From f156c2396ff07d140f6f0dbcdd33ab4ba273d00c Mon Sep 17 00:00:00 2001 From: Vivian Date: Fri, 5 Jan 2024 17:30:26 +0100 Subject: [PATCH] initial implementation of meta --- common/desktop/home.nix | 3 +- common/modules/dns.nix | 30 ++++++++------ common/modules/meta.nix | 66 ++++++++++++++++++++++++++----- flake.lock | 24 +++++------ flake.nix | 37 +++++++++++------ hosts/olympus/bastion/default.nix | 6 +++ hosts/thalassa/aoife/default.nix | 11 +++++- 7 files changed, 129 insertions(+), 48 deletions(-) diff --git a/common/desktop/home.nix b/common/desktop/home.nix index 7032f2d1..8734620a 100644 --- a/common/desktop/home.nix +++ b/common/desktop/home.nix @@ -21,7 +21,8 @@ in { helix inputs.attic.packages.${pkgs.system}.attic inputs.comma.packages.${pkgs.system}.default - inputs.webcord.packages.${pkgs.system}.default + # inputs.webcord.packages.${pkgs.system}.default + discord jetbrains.clion jetbrains.rust-rover kdenlive diff --git a/common/modules/dns.nix b/common/modules/dns.nix index 056ea3aa..674d6e54 100644 --- a/common/modules/dns.nix +++ b/common/modules/dns.nix @@ -1,18 +1,22 @@ -{ config, pkgs, lib, hosts, flat_hosts, ... }: +{ config, pkgs, lib, self, ... }: # DNS Module to set up Unbound DNS with all my hosts in the config # Used for DNS Servers and my laptop with lib; let - inherit (builtins) filter hasAttr attrNames; - domains = attrNames hosts; - ipv4Host = filter (hasAttr "ip") flat_hosts; - ipv6Hosts = filter (hasAttr "ip6") flat_hosts; + inherit (builtins) filter attrValues; + domains = [ "hades" "olympus" "thalassa" ]; + mapConfig = host: { + inherit (host.config.networking) hostName domain; + inherit (host.config.meta) ipv4 ipv6; + }; + hosts = (map mapConfig (attrValues self.nixosConfigurations)); + ipv4Hosts = filter (v: v.ipv4 != null) hosts; + ipv6Hosts = filter (v: v.ipv6 != null) hosts; - localData = { hostname, realm, ip, ... }: ''"${hostname}.${realm}. A ${ip}"''; - local6Data = { hostname, realm, ip6, ... }: - ''"${hostname}.${realm}. AAAA ${ip6}"''; - ptrData = { hostname, realm, ip, ... }: ''"${ip} ${hostname}.${realm}"''; - ptr6Data = { hostname, realm, ip6, ... }: ''"${ip6} ${hostname}.${realm}"''; + localData = { hostName, domain, ipv4, ... }: ''"${hostName}.${domain}. A ${ipv4}"''; + local6Data = { hostName, domain, ipv6, ... }: ''"${hostName}.${domain}. AAAA ${ipv6}"''; + ptrData = { hostName, domain, ipv4, ... }: ''"${ipv4} ${hostName}.${domain}"''; + ptr6Data = { hostName, domain, ipv6, ... }: ''"${ipv6} ${hostName}.${domain}"''; cfg = config.services.v.dns; in { @@ -37,7 +41,7 @@ in { }; mode = mkOption { - type = enum [ "server" "laptop" ]; + type = types.enum [ "server" "laptop" ]; default = "laptop"; description = '' Whether to configure the DNS in server mode (listen on all interfaces) or laptop mode (just on localhost) @@ -69,8 +73,8 @@ in { local-zone = map (localdomain: ''"${localdomain}}." transparent'') domains; - local-data = (map localData ipv4Host) ++ (map local6Data ipv6Hosts); - local-data-ptr = (map ptrData ipv4Host) ++ (map ptr6Data ipv6Hosts); + local-data = (map localData ipv4Hosts) ++ (map local6Data ipv6Hosts); + local-data-ptr = (map ptrData ipv4Hosts) ++ (map ptr6Data ipv6Hosts); private-address = [ "127.0.0.0/8" diff --git a/common/modules/meta.nix b/common/modules/meta.nix index 639d212d..7b1a372e 100644 --- a/common/modules/meta.nix +++ b/common/modules/meta.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ lib, config, ... }: with lib; let exposesOpts = { @@ -6,7 +6,7 @@ let domain = mkOption { type = types.str; example = ".example.com"; - description = '' + description = lib.mdDoc '' The domain under which this service should be available ''; }; @@ -14,30 +14,76 @@ let type = types.int; default = 80; example = 4242; - description = '' + description = lib.mdDoc '' The port under which the service runs on the host ''; }; }; }; -in -{ +in { options.meta = { - exposes = mkOption { type = with types; attrsOf (submodule exposesOpts); + default = { }; description = '' Exposed services ''; }; ipv4 = mkOption { - type = types.str; - description = '' - Own IPv4 Address + type = types.nullOr types.str; + default = null; + description = lib.mdDoc '' + Host's IPv4 Address ''; }; + + ipv6 = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc '' + Host's IPv6 address + ''; + }; + + mac = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc '' + Own MAC Address + ''; + }; + + isLaptop = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Is this host a Laptop (i.e. no DNS entries should be made). + ''; + }; + + realm = mkOption { + readOnly = true; + type = types.nullOr (types.enum [ "thalassa" "hades" "olympus" ]); + default = config.networking.domain; + defaultText = literalExpression "config.network.domain"; + }; }; - config = { }; + config = { + # TODO: Open Firewall + + assertions = [ + { + assertion = config.meta.mac != null; + message = + "${config.networking.fqdnOrHostName} is missing a mac address"; + } + { + assertion = !config.meta.isLaptop -> config.meta.ipv4 != null; + message = + "${config.networking.fqdnOrHostName} needs ipv4 address set as it is not a laptop"; + } + ]; + }; } diff --git a/flake.lock b/flake.lock index de9c1bcd..9625e30b 100644 --- a/flake.lock +++ b/flake.lock @@ -820,11 +820,11 @@ ] }, "locked": { - "lastModified": 1704358952, - "narHash": "sha256-yazDFmdyKr0JGMqmzQ5bYOW5FWvau8oFvsQ8eSB2f3A=", + "lastModified": 1704383912, + "narHash": "sha256-Be7O73qoOj/z+4ZCgizdLlu+5BkVvO2KO299goZ9cW8=", "owner": "nix-community", "repo": "home-manager", - "rev": "c36cb65c4a0ba17ab9262ab3c30920429348746c", + "rev": "26b8adb300e50efceb51fff6859a1a6ba1ade4f7", "type": "github" }, "original": { @@ -1051,11 +1051,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1704266875, - "narHash": "sha256-luA5SGmeIRZlgLfSLUuR3eacS63q2bJ0Yywqak5lj3E=", + "lastModified": 1704458188, + "narHash": "sha256-f6BYEuIqnbrs6J/9m1/1VdkJ6d63hO9kUC09kTPuOqE=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "8e34f33464d77bea2d5cf7dc1066647b1ad2b324", + "rev": "172385318068519900a7d71c1024242fa6af75f0", "type": "github" }, "original": { @@ -1420,11 +1420,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1704356551, - "narHash": "sha256-CIznfohcfLRrjRC03QW+tiDeYrJ+Pw10Ny8KPXex1RU=", + "lastModified": 1704466181, + "narHash": "sha256-ZpH8AkzTqai8zdBOVls8hQZnYg3ld94u7/qrQAlEfwI=", "owner": "pta2002", "repo": "nixvim", - "rev": "10d114f5a6e0a9591d13a28a92905e71cc100b39", + "rev": "1f1065df1efa716686b9357b4b5e0e4fa4a0af7e", "type": "github" }, "original": { @@ -1435,11 +1435,11 @@ }, "nur": { "locked": { - "lastModified": 1704378556, - "narHash": "sha256-sdx3IXUOwBMn0l5gUyfULiQRTBUcOq+6dLnHERYnEMY=", + "lastModified": 1704467118, + "narHash": "sha256-qhN9zdFKZ4x3KOB0hPx6zxz+lyQHX4UMK//WdbF4fj0=", "owner": "nix-community", "repo": "NUR", - "rev": "482244aa0deb5d2d86326859633ee6e2872cb500", + "rev": "784b598b006e691690283effc8e56115eae99bc8", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7c886e89..11848e33 100644 --- a/flake.nix +++ b/flake.nix @@ -55,7 +55,11 @@ outputs = { self, nixpkgs, nixpkgs_stable, flake-utils-plus, nur, attic , deploy, home-manager, gnome-autounlock-keyring, lanzaboote, ... }@inputs: - let pkgs = self.pkgs.x86_64-linux.nixpkgs; + let + pkgs = self.pkgs.x86_64-linux.nixpkgs; + apply-local = pkgs.writeShellScriptBin "apply-local" '' + deploy ".#$(cat /etc/hostname)" -s + ''; in flake-utils-plus.lib.mkFlake { # `self` and `inputs` arguments are required inherit self inputs; @@ -76,13 +80,13 @@ ./common ]; - specialArgs = { inherit inputs; }; + specialArgs = { inherit self inputs; }; }; # hosts hosts = { - - "bastion.olympus" = { + # TODO: Figure out why this is reversed, and how/why it sets the FQDN + "olympus.bastion" = { modules = [ ./common/generic-vm.nix ./hosts/olympus/bastion ]; }; @@ -99,14 +103,14 @@ deploy = { user = "root"; nodes = { - "bastion.olympus" = { - hostname = "olympus.0x76.dev"; + "bastion-olympus" = { + hostname = "bastion.olympus"; fastConnection = true; remoteBuild = true; profiles = { system = { path = deploy.lib.x86_64-linux.activate.nixos - self.nixosConfigurations."bastion.olympus"; + self.nixosConfigurations."olympus.bastion"; }; }; }; @@ -121,14 +125,15 @@ }; }; + # Outputs outputsBuilder = channels: { devShells.default = channels.nixpkgs.mkShell { name = "devShell"; VAULT_ADDR = "http://vault.olympus:8200/"; packages = with pkgs; [ - attic.packages.${pkgs.system}.attic - # apply-local + attic.packages.${system}.attic + apply-local deploy.packages.${system}.deploy-rs deadnix statix @@ -149,7 +154,17 @@ # Checks checks = builtins.mapAttrs - (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib; + (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib // { + x86_64-linux.mac = pkgs.stdenvNoCC.mkDerivation { + name = "mac check"; + src = self; + dontBuild = true; + doCheck = true; + checkPhase = '' + echo "Hello World" + ''; + installPhase = "mkdir $out"; + }; + }; }; - } diff --git a/hosts/olympus/bastion/default.nix b/hosts/olympus/bastion/default.nix index a6b2908a..841ca474 100644 --- a/hosts/olympus/bastion/default.nix +++ b/hosts/olympus/bastion/default.nix @@ -12,6 +12,12 @@ programs.nix-ld.enable = true; + meta = { + ipv4 = "10.42.42.4"; + ipv6 = "2001:41f0:9639:1:80f0:7cff:fecb:bd6d"; + mac = "82:F0:7C:CB:BD:6D"; + }; + # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; diff --git a/hosts/thalassa/aoife/default.nix b/hosts/thalassa/aoife/default.nix index ddeb1fe8..e8f7e05e 100644 --- a/hosts/thalassa/aoife/default.nix +++ b/hosts/thalassa/aoife/default.nix @@ -2,13 +2,20 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ inputs, lib, ... }: { +{ inputs, lib, self, ... }: +let test = self.nixosConfigurations."bastion.olympus".config; +in { imports = [ ./hardware-configuration.nix inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z ./hardware.nix ]; + meta = { + mac = "04:7b:cb:b6:2d:88"; + isLaptop = true; + }; + # Bootloader. boot = { bootspec.enable = true; @@ -31,6 +38,8 @@ # Enable Ozone rendering for Chromium and Electron apps. environment.sessionVariables.NIXOS_OZONE_WL = "1"; + environment.sessionVariables.myself = builtins.toJSON test; + # environment.sessionVariables.INFRA_INFO = self; # hosts.${config.networking.domain}.${config.networking.hostName};