv4 gateway-host;
@ -140,8 +140,7 @@ in {
zones.${zone-name} = {
aliases = {
${agp.http-host-alias} = optionalAttrs (agp.enable)
(fqdn gateway-host);
"${agp.http-host-alias}" = mkIf (agp.enable) (fqdn gateway-host);
ns = (fqdn nameserver-host);
gw = (fqdn gateway-host);
};
@ -151,9 +150,7 @@ in {
nameserver.ipv4-address = nameserver-ip;
};
nameservers = [
"nameserver"
];
nameservers = [ "nameserver" ];
srv-records = {
tcp.domain = [{
@ -173,8 +170,10 @@ in {
dns-servers = [ nameserver-ip ];
gateway = gateway-ip;
dhcp-interfaces = cfg.internal-interfaces;
dns-listen-ips = optionals is-gateway [ nameserver-ip "127.0.0.1" "127.0.1.1" ];
dns-listen-ipv6s = optionals (is-gateway && config.networking.enableIPv6) [ "::1" ];
dns-listen-ips =
optionals is-gateway [ nameserver-ip "127.0.0.1" "127.0.1.1" ];
dns-listen-ipv6s =
optionals (is-gateway && config.networking.enableIPv6) [ "::1" ];
recursive-resolver = if agp.enable then {
host = "127.0.0.1";
port = agp.dns-listen-port;

42
flake.lock
View File

@ -2234,11 +2234,11 @@
]
},
"locked": {
"lastModified": 1699558182,
"narHash": "sha256-kWbn5DqGLUtdV2nFmVIQ9w6HExqHuYSi3stK+auWtz8=",
"lastModified": 1699981257,
"narHash": "sha256-6ChJQ12nQDOEKiEJKP9FgeChlpsd/+CClYyCotk6sg8=",
"ref": "refs/heads/master",
"rev": "4688003535cb66705e772141ce9df0fd589056a1",
"revCount": 187,
"rev": "16e3ad53e9b707a8c7903f2a5bb9a19c65214829",
"revCount": 192,
"type": "git",
"url": "https://git.fudo.org/fudo-nix/entities.git"
},
@ -2259,11 +2259,11 @@
]
},
"locked": {
"lastModified": 1699638724,
"narHash": "sha256-E0iO/2oenWuG+hwivnVEEJGA2H94e32Ciz3L/1gbVYk=",
"lastModified": 1699903682,
"narHash": "sha256-agoWZQ/EORRiHiJt0f40GrkJbJEQ/+duCXniu59yOZs=",
"ref": "refs/heads/master",
"rev": "c4455794bf6b1b498b79acd0ed4ff82bdf0349b9",
"revCount": 401,
"rev": "6b29e60a8792b29f4e7db4c28a1e0513ffef5aa3",
"revCount": 403,
"type": "git",
"url": "https://git.fudo.org/fudo-nix/home.git"
},
@ -2939,11 +2939,11 @@
]
},
"locked": {
"lastModified": 1695108154,
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
"lastModified": 1699748081,
"narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "07682fff75d41f18327a871088d20af2710d4744",
"rev": "04bac349d585c9df38d78e0285b780a140dc74a4",
"type": "github"
},
"original": {
@ -3253,11 +3253,11 @@
"niten-doom-config": {
"flake": false,
"locked": {
"lastModified": 1699638681,
"narHash": "sha256-nfHEoSGTQrPQNFXp+7CljKTP98/CKqrQb049NZ4uPTs=",
"lastModified": 1699894688,
"narHash": "sha256-Kp0qfQGDkGxkcyk4GL9HBQZcunKBSdOig+8q4NiZKVs=",
"ref": "refs/heads/master",
"rev": "7e5e35f66df30db7baa4dbee3f401395a498d99b",
"revCount": 67,
"rev": "92718c3f315411abfb7ef623cc4239204dbc4b19",
"revCount": 68,
"type": "git",
"url": "https://git.fudo.org/niten/doom-emacs.git"
},
@ -3351,11 +3351,11 @@
},
"nixpkgsUnstable": {
"locked": {
"lastModified": 1699099776,
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
"lastModified": 1699781429,
"narHash": "sha256-UYefjidASiLORAjIvVsUHG6WBtRhM67kTjEY4XfZOFs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
"rev": "e44462d6021bfe23dfb24b775cc7c390844f773d",
"type": "github"
},
"original": {
@ -3548,11 +3548,11 @@
},
"nixpkgs_21": {
"locked": {
"lastModified": 1699596684,
"narHash": "sha256-XSXP8zjBZJBVvpNb2WmY0eW8O2ce+sVyj1T0/iBRIvg=",
"lastModified": 1699994397,
"narHash": "sha256-xxNeIcMNMXH2EA9IAX6Cny+50mvY22LhIBiGZV363gc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73",
"rev": "d4b5a67bbe9ef750bd2fdffd4cad400dd5553af8",
"type": "github"
},
"original": {

30
flake.nix
View File

@ -174,6 +174,7 @@
fudo-pkgs.overlays.default
fudo-secrets.overlays.default
fudo-entities.overlays.default
self.overlays.fudoHostConfig
(final: prev: {
chute = chute.packages.${arch}.chute;
chuteUnstable = chuteUnstable.packages.${arch}.chute;
@ -202,7 +203,7 @@
concat-timestamp = timestamp: toInt (substring 0 10 (toString timestamp));
common-host-config = hostname: hostOpts:
mkFudoHostConfig = hostname: hostOpts:
let
config-dir = ./config;
build-timestamp = concat-timestamp latest-modified-timestamp;
@ -264,18 +265,18 @@
};
};
nixos-host-config = hostname: hostOpts:
mkFudoNixOsSystem = hostname: hostOpts:
let system = hostOpts.arch;
in nixosSystem {
inherit system;
modules = [ (common-host-config hostname hostOpts) ];
modules = [ (mkFudoHostConfig hostname hostOpts) ];
};
nixops-host-config = hostname: hostOpts:
mkFudoNixopsHostConfig = hostname: hostOpts:
let zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts;
in {
imports = [
(common-host-config hostname hostOpts)
(mkFudoHostConfig hostname hostOpts)
(_: {
config.deployment.targetHost =
@ -285,7 +286,22 @@
};
in {
nixosConfigurations = mapAttrs nixos-host-config fudo-nixos-hosts;
nixopsHostConfigurations = mapAttrs nixops-host-config fudo-nixos-hosts;
nixosConfigurations = mapAttrs mkFudoNixOsSystem fudo-nixos-hosts;
nixopsHostConfigurations =
mapAttrs mkFudoNixopsHostConfig fudo-nixos-hosts;
lib = {
inherit mkFudoHostConfig mkFudoNixOsSystem mkFudoNixopsHostConfig;
};
overlays = rec {
default = fudoHostConfig;
fudoHostConfig = (final: prev: {
lib = prev.lib // self.lib;
moduleRegistry = {
authoritativeDns = authoritative-dns.nixosModules.default;
};
});
};
};
}