traffic-stop-box: move out custom config into ./hosts

2022-09-29 19:46:23 +02:00 · 2022-09-29 19:46:23 +02:00 · b021adad96
parent 09fcf5658f
commit b021adad96
16 changed files with 180 additions and 74 deletions
--- a/flake.nix
+++ b/flake.nix
@ -48,10 +48,6 @@
      ];

      stop-box-modules = [
-        sops-nix.nixosModules.sops
-        dump-dvb.nixosModules.default
-        ./hosts/traffic-stop-box
-        ./modules/dump-dvb
        {
          nixpkgs.overlays = [
            dump-dvb.overlays.default
@ -60,16 +56,24 @@
      ];

      # function that generates a system with the given number
-      generate_system = (id: arch: extraModules:
+      generate_system = (id: arch:
        {
          "traffic-stop-box-${toString id}" = nixpkgs.lib.nixosSystem {
            system = arch;
            specialArgs = inputs;
            modules = [
+              # box-specific config
+              ./hosts/traffic-stop-box/${toString id}.nix
+
+              # default modules
+              sops-nix.nixosModules.sops
+              dump-dvb.nixosModules.default
+              ./modules/traffic-stop-box
+              ./modules/dump-dvb
              {
-                ddvbDeployment.systemNumber = id;
+                deployment-dvb.systemNumber = id;
              }
-            ] ++ extraModules ++ stop-box-modules;
+            ] ++ stop-box-modules;
          };
        }
      );
@ -79,101 +83,39 @@
          # Barkhausen Bau
          id = 0;
          arch = "x86_64-linux";
-          extraModules = [
-            ./hardware/dell-wyse-3040.nix
-            dump-dvb.nixosModules.disk-module
-          ];
        }
        {
          # Zentralwerk
          id = 1;
          arch = "x86_64-linux";
-          extraModules = [
-            ./hardware/dell-wyse-3040.nix
-            dump-dvb.nixosModules.disk-module
-          ];
        }
        {
          # Chemnitz
          id = 2;
          arch = "x86_64-linux";
-          extraModules = [
-            ./hardware/dell-wyse-3040.nix
-            dump-dvb.nixosModules.disk-module
-          ];
        }
        {
          # unused
          id = 3;
          arch = "aarch64-linux";
-          extraModules = [
-            ./hardware/rpi-3b-4b.nix
-          ];
        }
        {
          # Wundstr. 9
          id = 4;
          arch = "x86_64-linux";
-          extraModules = [
-            ./hardware/dell-wyse-3040.nix
-            dump-dvb.nixosModules.disk-module
-            {
-
-              networking = nixpkgs.lib.mkForce {
-                useDHCP = false;
-                defaultGateway = "141.30.30.129";
-                nameservers = [ "141.30.1.1" ];
-                interfaces.enp1s0 = {
-                  useDHCP = false;
-                  ipv4.addresses = [
-                    {
-                      address = "141.30.30.149";
-                      prefixLength = 25;
-                    }
-                  ];
-                };
-              };
-            }
-          ];
        }
        {
          id = 6;
          arch = "x86_64-linux";
-          extraModules = [
-            ./hardware/dell-wyse-3040.nix
-            dump-dvb.nixosModules.disk-module
-            {
-              services.openssh.extraConfig = ''
-                PubkeyAcceptedKeyTypes sk-ecdsa-sha2-nistp256@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512
-              '';
-              users.users.root.openssh.authorizedKeys.keys = [
-                "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaili3ylty7fwvohtwx8511v+gbtlzzmuv505fi1pj53v6aaaabhnzado="
-                "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaipzbd00cbfpxzuc8eb6sljaafnf1hgs6vci1rzcncyocaaaabhnzado="
-              ];
-            }
-          ];
        }
        {
          id = 7;
          arch = "x86_64-linux";
-          extraModules = [
-            ./hardware/dell-wyse-3040.nix
-            dump-dvb.nixosModules.disk-module
-            {
-              services.openssh.extraConfig = ''
-                PubkeyAcceptedKeyTypes sk-ecdsa-sha2-nistp256@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512
-              '';
-              users.users.root.openssh.authorizedKeys.keys = [
-                "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaili3ylty7fwvohtwx8511v+gbtlzzmuv505fi1pj53v6aaaabhnzado="
-                "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaipzbd00cbfpxzuc8eb6sljaafnf1hgs6vci1rzcncyocaaaabhnzado="
-              ];
-            }
-          ];
        }
      ];

      # attribute set of all traffic stop boxes
-      stop_boxes = nixpkgs.lib.foldl (x: y: nixpkgs.lib.mergeAttrs x (generate_system y.id y.arch y.extraModules)) { } id_list;
+      stop_boxes = nixpkgs.lib.foldl (x: y: nixpkgs.lib.mergeAttrs x (generate_system y.id y.arch)) { } id_list;

      packages = {
        default = self.nixosConfigurations.traffic-stop-box-0.config.system.build.vm;
@ -237,7 +179,6 @@
          modules = [
            microvm.nixosModules.microvm
            ./hosts/data-hoarder/configuration.nix
-            ./hosts/data-hoarder/wireguard_server.nix
          ] ++ data-hoarder-modules;
        };
        staging-data-hoarder = nixpkgs.lib.nixosSystem {
@ -256,7 +197,6 @@
          specialArgs = inputs;
          modules = [
            dump-dvb.nixosModules.default
-            dump-dvb.nixosModules.disk-module
            ./hosts/display
            ./modules/dump-dvb
            ./hardware/dell-wyse-3040.nix
@ -265,8 +205,6 @@
      };

      hydraJobs = (lib.mapAttrs (name: value: { ${value.config.system.build.toplevel.system} = value.config.system.build.toplevel; }) self.nixosConfigurations) // {
-        traffic-stop-box-3-disk."aarch64-linux" = self.nixosConfigurations.traffic-stop-box-3.config.system.build.sdImage;
-        mobile-box-disk."x86_64-linux" = self.nixosConfigurations.mobile-box-dresden.config.system.build.diskImage;
        display-disk."x86_64-linux" = self.nixosConfigurations.display.config.system.build.diskImage;
        sops-binaries."x86_64-linux" = sops-nix.packages."x86_64-linux".sops-install-secrets;
      };
--- a/hosts/traffic-stop-box/0.nix
+++ b/hosts/traffic-stop-box/0.nix
@ -0,0 +1,5 @@
+{ self, ... }: {
+  imports = [
+    "${self}/hardware/dell-wyse-3040.nix"
+  ];
+}
--- a/hosts/traffic-stop-box/1.nix
+++ b/hosts/traffic-stop-box/1.nix
@ -0,0 +1,5 @@
+{ self, ... }: {
+  imports = [
+    "${self}/hardware/dell-wyse-3040.nix"
+  ];
+}
--- a/hosts/traffic-stop-box/2.nix
+++ b/hosts/traffic-stop-box/2.nix
@ -0,0 +1,5 @@
+{ self, ... }: {
+  imports = [
+    "${self}/hardware/dell-wyse-3040.nix"
+  ];
+}
--- a/hosts/traffic-stop-box/3.nix
+++ b/hosts/traffic-stop-box/3.nix
@ -0,0 +1,5 @@
+{ self, ... }: {
+  imports = [
+    "${self}/hardware/rpi-3b-4b.nix"
+  ];
+}
--- a/hosts/traffic-stop-box/4.nix
+++ b/hosts/traffic-stop-box/4.nix
@ -0,0 +1,21 @@
+{ self, ... }: {
+  imports = [
+    "${self}/hardware/dell-wyse-3040.nix"
+  ];
+
+              networking = nixpkgs.lib.mkForce {
+                useDHCP = false;
+                defaultGateway = "141.30.30.129";
+                nameservers = [ "141.30.1.1" ];
+                interfaces.enp1s0 = {
+                  useDHCP = false;
+                  ipv4.addresses = [
+                    {
+                      address = "141.30.30.149";
+                      prefixLength = 25;
+                    }
+                  ];
+                };
+              };
+
+}
--- a/hosts/traffic-stop-box/6.nix
+++ b/hosts/traffic-stop-box/6.nix
@ -0,0 +1,13 @@
+{ self, ... }: {
+  imports = [
+    "${self}/hardware/dell-wyse-3040.nix"
+  ];
+
+  services.openssh.extraConfig = ''
+    PubkeyAcceptedKeyTypes sk-ecdsa-sha2-nistp256@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512
+  '';
+  users.users.root.openssh.authorizedKeys.keys = [
+    "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaili3ylty7fwvohtwx8511v+gbtlzzmuv505fi1pj53v6aaaabhnzado="
+    "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaipzbd00cbfpxzuc8eb6sljaafnf1hgs6vci1rzcncyocaaaabhnzado="
+  ];
+}
--- a/hosts/traffic-stop-box/7.nix
+++ b/hosts/traffic-stop-box/7.nix
@ -0,0 +1,13 @@
+{ self, ... }: {
+  imports = [
+    "${self}/hardware/dell-wyse-3040.nix"
+  ];
+
+  services.openssh.extraConfig = ''
+    PubkeyAcceptedKeyTypes sk-ecdsa-sha2-nistp256@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512
+  '';
+  users.users.root.openssh.authorizedKeys.keys = [
+    "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaili3ylty7fwvohtwx8511v+gbtlzzmuv505fi1pj53v6aaaabhnzado="
+    "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaipzbd00cbfpxzuc8eb6sljaafnf1hgs6vci1rzcncyocaaaabhnzado="
+  ];
+}
--- a/modules/dump-dvb/net.nix
+++ b/modules/dump-dvb/net.nix
@ -0,0 +1,60 @@
+{ lib, config, ... }:
+let
+  cfg = config.deployment-dvb.net;
+in
+  {
+    options.deployment-dvb.net = with lib; {
+      iface.uplink = {
+        name = mkOption {
+          type = types.str;
+          default = "";
+        };
+        useDHCP = mkOption {
+          type = types.bool;
+          default = true;
+        };
+        addr4 = mkOption {
+          type = types.str;
+          default = "";
+          description = "address with prefix in CIDR notation";
+        };
+        routes =
+          with utils.systemdUtils.unitOptions;
+          with utils.systemdUtils.lib;
+          with lib;
+          mkOption {
+            type = with types; listOf (submodule routeOptions);
+            default = [ ];
+            description = "default gateway";
+          };
+          dns = mkOption {
+            type = types.listOf types.str;
+            default = [ "9.9.9.9" "1.1.1.1" "8.8.8.8" ];
+          };
+        };
+      };
+
+
+      config = let
+        upname = "30-${cfg.iface.uplink.name}";
+        upconf = if cfg.iface.uplink.useDHCP == false then {
+          MatchConfig = { Name = "${cfg.iface.uplink.name}"; };
+          networkConfig = {
+            DHCP = "no";
+            Address = cfg.iface.uplink.addr4;
+            DNS = cfg.iface.uplink.DNS;
+          };
+          routes = cfg.iface.uplink.routes;
+        } else {
+          MatchConfig = { Name = "${cfg.iface.uplink.name}"; };
+          networkConfig = {
+            DHCP = "yes";
+          };
+        };
+
+      in
+      {
+        networking.useSystemd = true;
+        systemd.networks.
+      };
+    }
--- a/modules/dump-dvb/wg.nix
+++ b/modules/dump-dvb/wg.nix
@ -0,0 +1,41 @@
+{ lib, config, ... }:
+let
+  cfg = config.deployment-dvb.net.wg;
+in
+  {
+    options.deployment-dvb.net.wg = {
+      _enable = mkOption {
+        type = types.bool;
+        default = true;
+      };
+      ownEndpoint.host = mkOption {
+        type = types.str;
+        default = "";
+      };
+      ownEndpoint.port = mkOption {
+        type = types.port;
+      };
+      ownPubkey = mkOption {
+        type = types.str;
+        default = "";
+      };
+      privateKeyFile = mkOption {
+        type = types.either types.str types.path;
+      };
+      addr4 = mkOption {
+        type = types.str;
+        default = "";
+        description = "address with prefix in CIDR notation";
+      };
+    };
+
+    config = let
+    in {
+      netoworking.useNetworkd = true;
+
+      systemd.network.netdev.wg-dvb = {
+        type = "wireguard";
+        
+      };
+    };
+  }
--- a/modules/traffic-stop-box/configuration.nix
+++ b/modules/traffic-stop-box/configuration.nix
--- a/modules/traffic-stop-box/default.nix
+++ b/modules/traffic-stop-box/default.nix
--- a/modules/traffic-stop-box/hardware-configuration.nix
+++ b/modules/traffic-stop-box/hardware-configuration.nix
--- a/modules/traffic-stop-box/radio-config.nix
+++ b/modules/traffic-stop-box/radio-config.nix
--- a/modules/traffic-stop-box/secrets.nix
+++ b/modules/traffic-stop-box/secrets.nix
--- a/modules/traffic-stop-box/wireguard-client.nix
+++ b/modules/traffic-stop-box/wireguard-client.nix