From 088d01f032aaaf09af03476b36bc9e140b388f64 Mon Sep 17 00:00:00 2001 From: Patrick Date: Wed, 1 Jan 2025 21:20:46 +0100 Subject: [PATCH] feat: mdns-relay --- config/services/idmail.nix | 3 +- flake.lock | 795 +++++++++++++++++++++++++++++-------- flake.nix | 1 + hosts/nucnix/mdns.nix | 75 ++++ hosts/nucnix/net.nix | 1 + 5 files changed, 707 insertions(+), 168 deletions(-) create mode 100644 hosts/nucnix/mdns.nix diff --git a/config/services/idmail.nix b/config/services/idmail.nix index aaf49f2..1d47f37 100644 --- a/config/services/idmail.nix +++ b/config/services/idmail.nix @@ -2,6 +2,7 @@ inputs, config, globals, + pkgs, ... }: let @@ -42,7 +43,7 @@ in }; services.idmail = { - package = inputs.idmail.packages."aarch64-linux".default; + package = inputs.idmail.packages.${pkgs.system}.default; enable = true; # Stalwart will change permissions due to SQLite implementation. # Therefore, run as stalwart-mail since we don't allow reading diff --git a/flake.lock b/flake.lock index 29bf68f..90cbc41 100644 --- a/flake.lock +++ b/flake.lock @@ -167,6 +167,23 @@ "type": "github" } }, + "crane_4": { + "flake": false, + "locked": { + "lastModified": 1727316705, + "narHash": "sha256-/mumx8AQ5xFuCJqxCIOFCHTVlxHkMT21idpbgbm/TIE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "5b03654ce046b5167e7b0bccbd8244cb56c16f0e", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "ref": "v0.19.0", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -275,7 +292,7 @@ "devshell_4": { "inputs": { "nixpkgs": [ - "nix-topology", + "mdns", "nixpkgs" ] }, @@ -294,6 +311,27 @@ } }, "devshell_5": { + "inputs": { + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_6": { "inputs": { "nixpkgs": [ "nixos-extra-modules", @@ -315,7 +353,7 @@ "type": "github" } }, - "devshell_6": { + "devshell_7": { "inputs": { "nixpkgs": [ "nixp-meta", @@ -336,7 +374,7 @@ "type": "github" } }, - "devshell_7": { + "devshell_8": { "inputs": { "nixpkgs": [ "nixvim", @@ -404,13 +442,37 @@ "dream2nix_2": { "inputs": { "nixpkgs": [ - "nixp-meta", + "mdns", "nci", "nixpkgs" ], "purescript-overlay": "purescript-overlay_2", "pyproject-nix": "pyproject-nix_2" }, + "locked": { + "lastModified": 1734729217, + "narHash": "sha256-UaBik0h7veLw+VqsK5EP2ucC68BEkHLDJkcfmY+wEuY=", + "owner": "nix-community", + "repo": "dream2nix", + "rev": "98c1c2e934995a2c6ce740d4ff43ce0daa19b79f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "dream2nix", + "type": "github" + } + }, + "dream2nix_3": { + "inputs": { + "nixpkgs": [ + "nixp-meta", + "nci", + "nixpkgs" + ], + "purescript-overlay": "purescript-overlay_3", + "pyproject-nix": "pyproject-nix_3" + }, "locked": { "lastModified": 1731424167, "narHash": "sha256-nKKeRwq7mxcW8cBTmPKzSg0DR/inVrtuJudVM81GISU=", @@ -442,20 +504,6 @@ } }, "flake-compat_10": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-compat_11": { "flake": false, "locked": { "lastModified": 1696426674, @@ -471,7 +519,52 @@ "type": "github" } }, + "flake-compat_11": { + "locked": { + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_12": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_13": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_14": { "flake": false, "locked": { "lastModified": 1733328505, @@ -487,7 +580,7 @@ "type": "github" } }, - "flake-compat_13": { + "flake-compat_15": { "flake": false, "locked": { "lastModified": 1673956053, @@ -570,11 +663,11 @@ "flake-compat_6": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -602,11 +695,11 @@ "flake-compat_8": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -616,16 +709,17 @@ } }, "flake-compat_9": { + "flake": false, "locked": { - "lastModified": 1717312683, - "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", - "owner": "nix-community", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", "repo": "flake-compat", - "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { - "owner": "nix-community", + "owner": "edolstra", "repo": "flake-compat", "type": "github" } @@ -709,6 +803,24 @@ "inputs": { "nixpkgs-lib": "nixpkgs-lib_4" }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_6": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_5" + }, "locked": { "lastModified": 1730504689, "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", @@ -723,7 +835,7 @@ "type": "github" } }, - "flake-parts_6": { + "flake-parts_7": { "inputs": { "nixpkgs-lib": [ "nixpkgs-wayland", @@ -745,7 +857,7 @@ "type": "github" } }, - "flake-parts_7": { + "flake-parts_8": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -917,7 +1029,7 @@ "nixvim", "flake-compat" ], - "gitignore": "gitignore_7", + "gitignore": "gitignore_8", "nixpkgs": [ "nixvim", "nixpkgs" @@ -1010,7 +1122,7 @@ "gitignore_4": { "inputs": { "nixpkgs": [ - "nix-topology", + "mdns", "pre-commit-hooks", "nixpkgs" ] @@ -1030,6 +1142,28 @@ } }, "gitignore_5": { + "inputs": { + "nixpkgs": [ + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_6": { "inputs": { "nixpkgs": [ "nixos-extra-modules", @@ -1051,7 +1185,7 @@ "type": "github" } }, - "gitignore_6": { + "gitignore_7": { "inputs": { "nixpkgs": [ "nixp-meta", @@ -1073,7 +1207,7 @@ "type": "github" } }, - "gitignore_7": { + "gitignore_8": { "inputs": { "nixpkgs": [ "nixvim", @@ -1095,7 +1229,7 @@ "type": "github" } }, - "gitignore_8": { + "gitignore_9": { "inputs": { "nixpkgs": [ "pre-commit-hooks", @@ -1291,7 +1425,7 @@ "lib-aggregate": { "inputs": { "flake-utils": "flake-utils_5", - "nixpkgs-lib": "nixpkgs-lib_5" + "nixpkgs-lib": "nixpkgs-lib_6" }, "locked": { "lastModified": 1734264809, @@ -1320,6 +1454,29 @@ "url": "https://gist.github.com/duairc/5c9bb3c922e5d501a1edb9e7b3b845ba/archive/3885f7cd9ed0a746a9d675da6f265d41e9fd6704.tar.gz" } }, + "mdns": { + "inputs": { + "devshell": "devshell_4", + "flake-parts": "flake-parts_5", + "nci": "nci_2", + "nixpkgs": "nixpkgs_3", + "pre-commit-hooks": "pre-commit-hooks_3", + "treefmt-nix": "treefmt-nix_3" + }, + "locked": { + "lastModified": 1735762082, + "narHash": "sha256-K9qsihGUKwqduSzn7EcfESh+24taZ1aZ37Vgrd6Xz18=", + "ref": "refs/heads/main", + "rev": "57585faa7b457a71b3c281aa3aaed094f06b8d6f", + "revCount": 14, + "type": "git", + "url": "https://forge.lel.lol/patrick/mdns-repeater.git" + }, + "original": { + "type": "git", + "url": "https://forge.lel.lol/patrick/mdns-repeater.git" + } + }, "microvm": { "inputs": { "flake-utils": "flake-utils_2", @@ -1374,6 +1531,22 @@ "type": "github" } }, + "mk-naked-shell_3": { + "flake": false, + "locked": { + "lastModified": 1681286841, + "narHash": "sha256-3XlJrwlR0nBiREnuogoa5i1b4+w/XPe0z8bbrJASw0g=", + "owner": "yusdacra", + "repo": "mk-naked-shell", + "rev": "7612f828dd6f22b7fb332cc69440e839d7ffe6bd", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "mk-naked-shell", + "type": "github" + } + }, "nci": { "inputs": { "crane": "crane", @@ -1406,11 +1579,35 @@ "crane": "crane_3", "dream2nix": "dream2nix_2", "mk-naked-shell": "mk-naked-shell_2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "parts": "parts_2", "rust-overlay": "rust-overlay_3", "treefmt": "treefmt_2" }, + "locked": { + "lastModified": 1735020953, + "narHash": "sha256-q/v+eluD7ptwWUJMyryJ+OwbICP+Nt5FUaQW+37V9/A=", + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "rev": "7b5be53a90e5f5e95e5c801b6a7e98a432e41abf", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "type": "github" + } + }, + "nci_3": { + "inputs": { + "crane": "crane_4", + "dream2nix": "dream2nix_3", + "mk-naked-shell": "mk-naked-shell_3", + "nixpkgs": "nixpkgs_7", + "parts": "parts_3", + "rust-overlay": "rust-overlay_4", + "treefmt": "treefmt_3" + }, "locked": { "lastModified": 1731605339, "narHash": "sha256-O0vWXiC1pBYXgdsKbQGw0Jev8Sc6dxR9Up0NKgIeH9g=", @@ -1448,10 +1645,10 @@ }, "nix-eval-jobs": { "inputs": { - "flake-parts": "flake-parts_6", + "flake-parts": "flake-parts_7", "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_8", - "treefmt-nix": "treefmt-nix_4" + "nixpkgs": "nixpkgs_12", + "treefmt-nix": "treefmt-nix_5" }, "locked": { "lastModified": 1733909753, @@ -1511,10 +1708,10 @@ }, "nix-topology": { "inputs": { - "devshell": "devshell_4", + "devshell": "devshell_5", "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_2", - "pre-commit-hooks": "pre-commit-hooks_3" + "nixpkgs": "nixpkgs_6", + "pre-commit-hooks": "pre-commit-hooks_4" }, "locked": { "lastModified": 1734266385, @@ -1547,13 +1744,13 @@ }, "nixos-extra-modules": { "inputs": { - "devshell": "devshell_5", + "devshell": "devshell_6", "flake-utils": "flake-utils_4", "lib-net": "lib-net", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks_4" + "pre-commit-hooks": "pre-commit-hooks_5" }, "locked": { "lastModified": 1734643696, @@ -1628,12 +1825,12 @@ }, "nixp-meta": { "inputs": { - "devshell": "devshell_6", - "flake-parts": "flake-parts_5", - "nci": "nci_2", - "nixpkgs": "nixpkgs_4", - "pre-commit-hooks": "pre-commit-hooks_5", - "treefmt-nix": "treefmt-nix_3" + "devshell": "devshell_7", + "flake-parts": "flake-parts_6", + "nci": "nci_3", + "nixpkgs": "nixpkgs_8", + "pre-commit-hooks": "pre-commit-hooks_6", + "treefmt-nix": "treefmt-nix_4" }, "locked": { "lastModified": 1734695484, @@ -1702,6 +1899,18 @@ } }, "nixpkgs-lib_4": { + "locked": { + "lastModified": 1733096140, + "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" + } + }, + "nixpkgs-lib_5": { "locked": { "lastModified": 1730504152, "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", @@ -1713,7 +1922,7 @@ "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" } }, - "nixpkgs-lib_5": { + "nixpkgs-lib_6": { "locked": { "lastModified": 1734224914, "narHash": "sha256-hKWALzQ/RxxXdKWsLKXULru6XTag9Cc5exgVyS4a/AE=", @@ -1777,22 +1986,6 @@ } }, "nixpkgs-stable_4": { - "locked": { - "lastModified": 1685801374, - "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_5": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -1808,6 +2001,22 @@ "type": "github" } }, + "nixpkgs-stable_5": { + "locked": { + "lastModified": 1685801374, + "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-stable_6": { "locked": { "lastModified": 1730741070, @@ -1824,9 +2033,25 @@ "type": "github" } }, + "nixpkgs-stable_7": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-wayland": { "inputs": { - "flake-compat": "flake-compat_9", + "flake-compat": "flake-compat_11", "lib-aggregate": "lib-aggregate", "nix-eval-jobs": "nix-eval-jobs", "nixpkgs": [ @@ -1847,71 +2072,7 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1731139594, - "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1731319897, - "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dc460ec76cbff0e66e269457d7b728432263166c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1730768919, - "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { + "nixpkgs_10": { "locked": { "lastModified": 1726871744, "narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=", @@ -1927,7 +2088,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_11": { "locked": { "lastModified": 1734119587, "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", @@ -1943,7 +2104,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_12": { "locked": { "lastModified": 1732238832, "narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=", @@ -1959,7 +2120,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_13": { "locked": { "lastModified": 1725194671, "narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=", @@ -1975,11 +2136,139 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1734649271, + "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1734649271, + "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1730768919, + "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1733097829, + "narHash": "sha256-9hbb1rqGelllb4kVUCZ307G2k3/UhmA8PPGBoyuWaSw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2c15aa59df0017ca140d9ba302412298ab4bf22a", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1731139594, + "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1731319897, + "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dc460ec76cbff0e66e269457d7b728432263166c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1730768919, + "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { - "devshell": "devshell_7", - "flake-compat": "flake-compat_10", - "flake-parts": "flake-parts_7", + "devshell": "devshell_8", + "flake-compat": "flake-compat_12", + "flake-parts": "flake-parts_8", "git-hooks": "git-hooks", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin", @@ -1987,7 +2276,7 @@ "nixpkgs" ], "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": "treefmt-nix_5" + "treefmt-nix": "treefmt-nix_6" }, "locked": { "lastModified": 1734368549, @@ -2049,6 +2338,28 @@ } }, "parts_2": { + "inputs": { + "nixpkgs-lib": [ + "mdns", + "nci", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "parts_3": { "inputs": { "nixpkgs-lib": [ "nixp-meta", @@ -2147,8 +2458,29 @@ }, "pre-commit-hooks_3": { "inputs": { - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_6", "gitignore": "gitignore_4", + "nixpkgs": "nixpkgs_4", + "nixpkgs-stable": "nixpkgs-stable_4" + }, + "locked": { + "lastModified": 1734797603, + "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_4": { + "inputs": { + "flake-compat": "flake-compat_7", + "gitignore": "gitignore_5", "nixpkgs": [ "nix-topology", "nixpkgs" @@ -2172,19 +2504,19 @@ "type": "github" } }, - "pre-commit-hooks_4": { + "pre-commit-hooks_5": { "inputs": { - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_8", "flake-utils": [ "nixos-extra-modules", "flake-utils" ], - "gitignore": "gitignore_5", + "gitignore": "gitignore_6", "nixpkgs": [ "nixos-extra-modules", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_4" + "nixpkgs-stable": "nixpkgs-stable_5" }, "locked": { "lastModified": 1702456155, @@ -2200,12 +2532,12 @@ "type": "github" } }, - "pre-commit-hooks_5": { + "pre-commit-hooks_6": { "inputs": { - "flake-compat": "flake-compat_8", - "gitignore": "gitignore_6", - "nixpkgs": "nixpkgs_5", - "nixpkgs-stable": "nixpkgs-stable_5" + "flake-compat": "flake-compat_10", + "gitignore": "gitignore_7", + "nixpkgs": "nixpkgs_9", + "nixpkgs-stable": "nixpkgs-stable_6" }, "locked": { "lastModified": 1731363552, @@ -2221,14 +2553,14 @@ "type": "github" } }, - "pre-commit-hooks_6": { + "pre-commit-hooks_7": { "inputs": { - "flake-compat": "flake-compat_11", - "gitignore": "gitignore_8", + "flake-compat": "flake-compat_13", + "gitignore": "gitignore_9", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_6" + "nixpkgs-stable": "nixpkgs-stable_7" }, "locked": { "lastModified": 1734379367, @@ -2271,14 +2603,39 @@ }, "purescript-overlay_2": { "inputs": { - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_5", + "nixpkgs": [ + "mdns", + "nci", + "dream2nix", + "nixpkgs" + ], + "slimlock": "slimlock_2" + }, + "locked": { + "lastModified": 1728546539, + "narHash": "sha256-Sws7w0tlnjD+Bjck1nv29NjC5DbL6nH5auL9Ex9Iz2A=", + "owner": "thomashoneyman", + "repo": "purescript-overlay", + "rev": "4ad4c15d07bd899d7346b331f377606631eb0ee4", + "type": "github" + }, + "original": { + "owner": "thomashoneyman", + "repo": "purescript-overlay", + "type": "github" + } + }, + "purescript-overlay_3": { + "inputs": { + "flake-compat": "flake-compat_9", "nixpkgs": [ "nixp-meta", "nci", "dream2nix", "nixpkgs" ], - "slimlock": "slimlock_2" + "slimlock": "slimlock_3" }, "locked": { "lastModified": 1728546539, @@ -2328,6 +2685,23 @@ "type": "github" } }, + "pyproject-nix_3": { + "flake": false, + "locked": { + "lastModified": 1702448246, + "narHash": "sha256-hFg5s/hoJFv7tDpiGvEvXP0UfFvFEDgTdyHIjDVHu1I=", + "owner": "davhau", + "repo": "pyproject.nix", + "rev": "5a06a2697b228c04dd2f35659b4b659ca74f7aeb", + "type": "github" + }, + "original": { + "owner": "davhau", + "ref": "dream2nix", + "repo": "pyproject.nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -2339,6 +2713,7 @@ "idmail": "idmail", "impermanence": "impermanence", "lanzaboote": "lanzaboote", + "mdns": "mdns", "microvm": "microvm", "nix-index-database": "nix-index-database", "nix-topology": "nix-topology", @@ -2347,10 +2722,10 @@ "nixos-hardware": "nixos-hardware", "nixos-nftables-firewall": "nixos-nftables-firewall", "nixp-meta": "nixp-meta", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_11", "nixpkgs-wayland": "nixpkgs-wayland", "nixvim": "nixvim", - "pre-commit-hooks": "pre-commit-hooks_6", + "pre-commit-hooks": "pre-commit-hooks_7", "spicetify-nix": "spicetify-nix", "stylix": "stylix", "systems": "systems_10", @@ -2402,6 +2777,28 @@ } }, "rust-overlay_3": { + "inputs": { + "nixpkgs": [ + "mdns", + "nci", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735007320, + "narHash": "sha256-NdhUgB9BkLGW9I+Q1GyUUCc3CbDgsg7HLWjG7WZBR5Q=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "fb5fdba697ee9a2391ca9ceea3b853b4e3ce37a5", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_4": { "inputs": { "nixpkgs": [ "nixp-meta", @@ -2448,6 +2845,30 @@ } }, "slimlock_2": { + "inputs": { + "nixpkgs": [ + "mdns", + "nci", + "dream2nix", + "purescript-overlay", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688756706, + "narHash": "sha256-xzkkMv3neJJJ89zo3o2ojp7nFeaZc2G0fYwNXNJRFlo=", + "owner": "thomashoneyman", + "repo": "slimlock", + "rev": "cf72723f59e2340d24881fd7bf61cb113b4c407c", + "type": "github" + }, + "original": { + "owner": "thomashoneyman", + "repo": "slimlock", + "type": "github" + } + }, + "slimlock_3": { "inputs": { "nixpkgs": [ "nixp-meta", @@ -2489,7 +2910,7 @@ }, "spicetify-nix": { "inputs": { - "flake-compat": "flake-compat_12", + "flake-compat": "flake-compat_14", "nixpkgs": [ "nixpkgs" ] @@ -2514,11 +2935,11 @@ "base16-fish": "base16-fish", "base16-helix": "base16-helix", "base16-vim": "base16-vim", - "flake-compat": "flake-compat_13", + "flake-compat": "flake-compat_15", "flake-utils": "flake-utils_7", "gnome-shell": "gnome-shell", "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_13", "systems": "systems_9", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", @@ -2819,7 +3240,25 @@ }, "treefmt-nix_3": { "inputs": { - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "lastModified": 1734982074, + "narHash": "sha256-N7M37KP7cHWoXicuE536GrVvU8nMDT/gpI1kja2hkdg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "e41e948cf097cbf96ba4dff47a30ea6891af9f33", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_4": { + "inputs": { + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1730321837, @@ -2835,7 +3274,7 @@ "type": "github" } }, - "treefmt-nix_4": { + "treefmt-nix_5": { "inputs": { "nixpkgs": [ "nixpkgs-wayland", @@ -2857,7 +3296,7 @@ "type": "github" } }, - "treefmt-nix_5": { + "treefmt-nix_6": { "inputs": { "nixpkgs": [ "nixvim", @@ -2879,6 +3318,28 @@ } }, "treefmt_2": { + "inputs": { + "nixpkgs": [ + "mdns", + "nci", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734982074, + "narHash": "sha256-N7M37KP7cHWoXicuE536GrVvU8nMDT/gpI1kja2hkdg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "e41e948cf097cbf96ba4dff47a30ea6891af9f33", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt_3": { "inputs": { "nixpkgs": [ "nixp-meta", diff --git a/flake.nix b/flake.nix index 67656ee..e74721a 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,7 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixp-meta.url = "git+https://forge.lel.lol/patrick/nixp-meta.git"; + mdns.url = "git+https://forge.lel.lol/patrick/mdns-repeater.git"; idmail = { url = "github:oddlama/idmail/"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/nucnix/mdns.nix b/hosts/nucnix/mdns.nix new file mode 100644 index 0000000..20fc3fd --- /dev/null +++ b/hosts/nucnix/mdns.nix @@ -0,0 +1,75 @@ +{ + inputs, + pkgs, + lib, + ... +}: +let + cfg = { + interfaces = "lan-.*"; + rules = [ + { + from = "lan-home"; + to = "lan-services"; + allow_questions = "(nucnix|elisabeth)"; + allow_answers = ""; + } + { + from = "lan-services"; + to = "lan-home"; + allow_questions = ""; + allow_answers = "(nucnix|elisabeth)"; + } + ]; + }; +in +{ + systemd.services.mdns-relay = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + #environment.RUST_LOG = "debug"; + + serviceConfig = { + Restart = "on-failure"; + ExecStart = "${ + lib.getExe inputs.mdns.packages.${pkgs.system}.default + } -c ${pkgs.writeText "config.json" (builtins.toJSON cfg)}"; + + # Hardening + DynamicUser = true; + CapabilityBoundingSet = ""; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateUsers = true; + PrivateTmp = true; + PrivateDevices = true; + PrivateMounts = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_NETLINK" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; + UMask = "0027"; + }; + }; +} diff --git a/hosts/nucnix/net.nix b/hosts/nucnix/net.nix index 3566e5e..87fac3d 100644 --- a/hosts/nucnix/net.nix +++ b/hosts/nucnix/net.nix @@ -18,6 +18,7 @@ in imports = [ ./kea.nix ./forwarding.nix + ./mdns.nix ]; boot.kernel.sysctl."net.ipv4.ip_forward" = 1; networking.nftables.firewall.zones = mkMerge [