From 5d1bc8cf673d2fc84f1dfda45418495cfc4d2f71 Mon Sep 17 00:00:00 2001 From: Patrick Date: Sat, 21 Dec 2024 14:06:00 +0100 Subject: [PATCH] chore: support static ips --- config/services/nginx.nix | 2 + globals.nix | 13 +++++- hosts/nucnix/guests.nix | 96 +++++++++++++++++++++++++-------------- modules/globals.nix | 5 ++ 4 files changed, 82 insertions(+), 34 deletions(-) diff --git a/config/services/nginx.nix b/config/services/nginx.nix index 7705926..bb0f647 100644 --- a/config/services/nginx.nix +++ b/config/services/nginx.nix @@ -9,6 +9,8 @@ let ipOf = name: nodes.${globals.services.${name}.host}.config.wireguard.services.ipv4; in { + systemd.network.networks."10-static" = { + }; wireguard.services = { client.via = "nucnix"; }; diff --git a/globals.nix b/globals.nix index afe994b..a447a13 100644 --- a/globals.nix +++ b/globals.nix @@ -49,6 +49,7 @@ in adguardhome = { domain = "adguardhome.${globals.domains.web}"; host = "nucnix-adguardhome"; + ip = 10; }; forgejo = { domain = "forge.${globals.domains.web}"; @@ -84,7 +85,7 @@ in }; apispotify = { domain = "apisptfy.${globals.domains.web}"; - host = "elisabeth-apispotify"; + host = "elisabeth-yourspotify"; }; kanidm = { domain = "auth.${globals.domains.web}"; @@ -118,6 +119,16 @@ in domain = "netbird.${globals.domains.web}"; host = "elisabeth-netbird"; }; + nginx = { + domain = globals.domains.web; + host = "nucnix-nginx"; + ip = 5; + }; + samba = { + domain = "smb.${globals.domains.web}"; + host = "elisabeth-samba"; + ip = 12; + }; }; }; } diff --git a/hosts/nucnix/guests.nix b/hosts/nucnix/guests.nix index 2483c00..ea4d418 100644 --- a/hosts/nucnix/guests.nix +++ b/hosts/nucnix/guests.nix @@ -1,6 +1,7 @@ { config, stateVersion, + globals, inputs, lib, minimal, @@ -9,34 +10,55 @@ { guests = let - mkGuest = guestName: _: { - autostart = true; - zfs."/state" = { - pool = "rpool"; - dataset = "local/guests/${guestName}"; + mkGuest = + guestName: + { + vlans ? [ "services" ], + ... + }: + { + autostart = true; + zfs."/state" = { + pool = "rpool"; + dataset = "local/guests/${guestName}"; + }; + zfs."/persist" = { + pool = "rpool"; + dataset = "safe/guests/${guestName}"; + }; + modules = [ + ../../config/basic + ../../config/services/${guestName}.nix + { + node.secretsDir = config.node.secretsDir + "/${guestName}"; + networking.nftables.firewall.zones.untrusted.interfaces = lib.mkIf ( + lib.length config.guests.${guestName}.networking.links == 1 + ) config.guests.${guestName}.networking.links; + systemd.network.networks = lib.mkIf (globals.services.${guestName}.ip != null) ( + lib.listToAttrs ( + lib.flip map vlans ( + name: + lib.nameValuePair "09-mv-${name}" { + matchConfig.Name = "mv-${name}"; + DHCP = "no"; + address = [ + (lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4) + ]; + gateway = lib.net.cidr.hostCidr 1 globals.net.vlans.${name}.cidrv4; + } + ) + ) + ); + } + ]; }; - zfs."/persist" = { - pool = "rpool"; - dataset = "safe/guests/${guestName}"; - }; - modules = [ - ../../config/basic - ../../config/services/${guestName}.nix - { - node.secretsDir = config.node.secretsDir + "/${guestName}"; - networking.nftables.firewall.zones.untrusted.interfaces = lib.mkIf ( - lib.length config.guests.${guestName}.networking.links == 1 - ) config.guests.${guestName}.networking.links; - } - ]; - }; mkMicrovm = guestName: cfg: { ${guestName} = mkGuest guestName cfg // { backend = "microvm"; microvm = { system = "x86_64-linux"; - interfaces.lan = { }; + interfaces.lan = lib.trace "This don't work yet" { }; baseMac = config.secrets.secrets.local.networking.interfaces.lan01.mac; }; extraSpecialArgs = { @@ -50,22 +72,30 @@ mkContainer = guestName: { - macvlans ? [ "lan-services" ], + vlans ? [ "services" ], ... }@cfg: { - ${guestName} = mkGuest guestName cfg // { - backend = "container"; - container.macvlans = macvlans; - extraSpecialArgs = { - inherit (inputs.self) nodes globals; - inherit (inputs.self.pkgs.x86_64-linux) lib; - inherit inputs minimal stateVersion; - }; - }; + ${guestName} = lib.mkMerge [ + (mkGuest guestName cfg) + { + backend = "container"; + container.macvlans = lib.flip map vlans (x: "lan-${x}:mv-${x}"); + extraSpecialArgs = { + inherit (inputs.self) nodes globals; + inherit (inputs.self.pkgs.x86_64-linux) lib; + inherit inputs minimal stateVersion; + }; + } + ]; }; in { } - // mkContainer "adguardhome" { macvlans = [ "lan-services" ]; } - // mkContainer "nginx" { macvlans = [ "lan-services" ]; }; + // mkContainer "adguardhome" { + vlans = [ + "services" + "home" + ]; + } + // mkContainer "nginx" { }; } diff --git a/modules/globals.nix b/modules/globals.nix index b0b4e71..42f84f7 100644 --- a/modules/globals.nix +++ b/modules/globals.nix @@ -132,6 +132,11 @@ in type = types.str; description = "The node-name on which this service runs"; }; + ip = mkOption { + type = types.nullOr (types.ints.between 5 49); + default = null; + description = "Optional IP in case this service runs needs a static ip. Shou"; + }; }; } );