v
/
infrastructure
1
0
Fork 0
Code Issues 13 Pull Requests 1 Actions Packages Projects Releases Activity

Compare commits

base: v:9f943fa7d2a48d277800bf7a15fc18f31d458ecb
Branches Tags
v:main
v:new
v:reboot
v:renovate/renovate-renovate-37.x
...
compare: v:0dec077ddfe37919da4f35385f6ae63d7ed893f9
Branches Tags
v:main
v:new
v:reboot
v:renovate/renovate-renovate-37.x

2 Commits
9f943fa7d2 ... 0dec077ddf

Author SHA1 Message Date
Vivian 0dec077ddf update lock
Lint / lint (push) Failing after 2m14s Details
2024-01-08 10:55:23 +01:00
Vivian 1fbff29d2a initial implementation of meta 2024-01-05 17:30:26 +01:00
7 changed files with 178 additions and 122 deletions
Show Stats Expand all files Collapse all files

3
common/desktop/home.nix
View File

@ -21,7 +21,8 @@ in {
helix
inputs.attic.packages.${pkgs.system}.attic
inputs.comma.packages.${pkgs.system}.default
inputs.webcord.packages.${pkgs.system}.default
# inputs.webcord.packages.${pkgs.system}.default
discord
jetbrains.clion
jetbrains.rust-rover
kdenlive

30
common/modules/dns.nix
View File

@ -1,18 +1,22 @@
{ config, pkgs, lib, hosts, flat_hosts, ... }:
{ config, pkgs, lib, self, ... }:
# DNS Module to set up Unbound DNS with all my hosts in the config
# Used for DNS Servers and my laptop
with lib;
let
inherit (builtins) filter hasAttr attrNames;
domains = attrNames hosts;
ipv4Host = filter (hasAttr "ip") flat_hosts;
ipv6Hosts = filter (hasAttr "ip6") flat_hosts;
inherit (builtins) filter attrValues;
domains = [ "hades" "olympus" "thalassa" ];
mapConfig = host: {
inherit (host.config.networking) hostName domain;
inherit (host.config.meta) ipv4 ipv6;
};
hosts = (map mapConfig (attrValues self.nixosConfigurations));
ipv4Hosts = filter (v: v.ipv4 != null) hosts;
ipv6Hosts = filter (v: v.ipv6 != null) hosts;
localData = { hostname, realm, ip, ... }: ''"${hostname}.${realm}. A ${ip}"'';
local6Data = { hostname, realm, ip6, ... }:
''"${hostname}.${realm}. AAAA ${ip6}"'';
ptrData = { hostname, realm, ip, ... }: ''"${ip} ${hostname}.${realm}"'';
ptr6Data = { hostname, realm, ip6, ... }: ''"${ip6} ${hostname}.${realm}"'';
localData = { hostName, domain, ipv4, ... }: ''"${hostName}.${domain}. A ${ipv4}"'';
local6Data = { hostName, domain, ipv6, ... }: ''"${hostName}.${domain}. AAAA ${ipv6}"'';
ptrData = { hostName, domain, ipv4, ... }: ''"${ipv4} ${hostName}.${domain}"'';
ptr6Data = { hostName, domain, ipv6, ... }: ''"${ipv6} ${hostName}.${domain}"'';
cfg = config.services.v.dns;
in {
@ -37,7 +41,7 @@ in {
};
mode = mkOption {
type = enum [ "server" "laptop" ];
type = types.enum [ "server" "laptop" ];
default = "laptop";
description = ''
Whether to configure the DNS in server mode (listen on all interfaces) or laptop mode (just on localhost)
@ -69,8 +73,8 @@ in {
local-zone =
map (localdomain: ''"${localdomain}}." transparent'') domains;
local-data = (map localData ipv4Host) ++ (map local6Data ipv6Hosts);
local-data-ptr = (map ptrData ipv4Host) ++ (map ptr6Data ipv6Hosts);
local-data = (map localData ipv4Hosts) ++ (map local6Data ipv6Hosts);
local-data-ptr = (map ptrData ipv4Hosts) ++ (map ptr6Data ipv6Hosts);
private-address = [
"127.0.0.0/8"

66
common/modules/meta.nix
View File

@ -1,4 +1,4 @@
{ lib, ... }:
{ lib, config, ... }:
with lib;
let
exposesOpts = {
@ -6,7 +6,7 @@ let
domain = mkOption {
type = types.str;
example = "<name>.example.com";
description = ''
description = lib.mdDoc ''
The domain under which this service should be available
'';
};
@ -14,30 +14,76 @@ let
type = types.int;
default = 80;
example = 4242;
description = ''
description = lib.mdDoc ''
The port under which the service runs on the host
'';
};
};
};
in
{
in {
options.meta = {
exposes = mkOption {
type = with types; attrsOf (submodule exposesOpts);
default = { };
description = ''
Exposed services
'';
};
ipv4 = mkOption {
type = types.str;
description = ''
Own IPv4 Address
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Host's IPv4 Address
'';
};
ipv6 = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Host's IPv6 address
'';
};
mac = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Own MAC Address
'';
};
isLaptop = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Is this host a Laptop (i.e. no DNS entries should be made).
'';
};
realm = mkOption {
readOnly = true;
type = types.nullOr (types.enum [ "thalassa" "hades" "olympus" ]);
default = config.networking.domain;
defaultText = literalExpression "config.network.domain";
};
};
config = { };
config = {
# TODO: Open Firewall
assertions = [
{
assertion = config.meta.mac != null;
message =
"${config.networking.fqdnOrHostName} is missing a mac address";
}
{
assertion = !config.meta.isLaptop -> config.meta.ipv4 != null;
message =
"${config.networking.fqdnOrHostName} needs ipv4 address set as it is not a laptop";
}
];
};
}

147
flake.lock
View File

@ -221,7 +221,7 @@
"all-cabal-json": "all-cabal-json",
"crane": "crane_3",
"devshell": "devshell",
"flake-parts": "flake-parts_2",
"flake-parts": "flake-parts_3",
"flake-utils-pre-commit": "flake-utils-pre-commit",
"ghc-utils": "ghc-utils",
"gomod2nix": "gomod2nix",
@ -463,6 +463,27 @@
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1704152458,
"narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
@ -530,22 +551,8 @@
}
},
"flake-utils_10": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"id": "flake-utils",
"type": "indirect"
}
},
"flake-utils_11": {
"inputs": {
"systems": "systems_11"
"systems": "systems_10"
},
"locked": {
"lastModified": 1681202837,
@ -670,24 +677,6 @@
"inputs": {
"systems": "systems_8"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_9": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
@ -702,6 +691,20 @@
"type": "github"
}
},
"flake-utils_9": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"id": "flake-utils",
"type": "indirect"
}
},
"flakeCompat": {
"flake": false,
"locked": {
@ -820,11 +823,11 @@
]
},
"locked": {
"lastModified": 1704358952,
"narHash": "sha256-yazDFmdyKr0JGMqmzQ5bYOW5FWvau8oFvsQ8eSB2f3A=",
"lastModified": 1704498488,
"narHash": "sha256-yINKdShHrtjdiJhov+q0s3Y3B830ujRoSbHduUNyKag=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c36cb65c4a0ba17ab9262ab3c30920429348746c",
"rev": "51e44a13acea71b36245e8bd8c7db53e0a3e61ee",
"type": "github"
},
"original": {
@ -846,11 +849,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1704230057,
"narHash": "sha256-YTkPHIM/RF1WtWqRAxlaE2lqvzEBa58SZzQZB2sx4PY=",
"lastModified": 1704497899,
"narHash": "sha256-eyImNjgTHaF+be2fnNFY+Lv73rWVj7yOGxrafZNB/gI=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "81f7a56f0ee6bb454284feeeb192df56e39d98d1",
"rev": "a454a5894700db8b85d0e08ae1bb870c4b88ef77",
"type": "github"
},
"original": {
@ -1051,11 +1054,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1704266875,
"narHash": "sha256-luA5SGmeIRZlgLfSLUuR3eacS63q2bJ0Yywqak5lj3E=",
"lastModified": 1704458188,
"narHash": "sha256-f6BYEuIqnbrs6J/9m1/1VdkJ6d63hO9kUC09kTPuOqE=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "8e34f33464d77bea2d5cf7dc1066647b1ad2b324",
"rev": "172385318068519900a7d71c1024242fa6af75f0",
"type": "github"
},
"original": {
@ -1176,22 +1179,6 @@
"type": "github"
}
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1686736559,
@ -1415,16 +1402,16 @@
},
"nixvim": {
"inputs": {
"flake-utils": "flake-utils_8",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_9",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1704356551,
"narHash": "sha256-CIznfohcfLRrjRC03QW+tiDeYrJ+Pw10Ny8KPXex1RU=",
"lastModified": 1704535566,
"narHash": "sha256-C39L/tRZ+AIzLCzdaC//vk1l8mjE+M+nm9S2JPAPZEU=",
"owner": "pta2002",
"repo": "nixvim",
"rev": "10d114f5a6e0a9591d13a28a92905e71cc100b39",
"rev": "eecd2ab3cefe5a0b615a57dd435ee9ba95ed9c8e",
"type": "github"
},
"original": {
@ -1435,11 +1422,11 @@
},
"nur": {
"locked": {
"lastModified": 1704378556,
"narHash": "sha256-sdx3IXUOwBMn0l5gUyfULiQRTBUcOq+6dLnHERYnEMY=",
"lastModified": 1704535142,
"narHash": "sha256-iNCliUH8hvi7KF6HGDvWa80qZR4FW+ajz4VJ6zQb4gg=",
"owner": "nix-community",
"repo": "NUR",
"rev": "482244aa0deb5d2d86326859633ee6e2872cb500",
"rev": "33ac9895fdc714eff02e0ccf3b80711a5fd34913",
"type": "github"
},
"original": {
@ -1468,13 +1455,16 @@
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_7",
"flake-utils": "flake-utils_9",
"flake-utils": "flake-utils_8",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_3"
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703939133,
@ -1714,21 +1704,6 @@
"type": "github"
}
},
"systems_11": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
@ -1902,7 +1877,7 @@
},
"utils_4": {
"inputs": {
"systems": "systems_10"
"systems": "systems_9"
},
"locked": {
"lastModified": 1694529238,
@ -1921,7 +1896,7 @@
"vault-secrets": {
"inputs": {
"flake-compat": "flake-compat_8",
"flake-utils": "flake-utils_10",
"flake-utils": "flake-utils_9",
"nix": "nix",
"nixpkgs": "nixpkgs_12",
"utils": "utils_4"
@ -1942,7 +1917,7 @@
},
"vault-unseal": {
"inputs": {
"flake-utils": "flake-utils_11",
"flake-utils": "flake-utils_10",
"nixpkgs": "nixpkgs_13"
},
"locked": {

37
flake.nix
View File

@ -55,7 +55,11 @@
outputs = { self, nixpkgs, nixpkgs_stable, flake-utils-plus, nur, attic
, deploy, home-manager, gnome-autounlock-keyring, lanzaboote, ... }@inputs:
let pkgs = self.pkgs.x86_64-linux.nixpkgs;
let
pkgs = self.pkgs.x86_64-linux.nixpkgs;
apply-local = pkgs.writeShellScriptBin "apply-local" ''
deploy ".#$(cat /etc/hostname)" -s
'';
in flake-utils-plus.lib.mkFlake {
# `self` and `inputs` arguments are required
inherit self inputs;
@ -76,13 +80,13 @@
./common
];
specialArgs = { inherit inputs; };
specialArgs = { inherit self inputs; };
};
# hosts
hosts = {
"bastion.olympus" = {
# TODO: Figure out why this is reversed, and how/why it sets the FQDN
"olympus.bastion" = {
modules = [ ./common/generic-vm.nix ./hosts/olympus/bastion ];
};
@ -99,14 +103,14 @@
deploy = {
user = "root";
nodes = {
"bastion.olympus" = {
hostname = "olympus.0x76.dev";
"bastion-olympus" = {
hostname = "bastion.olympus";
fastConnection = true;
remoteBuild = true;
profiles = {
system = {
path = deploy.lib.x86_64-linux.activate.nixos
self.nixosConfigurations."bastion.olympus";
self.nixosConfigurations."olympus.bastion";
};
};
};
@ -121,14 +125,15 @@
};
};
# Outputs
outputsBuilder = channels: {
devShells.default = channels.nixpkgs.mkShell {
name = "devShell";
VAULT_ADDR = "http://vault.olympus:8200/";
packages = with pkgs; [
attic.packages.${pkgs.system}.attic
# apply-local
attic.packages.${system}.attic
apply-local
deploy.packages.${system}.deploy-rs
deadnix
statix
@ -149,7 +154,17 @@
# Checks
checks = builtins.mapAttrs
(system: deployLib: deployLib.deployChecks self.deploy) deploy.lib;
(system: deployLib: deployLib.deployChecks self.deploy) deploy.lib // {
x86_64-linux.mac = pkgs.stdenvNoCC.mkDerivation {
name = "mac check";
src = self;
dontBuild = true;
doCheck = true;
checkPhase = ''
echo "Hello World"
'';
installPhase = "mkdir $out";
};
};
};
}

6
hosts/olympus/bastion/default.nix
View File

@ -12,6 +12,12 @@
programs.nix-ld.enable = true;
meta = {
ipv4 = "10.42.42.4";
ipv6 = "2001:41f0:9639:1:80f0:7cff:fecb:bd6d";
mac = "82:F0:7C:CB:BD:6D";
};
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";

11
hosts/thalassa/aoife/default.nix
View File

@ -2,13 +2,20 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ inputs, lib, ... }: {
{ inputs, lib, self, ... }:
let test = self.nixosConfigurations."bastion.olympus".config;
in {
imports = [
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z
./hardware.nix
];
meta = {
mac = "04:7b:cb:b6:2d:88";
isLaptop = true;
};
# Bootloader.
boot = {
bootspec.enable = true;
@ -31,6 +38,8 @@
# Enable Ozone rendering for Chromium and Electron apps.
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.sessionVariables.myself = builtins.toJSON test;
# environment.sessionVariables.INFRA_INFO = self; # hosts.${config.networking.domain}.${config.networking.hostName};