c3d2/nix-config
c3d2
/
nix-config
23
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Flakification

This commit is contained in:
Ehmry - 2021-02-21 21:25:45 +01:00
parent 27bc1ceec8
commit 6544cbc32f
16 changed files with 278 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
README.md
View File

@ -1,7 +1,37 @@
# Setup
Nix with flakes support is required. Run this in a shell…
```
# Enter a temporary shell with flakes support:
nix-shell --packages nixFlakes
# Set some configuration (do this only once):
echo 'experimental-features = nix-command flakes' >> ~/.config/nix/nix.conf
# Add this repository to your local flake registry:
nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config
```
…or set this to your NixOS configuration:
```
{ pkgs, ... }: {
nix = {
package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes";
};
}
```
# Deployment # Deployment
Beide failen bei Activation des neuen Profils. (TODO) Beide failen bei Activation des neuen Profils. (TODO)
## Mit flakes
Use `nix run` with one of the deploy scripts exported by the flake,
for example: `nix run c3d2#deploy-glotzbert switch`. Use `nix flake show c3d2`
to show what is available. Note that the deploy scripts only work if
the target machines already has flakes enabled.
## Mit NixOps ## Mit NixOps
@ -55,10 +85,10 @@ This is necessary, so you can login to any machine with your gpg key.
# Laptops / Desktops # Laptops / Desktops
This repository contains a NixOS module that can be used with personal machines This repository contains a NixOS module that can be used with personal machines
as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of
registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6 registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6
addresses local to HQ. Simply import the `lib` directory to use the module. As addresses local to HQ. Simply import the `lib` directory to use the module. As
an example: an example:
```nix ```nix
@ -83,3 +113,9 @@ in {
} }
``` ```
# Custom packages
Additional packages can be added to [./nixpkgs-overlay]. These packages are available
during NixOS configuration as well as from the flake via `nix shell c3d2#…` (see above
for adding this repository to your local nix registry).

91
flake.lock
View File

@ -1,77 +1,6 @@
{ {
"nodes": { "nodes": {
"hydra": {
"inputs": {
"nix": "nix",
"nixpkgs": [
"hydra",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1603366072,
"narHash": "sha256-9dK7Mx9BZHZTeJ/oolS7nMakVnCdXQlsA2ePWNPhQks=",
"owner": "NixOS",
"repo": "hydra",
"rev": "be709d450b98a384374228db51c14dc958a3a72a",
"type": "github"
},
"original": {
"id": "hydra",
"type": "indirect"
}
},
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1598695561,
"narHash": "sha256-gyH/5j+h/nWw0W8AcR2WKvNBUsiQ7QuxqSJNXAwV+8E=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "1705b4a26fbf065d9574dce47a94e8c7c79e052f",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1603189103,
"narHash": "sha256-KVS/Z6FzMBOl5XCyOLwfiVoX7G2LQRa9HMGNnJRPCoo=",
"owner": "NixOS",
"repo": "nix",
"rev": "e0ca98c2071b815578470e280df8fdb750c7e23b",
"type": "github"
},
"original": {
"id": "nix",
"type": "indirect"
}
},
"nixpkgs": { "nixpkgs": {
"locked": {
"lastModified": 1602702596,
"narHash": "sha256-fqJ4UgOb4ZUnCDIapDb4gCrtAah5Rnr2/At3IzMitig=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ad0d20345219790533ebe06571f82ed6b034db31",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-20.09-small",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1603722914, "lastModified": 1603722914,
"narHash": "sha256-V3cst4osjvfsrR5Qpk8CYWRFQiGm1Rm4lanjMWooH2o=", "narHash": "sha256-V3cst4osjvfsrR5Qpk8CYWRFQiGm1Rm4lanjMWooH2o=",
@ -89,8 +18,24 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"hydra": "hydra", "nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2" "secrets": "secrets"
}
},
"secrets": {
"flake": false,
"locked": {
"lastModified": 1607473285,
"narHash": "sha256-cnilic++Xa2RB8krfNe0/ndZ6jFo2FQWIq8YrZ1pWrE=",
"ref": "master",
"rev": "0efb7df81d358c033a72fcc0c65016ff86f54858",
"revCount": 76,
"type": "git",
"url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
},
"original": {
"type": "git",
"url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
} }
} }
}, },

123
flake.nix
View File

@ -3,36 +3,111 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/release-20.09"; nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
# secrets.url = "git+file:///etc/nixos/secrets"; secrets = {
url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
flake = false;
};
}; };
outputs = { self, nixpkgs, hydra }: { outputs = { self, nixpkgs, secrets }:
let
forAllSystems = f:
nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]
(system: f system);
in {
nixosConfigurations = { overlay = import ./nixpkgs-overlay;
legacyPackages = forAllSystems (system:
import nixpkgs {
inherit system;
overlays = [ self.overlay ];
});
packages = forAllSystems (system:
let
pkgs = self.legacyPackages.${system};
mkDeploy =
# Generate a small script for copying this flake to the
# remote machine and bulding and switching there.
# Can be run with nix run c3d2#deploy-…
name: host:
let target = "root@${host}";
in pkgs.writeScriptBin "deploy-${name}" ''
#!${pkgs.runtimeShell}
set -ev
nix-copy-closure --to ${target} ${self}
exec ssh -t ${target} \
nix shell \
${self}#nixosConfigurations.${name}.config.system.build.toplevel \
--command switch-to-configuration $@
'';
in {
inherit (pkgs) bmxd;
inherit (pkgs.pile) ledball;
deploy-freifunk = mkDeploy "freifunk" "172.20.72.40";
deploy-glotzbert = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";
deploy-kibana = mkDeploy "kibana" "172.20.73.44";
deploy-ledstripes = mkDeploy "ledstripes" "172.22.99.168";
deploy-scrape = mkDeploy "scrape" "172.20.73.32";
});
nixosConfigurations = let
nixosSystem' =
# Our custom NixOS builder
{ modules, system ? "x86_64-linux", ... }@args:
nixpkgs.lib.nixosSystem (args // {
inherit system;
modules = modules ++ [
self.nixosModules.c3d2
({ pkgs, ... }: {
nix = {
package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes";
};
nixpkgs.overlays = [ self.overlay ];
})
];
});
in {
freifunk = nixosSystem' {
modules = [
(import ./hosts/containers/freifunk/configuration.nix {
inherit secrets;
})
];
};
glotzbert =
nixosSystem' { modules = [ ./hosts/glotzbert/configuration.nix ]; };
kibana = nixosSystem' {
modules = [ ./hosts/containers/kibana/configuration.nix ];
};
ledstripes = nixosSystem' {
modules = [ ./hosts/containers/ledstripes/configuration.nix ];
};
pulsebert =
nixosSystem' { modules = [ ./hosts/pulsebert/configuration.nix ]; };
scrape = nixosSystem' {
modules = [
(import ./hosts/containers/scrape/configuration.nix {
inherit secrets;
})
];
};
glotzbert = nixpkgs.lib.nixosSystem {
modules = [ ./hosts/glotzbert/configuration.nix ];
system = "x86_64-linux";
}; };
hydra = nixpkgs.lib.nixosSystem { nixosModules.c3d2 = import ./lib;
modules = [ ./hosts/hydra/configuration.nix ];
system = "x86_64-linux";
};
kibana = nixpkgs.lib.nixosSystem {
modules = [ ./hosts/containers/kibana/configuration.nix ];
system = "x86_64-linux";
};
pulsebert = nixpkgs.lib.nixosSystem {
modules = [ ./hosts/pulsebert/configuration.nix ];
system = "aarch64-linux";
};
}; };
nixosModules.c3d2 = import ./lib;
};
} }

34
hosts/containers/freifunk/configuration.nix
View File

@ -1,4 +1,5 @@
{ config, pkgs, lib, ... }: { secrets }:
{ config, pkgs, lib, modulesPath, ... }:
let let
coreAddress = "172.20.72.40"; coreAddress = "172.20.72.40";
@ -6,20 +7,17 @@ let
meshInterface = "bmx"; meshInterface = "bmx";
meshLoopback = "bmx_prime"; meshLoopback = "bmx_prime";
ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php"; ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php";
secrets = import <secrets/hosts/freifunk>; secrets' = import "${secrets}/hosts/freifunk";
ddmeshRegisterKey = secrets.ddmeshRegisterKey; ddmeshRegisterKey = secrets'.ddmeshRegisterKey;
ddmeshNode = 51073; ddmeshNode = 51073;
ddmeshAddrPart = "200.74"; ddmeshAddrPart = "200.74";
rt_table = 7; rt_table = 7;
bmxd = import (toString <lib/pkgs/bmxd.nix>) { inherit pkgs; }; sysinfo-json = import ./sysinfo-json.nix { inherit pkgs ddmeshNode; };
sysinfo-json =
import <this-host/sysinfo-json.nix> { inherit pkgs bmxd ddmeshNode; };
in { in {
imports = [ imports = [
<nixpkgs/nixos/modules/profiles/minimal.nix> "${modulesPath}/profiles/minimal.nix"
<lib> ../../../lib/lxc-container.nix
<lib/lxc-container.nix> ../../../lib/shared.nix
<lib/shared.nix>
]; ];
boot.tmpOnTmpfs = true; boot.tmpOnTmpfs = true;
@ -119,7 +117,7 @@ in {
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''
${bmxd}/sbin/bmxd \ ${pkgs.bmxd}/sbin/bmxd \
--rt_table_offset=${toString rt_table} \ --rt_table_offset=${toString rt_table} \
--no_fork 1 \ --no_fork 1 \
--throw-rules 0 \ --throw-rules 0 \
@ -194,7 +192,9 @@ in {
stubnet 10.200.0.0/15; stubnet 10.200.0.0/15;
interface "core" { interface "core" {
authentication cryptographic; authentication cryptographic;
password "${import <secrets/shared/ospf/message-digest-key.nix>}"; password "${
import "${secrets}/shared/ospf/message-digest-key.nix"
}";
}; };
}; };
} }
@ -208,7 +208,9 @@ in {
}; };
interface "core" { interface "core" {
#authentication cryptographic; #authentication cryptographic;
#password "${import <secrets/shared/ospf/message-digest-key.nix>}"; #password "${
import "${secrets}/shared/ospf/message-digest-key.nix"
}";
}; };
}; };
} }
@ -229,7 +231,7 @@ in {
virtualHosts = { virtualHosts = {
"c3d2.ffdd" = { "c3d2.ffdd" = {
default = true; default = true;
root = <this-host/assets>; root = ./assets;
locations = let locations = let
sysinfo-json = { sysinfo-json = {
alias = "/run/nginx/sysinfo.json"; alias = "/run/nginx/sysinfo.json";
@ -242,9 +244,7 @@ in {
index = "index.html"; index = "index.html";
extraConfig = '' extraConfig = ''
etag off; etag off;
add_header etag "\"${ add_header etag "\"${builtins.substring 11 32 (./assets)}\"";
builtins.substring 11 32 (<this-host> + "/assets")
}\"";
''; '';
}; };
"=/sysinfo-json.cgi" = sysinfo-json; "=/sysinfo-json.cgi" = sysinfo-json;

7
hosts/containers/freifunk/sysinfo-json.nix
View File

@ -1,6 +1,7 @@
{ pkgs ? import <nixpkgs> { }, ffdd-server ? { pkgs ? import <nixpkgs> { }, ffdd-server ? pkgs.fetchgit {
builtins.fetchGit "https://github.com/Freifunk-Dresden/ffdd-server.git", bmxd url = "https://github.com/Freifunk-Dresden/ffdd-server.git";
, ddmeshNode, ... }: sha256 = "15iijpywfp0zd785na5ry0g8z41x3zg238piih5rp8khc5xis09c";
}, ddmeshNode, ... }:
with pkgs; with pkgs;
let let

52
hosts/containers/kibana/configuration.nix
View File

@ -3,16 +3,12 @@
{ {
imports = [ imports = [
(modulesPath + "/profiles/minimal.nix") (modulesPath + "/profiles/minimal.nix")
../../../lib
../../../lib/lxc-container.nix ../../../lib/lxc-container.nix
../../../lib/shared.nix ../../../lib/shared.nix
]; ];
networking.hostName = "kibana"; networking.hostName = "kibana";
networking.interfaces.eth0.ipv4.addresses = [{ networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.44"; prefixLength = 26; } ];
address = "172.20.73.44";
prefixLength = 26;
}];
networking.defaultGateway = "172.20.73.1"; networking.defaultGateway = "172.20.73.1";
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
@ -34,30 +30,32 @@
acceptTerms = true; acceptTerms = true;
email = "mail@c3d2.de"; email = "mail@c3d2.de";
}; };
services.nginx = let services.nginx =
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY"; let
vhost = url: { authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
forceSSL = true; vhost = url: {
enableACME = true; forceSSL = true;
locations."/" = { enableACME = true;
proxyPass = url; locations."/" = {
extraConfig = '' proxyPass = url;
auth_basic "Chaos"; extraConfig = ''
auth_basic_user_file ${authFile}; auth_basic "Chaos";
''; auth_basic_user_file ${authFile};
'';
};
};
in
{
enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"kibana.hq.c3d2.de" =
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
"kibana-es.hq.c3d2.de" =
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
}; };
}; };
in {
enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"kibana.hq.c3d2.de" =
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
"kibana-es.hq.c3d2.de" =
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
};
};
# This value determines the NixOS release with which your system is to be # This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database # compatible, in order to avoid breaking some software such as database

17
hosts/containers/ledstripes/configuration.nix
View File

@ -3,7 +3,6 @@
{ {
imports = [ imports = [
(modulesPath + "/profiles/minimal.nix") (modulesPath + "/profiles/minimal.nix")
../../../lib
../../../lib/lxc-container.nix ../../../lib/lxc-container.nix
../../../lib/shared.nix ../../../lib/shared.nix
]; ];
@ -21,16 +20,14 @@
services.openssh.enable = true; services.openssh.enable = true;
environment.systemPackages = [ pkgs.git ]; environment.systemPackages = [ pkgs.git ];
systemd.services.ledball = systemd.services.ledball = {
let pile = import ../../../lib/pkgs/pile.nix { inherit pkgs; }; after = [ "network-online.target" ];
in { wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ]; serviceConfig = {
wantedBy = [ "multi-user.target" ]; ExecStart = "${pkgs.pile.ledball}/bin/rows";
serviceConfig = { Restart = "always";
ExecStart = "${pile.ledball}/bin/rows";
Restart = "always";
};
}; };
};
# This value determines the NixOS release with which your system is to be # This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database # compatible, in order to avoid breaking some software such as database

11
hosts/containers/scrape/configuration.nix
View File

@ -1,3 +1,4 @@
{ secrets }:
{ config, pkgs, lib, modulesPath, ... }: { config, pkgs, lib, modulesPath, ... }:
let let
@ -13,7 +14,6 @@ let
in { in {
imports = [ imports = [
(modulesPath + "/profiles/minimal.nix") (modulesPath + "/profiles/minimal.nix")
../../../lib
../../../lib/lxc-container.nix ../../../lib/lxc-container.nix
../../../lib/shared.nix ../../../lib/shared.nix
]; ];
@ -36,16 +36,17 @@ in {
environment.systemPackages = [ pkgs.git ]; environment.systemPackages = [ pkgs.git ];
systemd.services = let systemd.services = let
scrapers = import (builtins.fetchGit { scrapers = import (pkgs.fetchgit {
url = "https://gitea.c3d2.de/astro/scrapers.git"; url = "https://gitea.c3d2.de/astro/scrapers.git";
sha256 = "0fnq58gz7lgn615jn7fqkk5wmn7mv7nkk5zayifhwyybagi9nvlr";
}) { inherit pkgs; }; }) { inherit pkgs; };
makeService = { script, host, user ? "", password ? "" }: { makeService = { script, host, user ? "", password ? "" }: {
script = script =
"${scrapers.${script}}/bin/${script} ${host} ${user} ${password}"; "${scrapers.${script}}/bin/${script} ${host} ${user} ${password}";
}; };
xeriLogin = import <secrets/hosts/scrape/xeri.nix>; xeriLogin = import "${secrets}/hosts/scrape/xeri.nix";
fhemLogin = import <secrets/hosts/scrape/fhem.nix>; fhemLogin = import "${secrets}/hosts/scrape/fhem.nix";
matematLogin = import <secrets/hosts/scrape/matemat.nix>; matematLogin = import "${secrets}/hosts/scrape/matemat.nix";
makeNodeScraper = nodeId: { makeNodeScraper = nodeId: {
name = "scrape-node${nodeId}"; name = "scrape-node${nodeId}";
value = makeService { value = makeService {

18
hosts/glotzbert/configuration.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ <this-host/hardware-configuration.nix> <lib> ]; imports = [ ./hardware-configuration.nix ];
c3d2 = { c3d2 = {
users.k-ot = true; users.k-ot = true;
@ -44,15 +44,9 @@
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget wget vim git tmux screen
vim chromium firefox
git mpv kodi
tmux
screen
chromium
firefox
mpv
kodi
]; ];
systemd.user.services.x11vnc = { systemd.user.services.x11vnc = {
@ -114,7 +108,9 @@
services.xserver.xkbOptions = "eurosign:e"; services.xserver.xkbOptions = "eurosign:e";
services.xserver.displayManager = { services.xserver.displayManager = {
lightdm = { enable = true; }; lightdm = {
enable = true;
};
autoLogin = { autoLogin = {
enable = true; enable = true;
user = "k-ot"; user = "k-ot";

32
hosts/pulsebert/configuration.nix
View File

@ -7,18 +7,15 @@
let let
octoprintPort = 8080; octoprintPort = 8080;
espCam = "http://172.20.78.164:81"; espCam = "http://172.20.78.164:81";
in { in
{
imports = [ # Include the results of the hardware scan. imports = [ # Include the results of the hardware scan.
<this-host/hardware-configuration.nix> ./hardware-configuration.nix
]; ];
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = false; boot.loader.generic-extlinux-compatible.enable = false;
boot.loader.raspberryPi = { boot.loader.raspberryPi = { enable = true; version = 4; uboot.enable = false; };
enable = true;
version = 4;
uboot.enable = false;
};
#boot.kernelPackages = pkgs.linuxPackages_rpi4; #boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
@ -52,7 +49,10 @@ in {
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
environment.systemPackages = with pkgs; [ wget vim git raspberrypi-tools ]; environment.systemPackages = with pkgs; [
wget vim git
raspberrypi-tools
];
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
@ -83,6 +83,7 @@ in {
extraGroups = [ "wheel" "audio" ]; extraGroups = [ "wheel" "audio" ];
}; };
# Open ports in the firewall. # Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];
@ -110,13 +111,10 @@ in {
systemWide = true; systemWide = true;
tcp.enable = true; tcp.enable = true;
tcp.anonymousClients.allowedIpRanges = [ tcp.anonymousClients.allowedIpRanges = [
"127.0.0.0/8" "127.0.0.0/8" "::1/128"
"::1/128"
"fd23:42:c3d2:500::/56" "fd23:42:c3d2:500::/56"
"172.22.99.0/24" "172.22.99.0/24" "2a02:8106:208:5200::/56"
"2a02:8106:208:5200::/56" "172.20.72.0/21" "2a02:8106:211:e900::/56"
"172.20.72.0/21"
"2a02:8106:211:e900::/56"
]; ];
zeroconf.publish.enable = true; zeroconf.publish.enable = true;
package = pkgs.pulseaudioFull; package = pkgs.pulseaudioFull;
@ -192,11 +190,11 @@ in {
}; };
# Allow access to printer serial port and GPIO # Allow access to printer serial port and GPIO
users.users.${config.services.octoprint.user}.extraGroups = users.users.${config.services.octoprint.user}.extraGroups = [ "dialout" "gpio" ];
[ "dialout" "gpio" ];
systemd.services.mjpeg-stream = systemd.services.mjpeg-stream =
let mjpeg-proxy = pkgs.callPackage <lib/pkgs/mjpeg-proxy.nix> { }; let
mjpeg-proxy = pkgs.callPackage ../../lib/pkgs/mjpeg-proxy.nix {};
in { in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];

5
hosts/storage-ng/configuration.nix
View File

@ -8,7 +8,6 @@ let eth0 = "ens18";
in { in {
imports = [ # Include the results of the hardware scan. imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../lib
# ../../lib/hq.nix # ../../lib/hq.nix
../../lib/shared.nix ../../lib/shared.nix
../../lib/default-gateway.nix ../../lib/default-gateway.nix
@ -100,8 +99,8 @@ in {
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh = { services.openssh = {
enable = true; enable = true;
allowSFTP = true; allowSFTP = true;
}; };
services.atftpd = { services.atftpd = {

1
lib/default.nix
View File

@ -189,6 +189,7 @@ in {
{ } { }
else { else {
"${cfg.hq.interface}" = { "${cfg.hq.interface}" = {
tempAddress = lib.mkDefault "disabled";
ipv6.addresses = [{ ipv6.addresses = [{
address = toHqPrivateAddress config.networking.hostName; address = toHqPrivateAddress config.networking.hostName;
prefixLength = 64; prefixLength = 64;

23
lib/lxc-container.nix
View File

@ -15,12 +15,11 @@
networking.useNetworkd = true; networking.useNetworkd = true;
networking.useDHCP = false; networking.useDHCP = false;
services.resolved.enable = false; services.resolved.enable = false;
networking.nameservers = networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
networking.interfaces.eth0 = { networking.interfaces.eth0 = {
useDHCP = false; useDHCP = false;
preferTempAddress = false; tempAddress = "disabled";
}; };
systemd.network.networks."40-eth0" = { systemd.network.networks."40-eth0" = {
networkConfig = { networkConfig = {
@ -37,17 +36,15 @@
# Create a few files early before packing tarball for Proxmox # Create a few files early before packing tarball for Proxmox
# architecture/OS detection. # architecture/OS detection.
system.extraSystemBuilderCmds = '' system.extraSystemBuilderCmds =
mkdir -m 0755 -p $out/bin ''
ln -s ${pkgs.bash}/bin/bash $out/bin/sh mkdir -m 0755 -p $out/bin
mkdir -m 0755 -p $out/sbin ln -s ${pkgs.bash}/bin/bash $out/bin/sh
ln -s ../init $out/sbin/init mkdir -m 0755 -p $out/sbin
''; ln -s ../init $out/sbin/init
'';
fileSystems."/" = { fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
fsType = "rootfs";
device = "rootfs";
};
# add central logging # add central logging
services.journalbeat = { services.journalbeat = {

21
lib/pkgs/bmxd.nix → nixpkgs-overlay/bmdx.nix
View File

@ -1,19 +1,24 @@
{ pkgs ? import <nixpkgs> {}, { stdenv, fetchgit, fetchpatch, }:
src ? builtins.fetchGit "https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git",
}:
with pkgs;
let let
src = fetchgit {
url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git";
sha256 = "sha256-3sV59uqFp+TZKrDf7kmksLvz+5ZKriwFyXZMBH2Sdws=";
};
path = "feeds/19.07/feeds-own/bmxd"; path = "feeds/19.07/feeds-own/bmxd";
makefile = builtins.readFile "${src}/${path}/Makefile"; makefile = builtins.readFile "${src}/${path}/Makefile";
makeDef = name: makeDef = name:
builtins.elemAt (builtins.match ".*?${name}:=([^\n]+).*?" makefile) 0; builtins.elemAt (builtins.match ''
.*?${name}:=([^
]+).*?'' makefile) 0;
name = makeDef "PKG_NAME"; name = makeDef "PKG_NAME";
version = makeDef "PKG_VERSION"; version = makeDef "PKG_VERSION";
release = makeDef "PKG_RELEASE"; release = makeDef "PKG_RELEASE";
patch = fetchurl { patch = fetchpatch {
url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch"; name = "timercpy.patch";
sha256 = "10gm1fqg2s8c261i0j1py3sfyyzr0h5b6wwdsgg3icn7lfjd6k75"; url =
"https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch";
sha256 = "sha256-40BbcCZ10cQzvkfsAi8ApCgmC4hGMh2J8xU6gjD3cng=";
}; };
in stdenv.mkDerivation { in stdenv.mkDerivation {
name = "${name}-${version}-${release}"; name = "${name}-${version}-${release}";

9
nixpkgs-overlay/default.nix Normal file
View File

@ -0,0 +1,9 @@
final: prev:
{
bmxd = prev.callPackage ./bmdx.nix { };
pile = prev.callPackage ./pile.nix { };
}

8
lib/pkgs/pile.nix → nixpkgs-overlay/pile.nix
View File

@ -1,8 +1,10 @@
{ pkgs ? import <nixpkgs> {} }: { fetchgit, rustPlatform }:
with pkgs;
let let
pile = builtins.fetchGit "https://github.com/astro/pile.git"; pile = fetchgit {
url = "https://github.com/astro/pile.git";
sha256 = "sha256-z4xNUGmP35ZBZUpgozQHANZniADfmwEoclnEwNlvAC4=";
};
in { in {
ledball = rustPlatform.buildRustPackage { ledball = rustPlatform.buildRustPackage {
name = "ledball"; name = "ledball";