From 34efe5686e0b8be484eda3f7dfcc63bce2ed0fc6 Mon Sep 17 00:00:00 2001 From: oddlama Date: Wed, 3 Apr 2024 23:48:23 +0200 Subject: [PATCH] feat: use upstream topology --- flake.lock | 213 +++++++++++++++++++++++++++++---- flake.nix | 4 +- hosts/sire/default.nix | 9 -- hosts/ward/default.nix | 9 -- modules/default.nix | 1 + modules/topology-wireguard.nix | 80 +++++++++++++ topology/default.nix | 5 +- 7 files changed, 274 insertions(+), 47 deletions(-) create mode 100644 modules/topology-wireguard.nix diff --git a/flake.lock b/flake.lock index 543ecac..d7622f3 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1710507018, - "narHash": "sha256-uLiNsW8OGfj/qAUj0ckwXX+8tdNOhWvhQGdzaVtqjjY=", + "lastModified": 1712180480, + "narHash": "sha256-fmjbIcYT4Hj/Tow004I9FKz/DbIYRjTDOPDRXaddt08=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "5a4a617d5daf5634f058ecd0430ea20961a694b8", + "rev": "85df729446fca1b9f22097b03e0ae2427c3246e2", "type": "github" }, "original": { @@ -324,12 +324,34 @@ } }, "devshell_3": { + "inputs": { + "flake-utils": "flake-utils_5", + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1711099426, + "narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=", + "owner": "numtide", + "repo": "devshell", + "rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_4": { "inputs": { "nixpkgs": [ "nixos-extra-modules", "nixpkgs" ], - "systems": "systems_7" + "systems": "systems_8" }, "locked": { "lastModified": 1701787589, @@ -345,9 +367,9 @@ "type": "github" } }, - "devshell_4": { + "devshell_5": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_6", "nixpkgs": [ "nixvim", "nixpkgs" @@ -460,6 +482,22 @@ } }, "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { "flake": false, "locked": { "lastModified": 1673956053, @@ -475,7 +513,7 @@ "type": "github" } }, - "flake-compat_5": { + "flake-compat_6": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -489,7 +527,7 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_6": { + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1696426674, @@ -505,7 +543,7 @@ "type": "github" } }, - "flake-compat_7": { + "flake-compat_8": { "flake": false, "locked": { "lastModified": 1673956053, @@ -634,7 +672,7 @@ }, "flake-utils_5": { "inputs": { - "systems": "systems_8" + "systems": "systems_7" }, "locked": { "lastModified": 1701680307, @@ -654,6 +692,24 @@ "inputs": { "systems": "systems_9" }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_7": { + "inputs": { + "systems": "systems_10" + }, "locked": { "lastModified": 1705309234, "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", @@ -729,6 +785,28 @@ } }, "gitignore_3": { + "inputs": { + "nixpkgs": [ + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_4": { "inputs": { "nixpkgs": [ "nixos-extra-modules", @@ -750,7 +828,7 @@ "type": "github" } }, - "gitignore_4": { + "gitignore_5": { "inputs": { "nixpkgs": [ "pre-commit-hooks", @@ -922,6 +1000,31 @@ "type": "github" } }, + "nix-topology": { + "inputs": { + "devshell": "devshell_3", + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks_3" + }, + "locked": { + "lastModified": 1712180264, + "narHash": "sha256-OcRVcS5uv+KD9Ii45MzwO2vNhOuL9Uzs+CIWL2zvatU=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "0d0fa39b45c62d13de9db07a8d06d400acd9133d", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1709426687, @@ -939,7 +1042,7 @@ }, "nixos-extra-modules": { "inputs": { - "devshell": "devshell_3", + "devshell": "devshell_4", "flake-utils": [ "flake-utils" ], @@ -947,7 +1050,7 @@ "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks_3" + "pre-commit-hooks": "pre-commit-hooks_4" }, "locked": { "lastModified": 1710447185, @@ -1087,6 +1190,22 @@ } }, "nixpkgs-stable_3": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_4": { "locked": { "lastModified": 1685801374, "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", @@ -1102,7 +1221,7 @@ "type": "github" } }, - "nixpkgs-stable_4": { + "nixpkgs-stable_5": { "locked": { "lastModified": 1704874635, "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", @@ -1136,8 +1255,8 @@ }, "nixvim": { "inputs": { - "devshell": "devshell_4", - "flake-compat": "flake-compat_5", + "devshell": "devshell_5", + "flake-compat": "flake-compat_6", "flake-parts": "flake-parts", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin", @@ -1222,16 +1341,44 @@ "inputs": { "flake-compat": "flake-compat_4", "flake-utils": [ - "nixos-extra-modules", + "nix-topology", "flake-utils" ], "gitignore": "gitignore_3", "nixpkgs": [ - "nixos-extra-modules", + "nix-topology", "nixpkgs" ], "nixpkgs-stable": "nixpkgs-stable_3" }, + "locked": { + "lastModified": 1711981679, + "narHash": "sha256-pnbHEXJOdGkPrHBdkZLv/a2V09On+V3J4aPE/BfAJC8=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "f3bb95498eaaa49a93bacaf196cdb6cf8e872cdf", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_4": { + "inputs": { + "flake-compat": "flake-compat_5", + "flake-utils": [ + "nixos-extra-modules", + "flake-utils" + ], + "gitignore": "gitignore_4", + "nixpkgs": [ + "nixos-extra-modules", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_4" + }, "locked": { "lastModified": 1702456155, "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=", @@ -1246,17 +1393,17 @@ "type": "github" } }, - "pre-commit-hooks_4": { + "pre-commit-hooks_5": { "inputs": { - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_7", "flake-utils": [ "flake-utils" ], - "gitignore": "gitignore_4", + "gitignore": "gitignore_5", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_4" + "nixpkgs-stable": "nixpkgs-stable_5" }, "locked": { "lastModified": 1708018599, @@ -1284,13 +1431,14 @@ "impermanence": "impermanence", "microvm": "microvm", "nix-index-database": "nix-index-database", + "nix-topology": "nix-topology", "nixos-extra-modules": "nixos-extra-modules", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixos-nftables-firewall": "nixos-nftables-firewall", "nixpkgs": "nixpkgs", "nixvim": "nixvim", - "pre-commit-hooks": "pre-commit-hooks_4", + "pre-commit-hooks": "pre-commit-hooks_5", "stylix": "stylix", "templates": "templates", "wired-notify": "wired-notify" @@ -1325,7 +1473,7 @@ }, "rust-overlay_2": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_7", "nixpkgs": "nixpkgs_2" }, "locked": { @@ -1369,7 +1517,7 @@ "base16-kitty": "base16-kitty", "base16-tmux": "base16-tmux", "base16-vim": "base16-vim", - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_8", "gnome-shell": "gnome-shell", "home-manager": [ "home-manager" @@ -1407,6 +1555,21 @@ "type": "github" } }, + "systems_10": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 9f4f395..daff537 100644 --- a/flake.nix +++ b/flake.nix @@ -179,7 +179,9 @@ inherit pkgs; modules = [ ./topology - {nixosConfigurations = self.nodes;} + { + inherit (self) nixosConfigurations; + } ]; }; diff --git a/hosts/sire/default.nix b/hosts/sire/default.nix index cc6d56e..9bfbc6a 100644 --- a/hosts/sire/default.nix +++ b/hosts/sire/default.nix @@ -21,8 +21,6 @@ ]; topology.self.hardware.info = "AMD Ryzen Threadripper 1950X, 96GB RAM"; - topology.self.interfaces.lan.sharesNetworkWith = x: x == "lan-self"; - topology.self.interfaces.lan-self.sharesNetworkWith = x: x == "lan"; boot.mode = "efi"; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "e1000e" "alx"]; @@ -85,13 +83,6 @@ networking.nftables.firewall = { zones.untrusted.interfaces = [config.guests.${guestName}.networking.mainLinkName]; }; - topology.self.interfaces.lan.physicalConnections = [ - { - node = config.node.name; - interface = "lan-self"; - renderer.reverse = true; - } - ]; } ]; }; diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix index 8d53a24..0d53421 100644 --- a/hosts/ward/default.nix +++ b/hosts/ward/default.nix @@ -23,8 +23,6 @@ topology.self.hardware.image = ../../topology/images/odroid-h3.png; topology.self.hardware.info = "ODROID H3, 64GB RAM"; - topology.self.interfaces.lan.sharesNetworkWith = x: x == "lan-self"; - topology.self.interfaces.lan-self.sharesNetworkWith = x: x == "lan"; boot.mode = "efi"; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "r8169"]; @@ -69,13 +67,6 @@ networking.nftables.firewall = { zones.untrusted.interfaces = [config.guests.${guestName}.networking.mainLinkName]; }; - topology.self.interfaces.lan.physicalConnections = [ - { - node = config.node.name; - interface = "lan-self"; - renderer.reverse = true; - } - ]; } ]; }; diff --git a/modules/default.nix b/modules/default.nix index eb13425..77b658f 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -39,6 +39,7 @@ ./provided-domains.nix ./secrets.nix ./telegraf.nix + ./topology-wireguard.nix ]; nixpkgs.overlays = [ diff --git a/modules/topology-wireguard.nix b/modules/topology-wireguard.nix new file mode 100644 index 0000000..09840a0 --- /dev/null +++ b/modules/topology-wireguard.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + inputs ? {}, + ... +}: let + inherit + (lib) + flip + mapAttrsToList + mkDefault + mkEnableOption + mkIf + mkMerge + filter + ; + + headOrNull = xs: + if xs == [] + then null + else builtins.head xs; + + networkId = wgName: "wireguard-${wgName}"; +in { + options.topology.extractors.wireguard.enable = mkEnableOption "topology wireguard extractor" // {default = true;}; + + config = mkIf (config.topology.extractors.wireguard.enable && config ? wireguard) { + # Create networks (this will be duplicated by each node, + # but it doesn't matter and will be merged anyway) + topology.networks = mkMerge ( + flip mapAttrsToList config.wireguard ( + wgName: _: let + inherit (lib.wireguard inputs wgName) networkCidrs; + in { + ${networkId wgName} = { + name = mkDefault "Wireguard network '${wgName}'"; + icon = "interfaces.wireguard"; + cidrv4 = headOrNull (filter lib.net.ip.isv4 networkCidrs); + cidrv6 = headOrNull (filter lib.net.ip.isv6 networkCidrs); + }; + } + ) + ); + + # Assign network and physical connections to related interfaces + topology.self.interfaces = mkMerge ( + flip mapAttrsToList config.wireguard ( + wgName: wgCfg: let + inherit + (lib.wireguard inputs wgName) + participatingServerNodes + wgCfgOf + ; + + isServer = wgCfg.server.host != null; + filterSelf = filter (x: x != config.node.name); + + # The list of peers that are "physically" connected in the wireguard network, + # meaning they communicate directly with each other. + connectedPeers = + if isServer + then + # Other servers in the same network + filterSelf participatingServerNodes + else [wgCfg.client.via]; + in { + ${wgCfg.linkName} = { + network = networkId wgName; + virtual = true; + renderer.hidePhysicalConnections = true; + physicalConnections = flip map connectedPeers (peer: { + node = inputs.self.nodes.${peer}.config.topology.id; + interface = (wgCfgOf peer).linkName; + }); + }; + } + ) + ); + }; +} diff --git a/topology/default.nix b/topology/default.nix index 5fd759f..10fad11 100644 --- a/topology/default.nix +++ b/topology/default.nix @@ -38,9 +38,8 @@ in { info = "D-Link DGS-1016D"; image = ./images/dlink-dgs1016d.png; interfaceGroups = [["eth1" "eth2" "eth3" "eth4" "eth5" "eth6"]]; - connections.eth1 = mkConnection "ward" "lan"; - connections.eth2 = mkConnection "sire" "lan"; - connections.eth3 = []; + connections.eth1 = mkConnection "ward" "lan-self"; + connections.eth2 = mkConnection "sire" "lan-self"; }; nodes.switch-bedroom-1 = mkSwitch "Switch Bedroom 1" {