v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

initial implementation of meta

Browse source
This commit is contained in:
Vivian 2024-01-05 17:30:26 +01:00
parent dfd934873b
commit f156c2396f
7 changed files with 129 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
common/desktop/home.nix
View file

@ -21,7 +21,8 @@ in {
helix helix
inputs.attic.packages.${pkgs.system}.attic inputs.attic.packages.${pkgs.system}.attic
inputs.comma.packages.${pkgs.system}.default inputs.comma.packages.${pkgs.system}.default
inputs.webcord.packages.${pkgs.system}.default # inputs.webcord.packages.${pkgs.system}.default
discord
jetbrains.clion jetbrains.clion
jetbrains.rust-rover jetbrains.rust-rover
kdenlive kdenlive

30
common/modules/dns.nix
View file

@ -1,18 +1,22 @@
{ config, pkgs, lib, hosts, flat_hosts, ... }: { config, pkgs, lib, self, ... }:
# DNS Module to set up Unbound DNS with all my hosts in the config # DNS Module to set up Unbound DNS with all my hosts in the config
# Used for DNS Servers and my laptop # Used for DNS Servers and my laptop
with lib; with lib;
let let
inherit (builtins) filter hasAttr attrNames; inherit (builtins) filter attrValues;
domains = attrNames hosts; domains = [ "hades" "olympus" "thalassa" ];
ipv4Host = filter (hasAttr "ip") flat_hosts; mapConfig = host: {
ipv6Hosts = filter (hasAttr "ip6") flat_hosts; inherit (host.config.networking) hostName domain;
inherit (host.config.meta) ipv4 ipv6;
};
hosts = (map mapConfig (attrValues self.nixosConfigurations));
ipv4Hosts = filter (v: v.ipv4 != null) hosts;
ipv6Hosts = filter (v: v.ipv6 != null) hosts;
localData = { hostname, realm, ip, ... }: ''"${hostname}.${realm}. A ${ip}"''; localData = { hostName, domain, ipv4, ... }: ''"${hostName}.${domain}. A ${ipv4}"'';
local6Data = { hostname, realm, ip6, ... }: local6Data = { hostName, domain, ipv6, ... }: ''"${hostName}.${domain}. AAAA ${ipv6}"'';
''"${hostname}.${realm}. AAAA ${ip6}"''; ptrData = { hostName, domain, ipv4, ... }: ''"${ipv4} ${hostName}.${domain}"'';
ptrData = { hostname, realm, ip, ... }: ''"${ip} ${hostname}.${realm}"''; ptr6Data = { hostName, domain, ipv6, ... }: ''"${ipv6} ${hostName}.${domain}"'';
ptr6Data = { hostname, realm, ip6, ... }: ''"${ip6} ${hostname}.${realm}"'';
cfg = config.services.v.dns; cfg = config.services.v.dns;
in { in {
@ -37,7 +41,7 @@ in {
}; };
mode = mkOption { mode = mkOption {
type = enum [ "server" "laptop" ]; type = types.enum [ "server" "laptop" ];
default = "laptop"; default = "laptop";
description = '' description = ''
Whether to configure the DNS in server mode (listen on all interfaces) or laptop mode (just on localhost) Whether to configure the DNS in server mode (listen on all interfaces) or laptop mode (just on localhost)
@ -69,8 +73,8 @@ in {
local-zone = local-zone =
map (localdomain: ''"${localdomain}}." transparent'') domains; map (localdomain: ''"${localdomain}}." transparent'') domains;
local-data = (map localData ipv4Host) ++ (map local6Data ipv6Hosts); local-data = (map localData ipv4Hosts) ++ (map local6Data ipv6Hosts);
local-data-ptr = (map ptrData ipv4Host) ++ (map ptr6Data ipv6Hosts); local-data-ptr = (map ptrData ipv4Hosts) ++ (map ptr6Data ipv6Hosts);
private-address = [ private-address = [
"127.0.0.0/8" "127.0.0.0/8"

66
common/modules/meta.nix
View file

@ -1,4 +1,4 @@
{ lib, ... }: { lib, config, ... }:
with lib; with lib;
let let
exposesOpts = { exposesOpts = {
@ -6,7 +6,7 @@ let
domain = mkOption { domain = mkOption {
type = types.str; type = types.str;
example = "<name>.example.com"; example = "<name>.example.com";
description = '' description = lib.mdDoc ''
The domain under which this service should be available The domain under which this service should be available
''; '';
}; };
@ -14,30 +14,76 @@ let
type = types.int; type = types.int;
default = 80; default = 80;
example = 4242; example = 4242;
description = '' description = lib.mdDoc ''
The port under which the service runs on the host The port under which the service runs on the host
''; '';
}; };
}; };
}; };
in in {
{
options.meta = { options.meta = {
exposes = mkOption { exposes = mkOption {
type = with types; attrsOf (submodule exposesOpts); type = with types; attrsOf (submodule exposesOpts);
default = { };
description = '' description = ''
Exposed services Exposed services
''; '';
}; };
ipv4 = mkOption { ipv4 = mkOption {
type = types.str; type = types.nullOr types.str;
description = '' default = null;
Own IPv4 Address description = lib.mdDoc ''
Host's IPv4 Address
''; '';
}; };
ipv6 = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Host's IPv6 address
'';
};
mac = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Own MAC Address
'';
};
isLaptop = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Is this host a Laptop (i.e. no DNS entries should be made).
'';
};
realm = mkOption {
readOnly = true;
type = types.nullOr (types.enum [ "thalassa" "hades" "olympus" ]);
default = config.networking.domain;
defaultText = literalExpression "config.network.domain";
};
}; };
config = { }; config = {
# TODO: Open Firewall
assertions = [
{
assertion = config.meta.mac != null;
message =
"${config.networking.fqdnOrHostName} is missing a mac address";
}
{
assertion = !config.meta.isLaptop -> config.meta.ipv4 != null;
message =
"${config.networking.fqdnOrHostName} needs ipv4 address set as it is not a laptop";
}
];
};
} }

24
flake.lock generated
View file

@ -820,11 +820,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1704358952, "lastModified": 1704383912,
"narHash": "sha256-yazDFmdyKr0JGMqmzQ5bYOW5FWvau8oFvsQ8eSB2f3A=", "narHash": "sha256-Be7O73qoOj/z+4ZCgizdLlu+5BkVvO2KO299goZ9cW8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c36cb65c4a0ba17ab9262ab3c30920429348746c", "rev": "26b8adb300e50efceb51fff6859a1a6ba1ade4f7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1051,11 +1051,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1704266875, "lastModified": 1704458188,
"narHash": "sha256-luA5SGmeIRZlgLfSLUuR3eacS63q2bJ0Yywqak5lj3E=", "narHash": "sha256-f6BYEuIqnbrs6J/9m1/1VdkJ6d63hO9kUC09kTPuOqE=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "8e34f33464d77bea2d5cf7dc1066647b1ad2b324", "rev": "172385318068519900a7d71c1024242fa6af75f0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1420,11 +1420,11 @@
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1704356551, "lastModified": 1704466181,
"narHash": "sha256-CIznfohcfLRrjRC03QW+tiDeYrJ+Pw10Ny8KPXex1RU=", "narHash": "sha256-ZpH8AkzTqai8zdBOVls8hQZnYg3ld94u7/qrQAlEfwI=",
"owner": "pta2002", "owner": "pta2002",
"repo": "nixvim", "repo": "nixvim",
"rev": "10d114f5a6e0a9591d13a28a92905e71cc100b39", "rev": "1f1065df1efa716686b9357b4b5e0e4fa4a0af7e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1435,11 +1435,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1704378556, "lastModified": 1704467118,
"narHash": "sha256-sdx3IXUOwBMn0l5gUyfULiQRTBUcOq+6dLnHERYnEMY=", "narHash": "sha256-qhN9zdFKZ4x3KOB0hPx6zxz+lyQHX4UMK//WdbF4fj0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "482244aa0deb5d2d86326859633ee6e2872cb500", "rev": "784b598b006e691690283effc8e56115eae99bc8",
"type": "github" "type": "github"
}, },
"original": { "original": {

37
flake.nix
View file

@ -55,7 +55,11 @@
outputs = { self, nixpkgs, nixpkgs_stable, flake-utils-plus, nur, attic outputs = { self, nixpkgs, nixpkgs_stable, flake-utils-plus, nur, attic
, deploy, home-manager, gnome-autounlock-keyring, lanzaboote, ... }@inputs: , deploy, home-manager, gnome-autounlock-keyring, lanzaboote, ... }@inputs:
let pkgs = self.pkgs.x86_64-linux.nixpkgs; let
pkgs = self.pkgs.x86_64-linux.nixpkgs;
apply-local = pkgs.writeShellScriptBin "apply-local" ''
deploy ".#$(cat /etc/hostname)" -s
'';
in flake-utils-plus.lib.mkFlake { in flake-utils-plus.lib.mkFlake {
# `self` and `inputs` arguments are required # `self` and `inputs` arguments are required
inherit self inputs; inherit self inputs;
@ -76,13 +80,13 @@
./common ./common
]; ];
specialArgs = { inherit inputs; }; specialArgs = { inherit self inputs; };
}; };
# hosts # hosts
hosts = { hosts = {
# TODO: Figure out why this is reversed, and how/why it sets the FQDN
"bastion.olympus" = { "olympus.bastion" = {
modules = [ ./common/generic-vm.nix ./hosts/olympus/bastion ]; modules = [ ./common/generic-vm.nix ./hosts/olympus/bastion ];
}; };
@ -99,14 +103,14 @@
deploy = { deploy = {
user = "root"; user = "root";
nodes = { nodes = {
"bastion.olympus" = { "bastion-olympus" = {
hostname = "olympus.0x76.dev"; hostname = "bastion.olympus";
fastConnection = true; fastConnection = true;
remoteBuild = true; remoteBuild = true;
profiles = { profiles = {
system = { system = {
path = deploy.lib.x86_64-linux.activate.nixos path = deploy.lib.x86_64-linux.activate.nixos
self.nixosConfigurations."bastion.olympus"; self.nixosConfigurations."olympus.bastion";
}; };
}; };
}; };
@ -121,14 +125,15 @@
}; };
}; };
# Outputs # Outputs
outputsBuilder = channels: { outputsBuilder = channels: {
devShells.default = channels.nixpkgs.mkShell { devShells.default = channels.nixpkgs.mkShell {
name = "devShell"; name = "devShell";
VAULT_ADDR = "http://vault.olympus:8200/"; VAULT_ADDR = "http://vault.olympus:8200/";
packages = with pkgs; [ packages = with pkgs; [
attic.packages.${pkgs.system}.attic attic.packages.${system}.attic
# apply-local apply-local
deploy.packages.${system}.deploy-rs deploy.packages.${system}.deploy-rs
deadnix deadnix
statix statix
@ -149,7 +154,17 @@
# Checks # Checks
checks = builtins.mapAttrs checks = builtins.mapAttrs
(system: deployLib: deployLib.deployChecks self.deploy) deploy.lib; (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib // {
x86_64-linux.mac = pkgs.stdenvNoCC.mkDerivation {
name = "mac check";
src = self;
dontBuild = true;
doCheck = true;
checkPhase = ''
echo "Hello World"
'';
installPhase = "mkdir $out";
};
};
}; };
} }

6
hosts/olympus/bastion/default.nix
View file

@ -12,6 +12,12 @@
programs.nix-ld.enable = true; programs.nix-ld.enable = true;
meta = {
ipv4 = "10.42.42.4";
ipv6 = "2001:41f0:9639:1:80f0:7cff:fecb:bd6d";
mac = "82:F0:7C:CB:BD:6D";
};
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";

11
hosts/thalassa/aoife/default.nix
View file

@ -2,13 +2,20 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ inputs, lib, ... }: { { inputs, lib, self, ... }:
let test = self.nixosConfigurations."bastion.olympus".config;
in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z
./hardware.nix ./hardware.nix
]; ];
meta = {
mac = "04:7b:cb:b6:2d:88";
isLaptop = true;
};
# Bootloader. # Bootloader.
boot = { boot = {
bootspec.enable = true; bootspec.enable = true;
@ -31,6 +38,8 @@
# Enable Ozone rendering for Chromium and Electron apps. # Enable Ozone rendering for Chromium and Electron apps.
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.sessionVariables.myself = builtins.toJSON test;
# environment.sessionVariables.INFRA_INFO = self; # hosts.${config.networking.domain}.${config.networking.hostName}; # environment.sessionVariables.INFRA_INFO = self; # hosts.${config.networking.domain}.${config.networking.hostName};