mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 14:50:40 +02:00
Code Activity

feat: use upstream topology

Browse source
This commit is contained in:
oddlama 2024-04-03 23:48:23 +02:00
parent 8612c339f0
commit 34efe5686e
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
7 changed files with 274 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

213
flake.lock generated
View file

@ -53,11 +53,11 @@
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1710507018,
"narHash": "sha256-uLiNsW8OGfj/qAUj0ckwXX+8tdNOhWvhQGdzaVtqjjY=",
"lastModified": 1712180480,
"narHash": "sha256-fmjbIcYT4Hj/Tow004I9FKz/DbIYRjTDOPDRXaddt08=",
"owner": "oddlama",
"repo": "agenix-rekey",
"rev": "5a4a617d5daf5634f058ecd0430ea20961a694b8",
"rev": "85df729446fca1b9f22097b03e0ae2427c3246e2",
"type": "github"
},
"original": {
@ -324,12 +324,34 @@
}
},
"devshell_3": {
"inputs": {
"flake-utils": "flake-utils_5",
"nixpkgs": [
"nix-topology",
"nixpkgs"
]
},
"locked": {
"lastModified": 1711099426,
"narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=",
"owner": "numtide",
"repo": "devshell",
"rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_4": {
"inputs": {
"nixpkgs": [
"nixos-extra-modules",
"nixpkgs"
],
"systems": "systems_7"
"systems": "systems_8"
},
"locked": {
"lastModified": 1701787589,
@ -345,9 +367,9 @@
"type": "github"
}
},
"devshell_4": {
"devshell_5": {
"inputs": {
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_6",
"nixpkgs": [
"nixvim",
"nixpkgs"
@ -460,6 +482,22 @@
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -475,7 +513,7 @@
"type": "github"
}
},
"flake-compat_5": {
"flake-compat_6": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@ -489,7 +527,7 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_6": {
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -505,7 +543,7 @@
"type": "github"
}
},
"flake-compat_7": {
"flake-compat_8": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -634,7 +672,7 @@
},
"flake-utils_5": {
"inputs": {
"systems": "systems_8"
"systems": "systems_7"
},
"locked": {
"lastModified": 1701680307,
@ -654,6 +692,24 @@
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_7": {
"inputs": {
"systems": "systems_10"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
@ -729,6 +785,28 @@
}
},
"gitignore_3": {
"inputs": {
"nixpkgs": [
"nix-topology",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_4": {
"inputs": {
"nixpkgs": [
"nixos-extra-modules",
@ -750,7 +828,7 @@
"type": "github"
}
},
"gitignore_4": {
"gitignore_5": {
"inputs": {
"nixpkgs": [
"pre-commit-hooks",
@ -922,6 +1000,31 @@
"type": "github"
}
},
"nix-topology": {
"inputs": {
"devshell": "devshell_3",
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks_3"
},
"locked": {
"lastModified": 1712180264,
"narHash": "sha256-OcRVcS5uv+KD9Ii45MzwO2vNhOuL9Uzs+CIWL2zvatU=",
"owner": "oddlama",
"repo": "nix-topology",
"rev": "0d0fa39b45c62d13de9db07a8d06d400acd9133d",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "nix-topology",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1709426687,
@ -939,7 +1042,7 @@
},
"nixos-extra-modules": {
"inputs": {
"devshell": "devshell_3",
"devshell": "devshell_4",
"flake-utils": [
"flake-utils"
],
@ -947,7 +1050,7 @@
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks_3"
"pre-commit-hooks": "pre-commit-hooks_4"
},
"locked": {
"lastModified": 1710447185,
@ -1087,6 +1190,22 @@
}
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_4": {
"locked": {
"lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
@ -1102,7 +1221,7 @@
"type": "github"
}
},
"nixpkgs-stable_4": {
"nixpkgs-stable_5": {
"locked": {
"lastModified": 1704874635,
"narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
@ -1136,8 +1255,8 @@
},
"nixvim": {
"inputs": {
"devshell": "devshell_4",
"flake-compat": "flake-compat_5",
"devshell": "devshell_5",
"flake-compat": "flake-compat_6",
"flake-parts": "flake-parts",
"home-manager": "home-manager_2",
"nix-darwin": "nix-darwin",
@ -1222,16 +1341,44 @@
"inputs": {
"flake-compat": "flake-compat_4",
"flake-utils": [
"nixos-extra-modules",
"nix-topology",
"flake-utils"
],
"gitignore": "gitignore_3",
"nixpkgs": [
"nixos-extra-modules",
"nix-topology",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1711981679,
"narHash": "sha256-pnbHEXJOdGkPrHBdkZLv/a2V09On+V3J4aPE/BfAJC8=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "f3bb95498eaaa49a93bacaf196cdb6cf8e872cdf",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks_4": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-utils": [
"nixos-extra-modules",
"flake-utils"
],
"gitignore": "gitignore_4",
"nixpkgs": [
"nixos-extra-modules",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_4"
},
"locked": {
"lastModified": 1702456155,
"narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=",
@ -1246,17 +1393,17 @@
"type": "github"
}
},
"pre-commit-hooks_4": {
"pre-commit-hooks_5": {
"inputs": {
"flake-compat": "flake-compat_6",
"flake-compat": "flake-compat_7",
"flake-utils": [
"flake-utils"
],
"gitignore": "gitignore_4",
"gitignore": "gitignore_5",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_4"
"nixpkgs-stable": "nixpkgs-stable_5"
},
"locked": {
"lastModified": 1708018599,
@ -1284,13 +1431,14 @@
"impermanence": "impermanence",
"microvm": "microvm",
"nix-index-database": "nix-index-database",
"nix-topology": "nix-topology",
"nixos-extra-modules": "nixos-extra-modules",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixos-nftables-firewall": "nixos-nftables-firewall",
"nixpkgs": "nixpkgs",
"nixvim": "nixvim",
"pre-commit-hooks": "pre-commit-hooks_4",
"pre-commit-hooks": "pre-commit-hooks_5",
"stylix": "stylix",
"templates": "templates",
"wired-notify": "wired-notify"
@ -1325,7 +1473,7 @@
},
"rust-overlay_2": {
"inputs": {
"flake-utils": "flake-utils_6",
"flake-utils": "flake-utils_7",
"nixpkgs": "nixpkgs_2"
},
"locked": {
@ -1369,7 +1517,7 @@
"base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat_7",
"flake-compat": "flake-compat_8",
"gnome-shell": "gnome-shell",
"home-manager": [
"home-manager"
@ -1407,6 +1555,21 @@
"type": "github"
}
},
"systems_10": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,

4
flake.nix
View file

@ -179,7 +179,9 @@
inherit pkgs;
modules = [
./topology
{nixosConfigurations = self.nodes;}
{
inherit (self) nixosConfigurations;
}
];
};

9
hosts/sire/default.nix
View file

@ -21,8 +21,6 @@
];
topology.self.hardware.info = "AMD Ryzen Threadripper 1950X, 96GB RAM";
topology.self.interfaces.lan.sharesNetworkWith = x: x == "lan-self";
topology.self.interfaces.lan-self.sharesNetworkWith = x: x == "lan";
boot.mode = "efi";
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "e1000e" "alx"];
@ -85,13 +83,6 @@
networking.nftables.firewall = {
zones.untrusted.interfaces = [config.guests.${guestName}.networking.mainLinkName];
};
topology.self.interfaces.lan.physicalConnections = [
{
node = config.node.name;
interface = "lan-self";
renderer.reverse = true;
}
];
}
];
};

9
hosts/ward/default.nix
View file

@ -23,8 +23,6 @@
topology.self.hardware.image = ../../topology/images/odroid-h3.png;
topology.self.hardware.info = "ODROID H3, 64GB RAM";
topology.self.interfaces.lan.sharesNetworkWith = x: x == "lan-self";
topology.self.interfaces.lan-self.sharesNetworkWith = x: x == "lan";
boot.mode = "efi";
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "r8169"];
@ -69,13 +67,6 @@
networking.nftables.firewall = {
zones.untrusted.interfaces = [config.guests.${guestName}.networking.mainLinkName];
};
topology.self.interfaces.lan.physicalConnections = [
{
node = config.node.name;
interface = "lan-self";
renderer.reverse = true;
}
];
}
];
};

1
modules/default.nix
View file

@ -39,6 +39,7 @@
./provided-domains.nix
./secrets.nix
./telegraf.nix
./topology-wireguard.nix
];
nixpkgs.overlays = [

80
modules/topology-wireguard.nix Normal file
View file

@ -0,0 +1,80 @@
{
config,
lib,
inputs ? {},
...
}: let
inherit
(lib)
flip
mapAttrsToList
mkDefault
mkEnableOption
mkIf
mkMerge
filter
;
headOrNull = xs:
if xs == []
then null
else builtins.head xs;
networkId = wgName: "wireguard-${wgName}";
in {
options.topology.extractors.wireguard.enable = mkEnableOption "topology wireguard extractor" // {default = true;};
config = mkIf (config.topology.extractors.wireguard.enable && config ? wireguard) {
# Create networks (this will be duplicated by each node,
# but it doesn't matter and will be merged anyway)
topology.networks = mkMerge (
flip mapAttrsToList config.wireguard (
wgName: _: let
inherit (lib.wireguard inputs wgName) networkCidrs;
in {
${networkId wgName} = {
name = mkDefault "Wireguard network '${wgName}'";
icon = "interfaces.wireguard";
cidrv4 = headOrNull (filter lib.net.ip.isv4 networkCidrs);
cidrv6 = headOrNull (filter lib.net.ip.isv6 networkCidrs);
};
}
)
);
# Assign network and physical connections to related interfaces
topology.self.interfaces = mkMerge (
flip mapAttrsToList config.wireguard (
wgName: wgCfg: let
inherit
(lib.wireguard inputs wgName)
participatingServerNodes
wgCfgOf
;
isServer = wgCfg.server.host != null;
filterSelf = filter (x: x != config.node.name);
# The list of peers that are "physically" connected in the wireguard network,
# meaning they communicate directly with each other.
connectedPeers =
if isServer
then
# Other servers in the same network
filterSelf participatingServerNodes
else [wgCfg.client.via];
in {
${wgCfg.linkName} = {
network = networkId wgName;
virtual = true;
renderer.hidePhysicalConnections = true;
physicalConnections = flip map connectedPeers (peer: {
node = inputs.self.nodes.${peer}.config.topology.id;
interface = (wgCfgOf peer).linkName;
});
};
}
)
);
};
}

5
topology/default.nix
View file

@ -38,9 +38,8 @@ in {
info = "D-Link DGS-1016D";
image = ./images/dlink-dgs1016d.png;
interfaceGroups = [["eth1" "eth2" "eth3" "eth4" "eth5" "eth6"]];
connections.eth1 = mkConnection "ward" "lan";
connections.eth2 = mkConnection "sire" "lan";
connections.eth3 = [];
connections.eth1 = mkConnection "ward" "lan-self";
connections.eth2 = mkConnection "sire" "lan-self";
};
nodes.switch-bedroom-1 = mkSwitch "Switch Bedroom 1" {