mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

refactor: move lan ip information to globals

Browse source
This commit is contained in:
oddlama 2024-06-10 15:49:34 +02:00
parent 859e3d1771
commit def57cfc61
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
18 changed files with 163 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts/ward/default.nix
View file

@ -4,7 +4,6 @@
inputs,
lib,
minimal,
nodes,
...
}: {
imports = [
@ -99,7 +98,9 @@
backend = "container";
container.macvlan = "lan";
extraSpecialArgs = {
inherit lib nodes inputs minimal;
inherit (inputs.self) nodes globals;
inherit (inputs.self.pkgs.x86_64-linux) lib;
inherit inputs minimal;
};
};
};

2
hosts/ward/guests/adguardhome.nix
View file

@ -84,7 +84,7 @@ in {
# Use the local mirror-proxy for some services (not necessary, just for speed)
++ map (domain: {
inherit domain;
answer = "192.168.1.4";
answer = globals.net.home-lan.hosts.ward-web-proxy.ipv4;
}) [
# FIXME: dont hardcode, filter global service domains by internal state
globals.services.grafana.domain

13
hosts/ward/guests/web-proxy.nix
View file

@ -1,4 +1,8 @@
{config, ...}: let
{
config,
globals,
...
}: let
inherit (config.repo.secrets.local) acme;
fritzboxDomain = "fritzbox.${config.repo.secrets.global.domains.me}";
in {
@ -35,7 +39,7 @@ in {
services.nginx = {
upstreams.fritzbox = {
servers."192.168.178.1" = {};
servers.${globals.net.home-wan.hosts.fritzbox.ipv4} = {};
extraConfig = ''
zone grafana 64k;
keepalive 2;
@ -50,11 +54,10 @@ in {
};
# Allow using self-signed certs. We just want to make sure the connection
# is over TLS.
# FIXME: refer to lan 192.168... and fd10:: via globals
extraConfig = ''
proxy_ssl_verify off;
allow 192.168.1.0/24;
allow fd10::/64;
allow ${globals.net.home-lan.cidrv4};
allow ${globals.net.home-lan.cidrv6};
deny all;
'';
};

19
hosts/ward/kea.nix
View file

@ -1,13 +1,11 @@
{
lib,
globals,
utils,
nodes,
...
}: let
inherit (lib) net;
lanCidrv4 = "192.168.1.0/24";
dnsIp = net.cidr.host 3 lanCidrv4;
webProxyIp = net.cidr.host 4 lanCidrv4;
in {
environment.persistence."/persist".directories = [
{
@ -36,35 +34,36 @@ in {
option-data = [
{
name = "domain-name-servers";
data = dnsIp;
data = globals.net.home-lan.hosts.ward-adguardhome.ipv4;
}
];
subnet4 = [
{
id = 1;
interface = "lan-self";
subnet = lanCidrv4;
subnet = globals.net.home-lan.cidrv4;
pools = [
{pool = "${net.cidr.host 20 lanCidrv4} - ${net.cidr.host (-6) lanCidrv4}";}
{pool = "${net.cidr.host 20 globals.net.home-lan.cidrv4} - ${net.cidr.host (-6) globals.net.home-lan.cidrv4}";}
];
option-data = [
{
name = "routers";
data = net.cidr.host 1 lanCidrv4; # FIXME: how to advertise v6 address also?
data = globals.net.home-lan.hosts.ward.ipv4; # FIXME: how to advertise v6 address also?
}
];
# FIXME: map this over globals.guests or smth. marker tag for finding: ipv4 192.168.1.1
reservations = [
{
hw-address = nodes.ward-adguardhome.config.lib.microvm.mac;
ip-address = dnsIp;
ip-address = globals.net.home-lan.hosts.ward-adguardhome.ipv4;
}
{
hw-address = nodes.ward-web-proxy.config.lib.microvm.mac;
ip-address = webProxyIp;
ip-address = globals.net.home-lan.hosts.ward-web-proxy.ipv4;
}
{
hw-address = nodes.sire-samba.config.lib.microvm.mac;
ip-address = net.cidr.host 10 lanCidrv4;
ip-address = globals.net.home-lan.hosts.sire-samba.ipv4;
}
];
}

53
hosts/ward/net.nix
View file

@ -1,21 +1,41 @@
{
config,
lib,
globals,
...
}: let
lanCidrv4 = "192.168.1.0/24";
lanCidrv6 = "fd10::/64";
in {
}: {
networking.hostId = config.repo.secrets.local.networking.hostId;
globals.net = {
home-wan = {
cidrv4 = "192.168.178.0/24";
hosts.fritzbox.id = 1;
hosts.ward.id = 2;
};
home-lan = {
cidrv4 = "192.168.1.0/24";
cidrv6 = "fd10::/64";
hosts.ward.id = 1;
hosts.sire.id = 2;
hosts.ward-adguardhome.id = 3;
hosts.ward-web-proxy.id = 4;
hosts.sire-samba.id = 10;
};
proxy-home = {
cidrv4 = "10.44.0.0/24";
cidrv6 = "fd00:44::/120";
};
};
boot.initrd.systemd.network = {
enable = true;
networks = {
inherit (config.systemd.network.networks) "10-wan";
"20-lan" = {
address = [
(lib.net.cidr.hostCidr 1 lanCidrv4)
(lib.net.cidr.hostCidr 1 lanCidrv6)
globals.net.home-lan.hosts.ward.cidrv4
globals.net.home-lan.hosts.ward.cidrv6
];
matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan.mac;
networkConfig = {
@ -59,16 +79,16 @@ in {
#dhcpV4Config.UseDNS = false;
#dhcpV6Config.UseDNS = false;
#ipv6AcceptRAConfig.UseDNS = false;
address = ["192.168.178.2/24"];
gateway = ["192.168.178.1"];
address = [globals.net.home-wan.hosts.ward.cidrv4];
gateway = [globals.net.home-wan.hosts.fritzbox.ipv4];
matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.wan.mac;
networkConfig.IPv6PrivacyExtensions = "yes";
linkConfig.RequiredForOnline = "routable";
};
"20-lan-self" = {
address = [
(lib.net.cidr.hostCidr 1 lanCidrv4)
(lib.net.cidr.hostCidr 1 lanCidrv6)
globals.net.home-lan.hosts.ward.cidrv4
globals.net.home-lan.hosts.ward.cidrv6
];
matchConfig.Name = "lan-self";
networkConfig = {
@ -81,7 +101,7 @@ in {
};
# Announce a static prefix
ipv6Prefixes = [
{ipv6PrefixConfig.Prefix = lanCidrv6;}
{ipv6PrefixConfig.Prefix = globals.net.home-lan.cidrv6;}
];
# Delegate prefix
dhcpPrefixDelegationConfig = {
@ -90,7 +110,7 @@ in {
# Provide a DNS resolver
ipv6SendRAConfig = {
EmitDNS = true;
DNS = lib.net.cidr.host 3 lanCidrv6;
DNS = globals.net.home-lan.hosts.ward-adguardhome.ipv4;
};
linkConfig.RequiredForOnline = "routable";
};
@ -162,9 +182,12 @@ in {
#};
wireguard.proxy-home.server = {
host = "192.168.1.1";
host = globals.net.home-lan.hosts.ward.ipv4;
port = 51444;
reservedAddresses = ["10.44.0.0/24" "fd00:44::/120"];
reservedAddresses = [
globals.net.proxy-home.cidrv4
globals.net.proxy-home.cidrv6
];
openFirewall = false; # Explicitly opened only for lan
};
}