patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: switch to new extra-modules allowing multiple interfaces

Browse source
This commit is contained in:
Patrick 2024-12-20 11:07:22 +01:00
parent f2578916ae
commit 8332bc45ba
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
7 changed files with 58 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
config/services/adguardhome.nix
View file

@ -13,12 +13,7 @@
settings = { settings = {
dns = { dns = {
bind_hosts = [ bind_hosts = [
(lib.net.cidr.host config.secrets.secrets.global.net.ips.${config.node.name} "0.0.0.0"
config.secrets.secrets.global.net.privateSubnetv4
)
(lib.net.cidr.host config.secrets.secrets.global.net.ips.${config.node.name}
config.secrets.secrets.global.net.privateSubnetv6
)
]; ];
anonymize_client_ip = false; anonymize_client_ip = false;
upstream_dns = [ upstream_dns = [

13
flake.lock
View file

@ -1556,12 +1556,13 @@
"pre-commit-hooks": "pre-commit-hooks_4" "pre-commit-hooks": "pre-commit-hooks_4"
}, },
"locked": { "locked": {
"lastModified": 1734380654, "lastModified": 1734643696,
"narHash": "sha256-YrJ4vz6fbz5Sz7H6mdFsqaqEkLVOJUnrUi6swiYbmc4=", "narHash": "sha256-W5JSWhhThI9erzhZmpHy1gZGwSxEGPKYmOUBEXH/WGA=",
"owner": "oddlama", "ref": "refs/heads/main",
"repo": "nixos-extra-modules", "rev": "6a4736e0773a1852b0b6c5f71cbe96dd39c3caf1",
"rev": "da6945497bb3e6a2baf3d783c12d780ea8c4b5ea", "revCount": 40,
"type": "github" "type": "git",
"url": "file:///home/patrick/repos/nix/nixos-extra-modules"
}, },
"original": { "original": {
"owner": "oddlama", "owner": "oddlama",

26
hosts/elisabeth/guests.nix
View file

@ -219,23 +219,11 @@ in
../../config/services/${guestName}.nix ../../config/services/${guestName}.nix
{ {
node.secretsDir = config.node.secretsDir + "/${guestName}"; node.secretsDir = config.node.secretsDir + "/${guestName}";
networking.nftables.firewall.zones.untrusted.interfaces = [ networking.nftables.firewall.zones.untrusted.interfaces =
config.guests.${guestName}.networking.mainLinkName if lib.length config.guests.${guestName}.networking.links < 2 then
]; config.guests.${guestName}.networking.links
systemd.network.networks."10-${config.guests.${guestName}.networking.mainLinkName}" = { else
DHCP = lib.mkForce "no"; [ ];
address = [
(lib.net.cidr.hostCidr
config.secrets.secrets.global.net.ips."${config.guests.${guestName}.nodeName}"
config.secrets.secrets.global.net.privateSubnetv4
)
(lib.net.cidr.hostCidr
config.secrets.secrets.global.net.ips."${config.guests.${guestName}.nodeName}"
config.secrets.secrets.global.net.privateSubnetv6
)
];
gateway = [ (lib.net.cidr.host 1 config.secrets.secrets.global.net.privateSubnetv4) ];
};
} }
]; ];
}; };
@ -245,7 +233,7 @@ in
backend = "microvm"; backend = "microvm";
microvm = { microvm = {
system = "x86_64-linux"; system = "x86_64-linux";
macvtap = "lan"; interfaces."lan" = { };
baseMac = config.secrets.secrets.local.networking.interfaces.lan01.mac; baseMac = config.secrets.secrets.local.networking.interfaces.lan01.mac;
}; };
extraSpecialArgs = { extraSpecialArgs = {
@ -259,7 +247,7 @@ in
mkContainer = guestName: cfg: { mkContainer = guestName: cfg: {
${guestName} = mkGuest guestName cfg // { ${guestName} = mkGuest guestName cfg // {
backend = "container"; backend = "container";
container.macvlan = "lan"; container.macvlans = [ "lan" ];
extraSpecialArgs = { extraSpecialArgs = {
inherit inherit
lib lib

47
hosts/nucnix/guests.nix
View file

@ -114,7 +114,7 @@ in
guests = guests =
let let
mkGuest = guestName: { mkGuest = guestName: _: {
autostart = true; autostart = true;
zfs."/state" = { zfs."/state" = {
pool = "rpool"; pool = "rpool";
@ -129,12 +129,11 @@ in
../../config/services/${guestName}.nix ../../config/services/${guestName}.nix
{ {
node.secretsDir = config.node.secretsDir + "/${guestName}"; node.secretsDir = config.node.secretsDir + "/${guestName}";
networking.nftables.firewall.zones.untrusted.interfaces = [ networking.nftables.firewall.zones.untrusted.interfaces =
config.guests.${guestName}.networking.mainLinkName if lib.length config.guests.${guestName}.networking.links < 2 then
]; config.guests.${guestName}.networking.links
systemd.network.networks."10-${config.guests.${guestName}.networking.mainLinkName}" = { else
DHCP = "yes"; [ ];
};
} }
]; ];
}; };
@ -155,21 +154,27 @@ in
}; };
}; };
mkContainer = guestName: cfg: { mkContainer =
${guestName} = mkGuest guestName cfg // { guestName:
backend = "container"; {
container.macvlan = "lan"; macvlans ? [ "lan-services" ],
extraSpecialArgs = { ...
inherit }@cfg:
lib {
nodes ${guestName} = mkGuest guestName cfg // {
inputs backend = "container";
minimal container.macvlans = macvlans;
stateVersion extraSpecialArgs = {
; inherit
lib
nodes
inputs
minimal
stateVersion
;
};
}; };
}; };
};
in in
{ }; { } // mkContainer "adguardhome" { macvlans = [ "lan-services" ]; };
} }

BIN
secrets/wireguard/elisabeth/keys/nucnix-adguardhome.age Normal file
View file

Binary file not shown.

1
secrets/wireguard/elisabeth/keys/nucnix-adguardhome.pub Normal file
View file

@ -0,0 +1 @@
F3tFnEGn58ahB2p4hI4xFRfwyK7SU3+Dx598DcLAQlA=

16
secrets/wireguard/elisabeth/psks/elisabeth+nucnix-adguardhome.age Normal file
View file

@ -0,0 +1,16 @@
age-encryption.org/v1
-> X25519 SaIhuXPtLjcLt1Bmbbmx8WaluLUtJRGS6Ehu641msW0
3Jyo1+XU0WVEsndNWFadBOcbE2TD7akuyyocxnzXcsU
-> piv-p256 ZFgiIw At2NriI63IhtpOKPqROmstH/t/kIMbXwWD/pKijLGdsd
yTUXG+ZeR9451nnGg5Nevhf6ES2tL6GpsTgNriNpg0Q
-> piv-p256 XTQkUA A9BJKAQ8L6ZjMm8W087HhkLNticb/Ddr7eiv/cI0guis
qPgkfSrq1RtZYCjXgujchhm1M9cW9boWrxCLhwoN/1c
-> piv-p256 ZFgiIw AzR6JgDfdmALfrIMrk43Fskz3ANKkSHz9bKlW2OF5T/P
k/vh/K8fmyCGQkoMvNf02b9KB0CZqMLu5RZc9yj1wRE
-> piv-p256 5vmPtQ AxioglXD0p1v6ZepKafFLW49RG3CUyl4lxjagpkUuI0H
3/XzPXIV1S7kuTICI0fD+Y2lCjSwcSPwrH9YfkPIyDI
-> #8D3.~O-grease [Gk GcS
wuRoJDrp0TmHzMmIEyPkSe4N9ITWjxfMbqQJSxn4rWH4wE+YAbXmJE+Ujtecupnf
xmymVCCVP5Cvmnx/KrXVVsyxKaLtiYcAnqHvTsmQgQR1LbuV9FB/tw
--- v0LwqJa53xUGcC7NIzI1UwACS8kGzRaMOsf0HIF6X2A
Ék˜ÏåvÎÌÆ?¼ú—V®¿"<22>0Ðn<08>d"¸Âøá ;ÖßËQHSò«¿•ÏÄT^³ I*Åï(>èÒÓ…bWmBL-