Compare commits
1 Commits
master
...
d411b517bb
| Author | SHA1 | Date | |
|---|---|---|---|
| d411b517bb |
41
flake.lock
generated
41
flake.lock
generated
@@ -90,11 +90,11 @@
|
||||
},
|
||||
"crane": {
|
||||
"locked": {
|
||||
"lastModified": 1772560058,
|
||||
"narHash": "sha256-NuVKdMBJldwUXgghYpzIWJdfeB7ccsu1CC7B+NfSoZ8=",
|
||||
"lastModified": 1763938834,
|
||||
"narHash": "sha256-j8iB0Yr4zAvQLueCZ5abxfk6fnG/SJ5JnGUziETjwfg=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "db590d9286ed5ce22017541e36132eab4e8b3045",
|
||||
"rev": "d9e753122e51cee64eb8d2dddfe11148f339f5a2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -264,11 +264,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1772408722,
|
||||
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
|
||||
"lastModified": 1763759067,
|
||||
"narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
|
||||
"rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -474,15 +474,16 @@
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1772679279,
|
||||
"narHash": "sha256-ockL9qWhamkGgBYnJHTvt1oHdRvGfbS36kW9WpOhzec=",
|
||||
"owner": "nix-community",
|
||||
"lastModified": 1765032623,
|
||||
"narHash": "sha256-BbtN5NFN2RU3KP2TLA6zOoiv5MZXWqN1mXxIkKY8Kx4=",
|
||||
"owner": "devplayer0",
|
||||
"repo": "harmonia",
|
||||
"rev": "4e9e03e04467b50575f6b05c8abee12407418106",
|
||||
"rev": "310e2b2c6583710c52531785f1245d9621284310",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"owner": "devplayer0",
|
||||
"ref": "cache-config-daemon-store",
|
||||
"repo": "harmonia",
|
||||
"type": "github"
|
||||
}
|
||||
@@ -588,11 +589,11 @@
|
||||
"nix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1772224943,
|
||||
"narHash": "sha256-jJIlRLPPVYu860MVFx4gsRx3sskmLDSRWXXue5tYncw=",
|
||||
"lastModified": 1764532838,
|
||||
"narHash": "sha256-hw4J7wfqXWBCvsMVXPS4nvkcSeTXAtR5h9Ylv7a7dBA=",
|
||||
"owner": "nixos",
|
||||
"repo": "nix",
|
||||
"rev": "0acd0566e85e4597269482824711bcde7b518600",
|
||||
"rev": "8be9507a88f466dd44e6e56cd00167fa10e995b8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -640,11 +641,11 @@
|
||||
},
|
||||
"nixpkgs-mine": {
|
||||
"locked": {
|
||||
"lastModified": 1773177937,
|
||||
"narHash": "sha256-HY4jRsp70w4cCID7ScA79wB+y45n2scr3Qz/N+0352I=",
|
||||
"lastModified": 1770847929,
|
||||
"narHash": "sha256-cxvC73HcT9OP67g4KNMYbJyGwAuZLvG4vNBMqFjEdxw=",
|
||||
"owner": "devplayer0",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7d4f41507e7519949f6847e050cc0df87ce776d3",
|
||||
"rev": "3a9b7ab539186d4e9bb3c664cb4617ebd423f0bc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1052,11 +1053,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1772660329,
|
||||
"narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=",
|
||||
"lastModified": 1761311587,
|
||||
"narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "3710e0e1218041bbad640352a0440114b1e10428",
|
||||
"rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -35,8 +35,8 @@
|
||||
boardie.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
nixGL.url = "github:nix-community/nixGL";
|
||||
nixGL.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
harmonia.url = "github:nix-community/harmonia";
|
||||
# harmonia.url = "github:devplayer0/harmonia/cache-config-daemon-store";
|
||||
# harmonia.url = "github:nix-community/harmonia";
|
||||
harmonia.url = "github:devplayer0/harmonia/cache-config-daemon-store";
|
||||
harmonia.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
|
||||
# Packages not in nixpkgs
|
||||
|
||||
@@ -148,9 +148,6 @@ rec {
|
||||
hillcrest = {
|
||||
v4 = subnet 6 0 p2pTunnels.v4;
|
||||
};
|
||||
john-valorant = {
|
||||
v4 = subnet 6 1 p2pTunnels.v4;
|
||||
};
|
||||
|
||||
cust = {
|
||||
v4 = subnet 8 100 all.v4; # single ip for routing only
|
||||
@@ -449,10 +446,6 @@ rec {
|
||||
vpn.port = 51822;
|
||||
};
|
||||
|
||||
john-valorant = {
|
||||
vpn.port = 51823;
|
||||
};
|
||||
|
||||
sshKeyFiles = {
|
||||
me = ../.keys/me.pub;
|
||||
deploy = ../.keys/deploy.pub;
|
||||
|
||||
@@ -188,25 +188,6 @@ in
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
"30-john-valorant" = {
|
||||
netdevConfig = {
|
||||
Name = "john-valorant";
|
||||
Kind = "wireguard";
|
||||
};
|
||||
wireguardConfig = {
|
||||
PrivateKeyFile = config.age.secrets."estuary/john-valorant-wg.key".path;
|
||||
ListenPort = lib.my.c.john-valorant.vpn.port;
|
||||
};
|
||||
wireguardPeers = [
|
||||
{
|
||||
PublicKey = "xyqKF0yOAv1bObN1paL2vATFh77pdFfvN+JmuAxaTCk=";
|
||||
AllowedIPs = [ (net.cidr.host 2 prefixes.john-valorant.v4) ];
|
||||
PersistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
links = {
|
||||
@@ -384,7 +365,7 @@ in
|
||||
};
|
||||
"95-hillcrest" = {
|
||||
matchConfig.Name = "hillcrest";
|
||||
address = [ "${net.cidr.host 1 prefixes.hillcrest.v4}/32" ];
|
||||
address = [ (net.cidr.host 1 prefixes.hillcrest.v4) ];
|
||||
routes = [
|
||||
{
|
||||
Destination = net.cidr.host 2 prefixes.hillcrest.v4;
|
||||
@@ -392,16 +373,6 @@ in
|
||||
}
|
||||
];
|
||||
};
|
||||
"95-john-valorant" = {
|
||||
matchConfig.Name = "john-valorant";
|
||||
address = [ "${net.cidr.host 1 prefixes.john-valorant.v4}/32" ];
|
||||
routes = [
|
||||
{
|
||||
Destination = net.cidr.host 2 prefixes.john-valorant.v4;
|
||||
Scope = "link";
|
||||
}
|
||||
];
|
||||
};
|
||||
} ];
|
||||
};
|
||||
|
||||
@@ -415,9 +386,6 @@ in
|
||||
"estuary/hillcrest-wg.key" = {
|
||||
owner = "systemd-network";
|
||||
};
|
||||
"estuary/john-valorant-wg.key" = {
|
||||
owner = "systemd-network";
|
||||
};
|
||||
"l2mesh/as211024.key" = {};
|
||||
};
|
||||
};
|
||||
@@ -429,13 +397,7 @@ in
|
||||
};
|
||||
};
|
||||
firewall = {
|
||||
udp.allowed = [
|
||||
5353
|
||||
|
||||
lib.my.c.kelder.vpn.port
|
||||
lib.my.c.hillcrest.vpn.port
|
||||
lib.my.c.john-valorant.vpn.port
|
||||
];
|
||||
udp.allowed = [ 5353 lib.my.c.kelder.vpn.port lib.my.c.hillcrest.vpn.port ];
|
||||
tcp.allowed = [ 5353 "bgp" ];
|
||||
nat = {
|
||||
enable = true;
|
||||
@@ -504,7 +466,7 @@ in
|
||||
iifname { wan, as211024, $ixps } oifname base jump filter-routing
|
||||
oifname $ixps jump ixp
|
||||
iifname base oifname { base, wan, $ixps } accept
|
||||
oifname { as211024, kelder, hillcrest, john-valorant } accept
|
||||
oifname { as211024, kelder, hillcrest } accept
|
||||
}
|
||||
chain output {
|
||||
oifname ifog ether type != vlan reject
|
||||
@@ -517,7 +479,6 @@ in
|
||||
}
|
||||
chain postrouting {
|
||||
oifname hillcrest snat ip to ${net.cidr.host 1 prefixes.hillcrest.v4}
|
||||
oifname john-valorant snat ip to ${net.cidr.host 1 prefixes.john-valorant.v4}
|
||||
ip saddr ${prefixes.all.v4} oifname != as211024 snat to ${assignments.internal.ipv4.address}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -185,9 +185,6 @@ in
|
||||
jam-fwd IN A ${allAssignments.shill.internal.ipv4.address}
|
||||
jam-cust IN AAAA ${net.cidr.host 1 prefixes.jam.v6}
|
||||
|
||||
hillcrest-tun IN A ${net.cidr.host 2 prefixes.hillcrest.v4}
|
||||
john-valorant-tun IN A ${net.cidr.host 2 prefixes.john-valorant.v4}
|
||||
|
||||
$TTL 3
|
||||
_acme-challenge IN LUA TXT @@FILE@@
|
||||
|
||||
|
||||
@@ -437,14 +437,6 @@ in
|
||||
};
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
"hass-john.${pubDomain}" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://john-valorant-tun.${domain}:8123";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = proxyHeaders;
|
||||
};
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
};
|
||||
|
||||
minio =
|
||||
|
||||
@@ -262,7 +262,7 @@ in
|
||||
signKeyPaths = [ config.age.secrets."nix-cache.key".path ];
|
||||
settings = {
|
||||
priority = 30;
|
||||
virtual_nix_store = "/nix/store";
|
||||
daemon_store = "/nix/store";
|
||||
real_nix_store = "/var/lib/harmonia/nix/store";
|
||||
};
|
||||
};
|
||||
|
||||
@@ -206,12 +206,10 @@ in
|
||||
op
|
||||
"fffa146c-0bc8-421c-9e3a-3635c0aca2ea" # Scarlehh
|
||||
"1ea05f48-76cc-4034-bcd3-2fa1fc5a7375" # Dario
|
||||
"4bf837b1-01db-4491-a0e0-700d98542833" # JoeSpencer
|
||||
"d07a9554-1b05-4b0b-b558-27e4a86e1f53" # AmyClover
|
||||
];
|
||||
EXISTING_OPS_FILE = "SYNCHRONIZE";
|
||||
OPS = op;
|
||||
DIFFICULTY = "hard";
|
||||
DIFFICULTY = "normal";
|
||||
SPAWN_PROTECTION = "0";
|
||||
VIEW_DISTANCE = "20";
|
||||
|
||||
|
||||
@@ -118,7 +118,6 @@ in
|
||||
};
|
||||
};
|
||||
blueman.enable = true;
|
||||
avahi.enable = true;
|
||||
};
|
||||
|
||||
programs = {
|
||||
@@ -162,7 +161,6 @@ in
|
||||
network = {
|
||||
netdevs = mkMerge [
|
||||
(mkVLAN "lan-hi" vlans.hi)
|
||||
(mkVLAN "lan-lo" vlans.lo)
|
||||
];
|
||||
links = {
|
||||
"10-et2.5g" = {
|
||||
@@ -184,7 +182,7 @@ in
|
||||
networks = {
|
||||
"30-et100g" = {
|
||||
matchConfig.Name = "et100g";
|
||||
vlan = [ "lan-hi" "lan-lo" ];
|
||||
vlan = [ "lan-hi" ];
|
||||
networkConfig.IPv6AcceptRA = false;
|
||||
};
|
||||
"40-lan-hi" = mkMerge [
|
||||
@@ -192,22 +190,6 @@ in
|
||||
# So we don't drop the IP we use to connect to NVMe-oF!
|
||||
{ networkConfig.KeepConfiguration = "static"; }
|
||||
];
|
||||
"45-lan-lo" = {
|
||||
matchConfig.Name = "lan-lo";
|
||||
networkConfig = {
|
||||
DHCP = "ipv4";
|
||||
IPv6AcceptRA = true;
|
||||
UseDomains = false;
|
||||
};
|
||||
dhcpV4Config = {
|
||||
UseDNS = false;
|
||||
UseGateway = false;
|
||||
};
|
||||
ipv6AcceptRAConfig = {
|
||||
UseDNS = false;
|
||||
UseGateway = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -33,7 +33,7 @@ def main():
|
||||
|
||||
print(f'Updating {args.record} -> {address}')
|
||||
cf.dns.records.edit(
|
||||
zone_id=zone.id, dns_record_id=record.id, name=args.record,
|
||||
zone_id=zone.id, dns_record_id=record.id,
|
||||
type='A', content=address)
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
||||
@@ -165,28 +165,6 @@ in
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
id = 3;
|
||||
subnet = prefixes.untrusted.v4;
|
||||
interface = "lan-untrusted";
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = vips.untrusted.v4;
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "1.1.1.1, 1.0.0.1";
|
||||
}
|
||||
];
|
||||
pools = [
|
||||
{
|
||||
pool = if index == 0
|
||||
then "192.168.80.10 - 192.168.80.127"
|
||||
else "192.168.80.128 - 192.168.80.250";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
ddns-send-updates = true;
|
||||
ddns-replace-client-name = "when-not-present";
|
||||
|
||||
@@ -20,7 +20,10 @@ let
|
||||
};
|
||||
|
||||
vlanIface = vlan: if vlan == "as211024" then vlan else "lan-${vlan}";
|
||||
vrrpIPs = family: concatMap (vlan: [
|
||||
vrrpIPs = family: concatMap (vlan: (optional (family == "v6") {
|
||||
addr = "fe80::1/64";
|
||||
dev = vlanIface vlan;
|
||||
}) ++ [
|
||||
{
|
||||
addr = "${vips.${vlan}.${family}}/${toString (net.cidr.length prefixes.${vlan}.${family})}";
|
||||
dev = vlanIface vlan;
|
||||
@@ -61,9 +64,6 @@ in
|
||||
v4 = mkVRRP "v4" 51;
|
||||
v6 = (mkVRRP "v6" 52) // {
|
||||
extraConfig = ''
|
||||
virtual_ipaddress_excluded {
|
||||
${concatMapStringsSep "\n" (vlan: "fe80::1/64 dev ${vlanIface vlan}") (attrNames vips)}
|
||||
}
|
||||
notify_master "${config.systemd.package}/bin/systemctl start radvd.service" root
|
||||
notify_backup "${config.systemd.package}/bin/systemctl stop radvd.service" root
|
||||
'';
|
||||
|
||||
@@ -139,7 +139,6 @@ in
|
||||
bash-completion
|
||||
git
|
||||
unzip
|
||||
tcpdump
|
||||
]
|
||||
(mkIf config.services.netdata.enable [ netdata ])
|
||||
];
|
||||
|
||||
@@ -5,10 +5,23 @@ let
|
||||
|
||||
cfg = config.my.netboot;
|
||||
|
||||
# Newer releases don't boot on desktop?
|
||||
ipxe = pkgs.ipxe.overrideAttrs (o: rec {
|
||||
version = "1.21.1-unstable-2024-06-27";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "ipxe";
|
||||
repo = "ipxe";
|
||||
rev = "b66e27d9b29a172a097c737ab4d378d60fe01b05";
|
||||
hash = "sha256-TKZ4WjNV2oZIYNefch7E7m1JpeoC/d7O1kofoNv8G40=";
|
||||
};
|
||||
|
||||
# This upstream patch (in newer versions) is needed for newer GCC
|
||||
patches = (if (o ? patches) then o.patches else []) ++ [ ./fix-uninitialised-var.patch ];
|
||||
});
|
||||
tftpRoot = pkgs.linkFarm "tftp-root" [
|
||||
{
|
||||
name = "ipxe-x86_64.efi";
|
||||
path = "${pkgs.ipxe}/ipxe.efi";
|
||||
path = "${ipxe}/ipxe.efi";
|
||||
}
|
||||
];
|
||||
menuFile = pkgs.runCommand "menu.ipxe" {
|
||||
|
||||
@@ -36,6 +36,10 @@ in
|
||||
};
|
||||
|
||||
documentation.nixos.enable = mkDefault' false;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
tcpdump
|
||||
];
|
||||
};
|
||||
|
||||
meta.buildDocsInSandbox = false;
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG44Q3BVdyBvMndF
|
||||
M21hR3p2VmEzUm16eDEya2NtSW54SElScnQzRVhTYnhRNC9oS3dVCnFsS3ZyLyt2
|
||||
aVlsVEgySFpvKzA4cTd0ZnkwbGRHakJSL2JESU54KzFDNEkKLT4gWDI1NTE5IFQw
|
||||
cTN5bjJJVUoyckpjWnllM3piV3llM1VRSlN3Tlk4cG0yRzlTU1ZnMzQKQ2s2d0xs
|
||||
VjBjUlRkbUpHZDV0c2kwUGhUczhuVEV3ZE1WK2NxWndDQk9PWQotPiA+Oi1QYD47
|
||||
LWdyZWFzZSBFTEJWRHkzIE0oOVJTJQp2THpheXJqYmdPRlpTRXhQTkYzeGsyZ0dG
|
||||
aElRblgwWW1sT1NjZVNPUFNINXBPV1BxUldkCi0tLSBNOGhuUkNCV2NCZi9PdGxP
|
||||
WitZYTNwcDZXdGNjbDUzQkVZUEtUK2JsZTN3CrxYEwDQAvqeCckfsLUKB1ixsTF1
|
||||
rQNRYxioye5T7AZEnOrZg62qkOELmCwAD5UJt5tkNRrmHkm0JwiqNsThHX6qGnHl
|
||||
iDgytz/Hymij
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
Reference in New Issue
Block a user