From 51fcf8609bfd3b9585fb0dc3aabfad2a2c623267 Mon Sep 17 00:00:00 2001
From: nostoromo root <root@nostromo.fudo.org>
Date: Sat, 20 Jun 2020 15:36:00 -0700
Subject: [PATCH] Local changes
---
fudo/sites/seattle.nix | 7 ++--
hosts/nostromo.nix | 75 ++++++++++++++++++------------------------
2 files changed, 37 insertions(+), 45 deletions(-)
diff --git a/fudo/sites/seattle.nix b/fudo/sites/seattle.nix
index d284f29..83788cd 100644
--- a/fudo/sites/seattle.nix
+++ b/fudo/sites/seattle.nix
@@ -28,10 +28,13 @@ in {
firewall.enable = false;
nameservers = nameservers;
- defaultGateway = gateway;
+ # Don't set the gateway if we ARE the gateway.
+ # This is the most generic way I can think of to do that. local-network is really
+ # about running all the local servers (DNS, DHCP, and providing gateway).
+ defaultGateway = optionalString (config.fudo.local-network.enable != true) gateway;
# Until Comcast gets it's shit together... :(
- enableIPv6 = false;
+ enableIPv6 = true;
};
users.extraUsers = {
diff --git a/hosts/nostromo.nix b/hosts/nostromo.nix
index d2cd4ec..32d2831 100644
--- a/hosts/nostromo.nix
+++ b/hosts/nostromo.nix
@@ -3,7 +3,6 @@
let
hostname = "nostromo.sea.fudo.org";
host-internal-ip = "10.0.0.1";
- local-gateway = "10.0.0.1";
inherit (lib.strings) concatStringsSep;
in {
@@ -30,7 +29,7 @@ in {
enable = true;
# See fudo/sites/seattle.nix for general settings
dns-servers = [ host-internal-ip ];
- gateway = local-gateway;
+ gateway = host-internal-ip;
dhcp-interfaces = [ "intif0" ];
dns-serve-ips = [ host-internal-ip "127.0.0.1" "127.0.1.1" ];
# Using a pihole running in docker, see below
@@ -39,27 +38,21 @@ in {
server-ip = host-internal-ip;
};
+ fudo.slynk = {
+ enable = true;
+ };
+
networking = {
hostName = hostname;
- # defaultGateway = local-gateway;
-
nameservers = [ host-internal-ip ];
- # Turn off for hypervisor: dhcp by default everywhere is a fuckin pain.
- #dhcpcd.enable = true;
-
# Create a bridge for VMs to use
macvlans = {
intif0 = {
interface = "eno1";
mode = "bridge";
};
-
- # extif0 = {
- # interface = "eno2";
- # mode = "bridge";
- # };
};
interfaces = {
@@ -73,7 +66,6 @@ in {
eno2.useDHCP = true;
-
intif0 = {
useDHCP = false;
macAddress = "46:54:76:06:f1:10";
@@ -88,10 +80,6 @@ in {
}
];
};
-
- # extif0 = {
- # useDHCP = true;
- # };
};
nat = {
@@ -121,6 +109,7 @@ in {
};
environment.systemPackages = with pkgs; [
+ dnsproxy
libguestfs-with-appliance
libvirt
virtmanager
@@ -159,9 +148,9 @@ in {
"/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
];
# TODO: DNS-over-HTTPS via cloudflared
- extraDockerOptions = [
- "--dns=1.1.1.1"
- ];
+ # extraDockerOptions = [
+ # "--dns=1.1.1.1"
+ # ];
};
};
@@ -199,32 +188,32 @@ in {
};
};
- ceph = {
- enable = true;
+ # ceph = {
+ # enable = true;
- global = {
- clusterName = "sea-data";
- clusterNetwork = "10.0.10.0/24";
- fsid = "d443e192-896d-4102-a60f-f8f0777eb2a3";
- monHost = "10.0.10.2";
- monInitialMembers = "mon-1";
- publicNetwork = "10.0.0.0/22";
- };
+ # global = {
+ # clusterName = "sea-data";
+ # clusterNetwork = "10.0.10.0/24";
+ # fsid = "d443e192-896d-4102-a60f-f8f0777eb2a3";
+ # monHost = "10.0.10.2";
+ # monInitialMembers = "mon-1";
+ # publicNetwork = "10.0.0.0/22";
+ # };
- mds = {
- enable = true;
- daemons = ["srv-2"];
- };
+ # mds = {
+ # enable = true;
+ # daemons = ["srv-2"];
+ # };
- mgr = {
- enable = true;
- daemons = ["srv-2"];
- };
+ # mgr = {
+ # enable = true;
+ # daemons = ["srv-2"];
+ # };
- mon = {
- enable = true;
- daemons = ["srv-2"];
- };
- };
+ # mon = {
+ # enable = true;
+ # daemons = ["srv-2"];
+ # };
+ # };
};
}