forked from DGNum/lab-infra
Compare commits
20 commits
init_photo
...
main
Author | SHA1 | Date | |
---|---|---|---|
|
930c1bd90a | ||
|
138ea89bbc | ||
|
1f28d0ccbf | ||
|
9daab9a609 | ||
|
9b794dff35 | ||
40df8e738d | |||
|
e262e55a66 | ||
|
1d1a4ccac3 | ||
|
5626bba501 | ||
|
bceb0ce492 | ||
1467819be2 | |||
b10fee2eee | |||
d3bfe16f7f | |||
1b8dc4d78a | |||
862168b2bc | |||
1f82719dcb | |||
51aaa9a80d | |||
9b5c6848c0 | |||
225ced72c2 | |||
68b5f86bd5 |
61 changed files with 1880 additions and 114 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -9,3 +9,6 @@ result-*
|
||||||
*.qcow2
|
*.qcow2
|
||||||
.gcroots
|
.gcroots
|
||||||
.pre-commit-config.yaml
|
.pre-commit-config.yaml
|
||||||
|
|
||||||
|
# nixmoxer (proxmox declarative vms)
|
||||||
|
nixmoxer.conf
|
||||||
|
|
|
@ -3,13 +3,13 @@
|
||||||
## HE
|
## HE
|
||||||
|
|
||||||
On a un `/64` uniquement routé via un tunnel 6in4:
|
On a un `/64` uniquement routé via un tunnel 6in4:
|
||||||
- IP de lien local: `2001:470:1f12:187::2/64`
|
- IP de lien local: `2001:470:1f12:2b::2/64`
|
||||||
- IP de lien Remote: `2001:470:1f12:187::1/64`
|
- IP de lien Remote: `2001:470:1f12:2b::1/64`
|
||||||
- Endpoint ipv4: `216.66.84.42`/`129.199.146.230`
|
- Endpoint ipv4: `216.66.84.42`/`129.199.146.230`
|
||||||
|
|
||||||
| Préfixe | Attribution |
|
| Préfixe | Attribution |
|
||||||
|-|-|
|
|-|-|
|
||||||
| `2001:470:1f13:187::/64` | he-dmz, vlan 2530 |
|
| `2001:470:1f13:2b::/64` | he-dmz, vlan 2530 |
|
||||||
|
|
||||||
## MWAN
|
## MWAN
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ Routé via SIIT sur le vlan mwan-siit (2520)
|
||||||
| IP | Attribution | Mainteneur |
|
| IP | Attribution | Mainteneur |
|
||||||
|----|-------------|------------|
|
|----|-------------|------------|
|
||||||
| `.25` | `labcore01` | Maurice |
|
| `.25` | `labcore01` | Maurice |
|
||||||
| `.26` | | |
|
| `.26` | `dns01` | cst1 |
|
||||||
| `.27` | | |
|
| `.27` | | |
|
||||||
| `.28` | | |
|
| `.28` | | |
|
||||||
| `.29` | | |
|
| `.29` | | |
|
||||||
|
|
|
@ -71,7 +71,7 @@ in
|
||||||
|
|
||||||
{
|
{
|
||||||
nodes = builtins.mapAttrs (
|
nodes = builtins.mapAttrs (
|
||||||
host: { site, ... }: "${host}.${site}.infra.dgnum.eu"
|
host: { site, ... }: "${host}.${site}.lab.infra.dgnum.eu"
|
||||||
) (import ./meta/nodes.nix);
|
) (import ./meta/nodes.nix);
|
||||||
|
|
||||||
mkCacheSettings = import ./machines/storage01/tvix-cache/cache-settings.nix;
|
mkCacheSettings = import ./machines/storage01/tvix-cache/cache-settings.nix;
|
||||||
|
|
|
@ -14,10 +14,18 @@ rec {
|
||||||
_keys = (import "${_sources.infrastructure}/keys")._keys // {
|
_keys = (import "${_sources.infrastructure}/keys")._keys // {
|
||||||
krz01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4o65gWOgNrxbSd3kiQIGZUM+YD6kuZOQtblvzUGsfB" ];
|
krz01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4o65gWOgNrxbSd3kiQIGZUM+YD6kuZOQtblvzUGsfB" ];
|
||||||
router02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5t0InDV9nTLEqXrenqMJZAjkCAmfzHk6LLLHme3k3j" ];
|
router02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5t0InDV9nTLEqXrenqMJZAjkCAmfzHk6LLLHme3k3j" ];
|
||||||
|
roam01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKXjzVxYs5v5+7N0tyqpBQERXKjXwTZUqVGkdye4S1LP" ];
|
||||||
|
status01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQFCsn/8c46O7JLx0QYdbZsXnS+NYtsgUNHPd2Toksj" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
_vpnKeys =
|
||||||
|
builtins.mapAttrs (_: v: v.vpnKeys) meta.organization.members
|
||||||
|
// builtins.mapAttrs (_: v: v.vpnKeys) meta.network;
|
||||||
|
|
||||||
getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls);
|
getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls);
|
||||||
|
|
||||||
|
getVpnKey = vpn: name: _vpnKeys.${name}.${vpn};
|
||||||
|
|
||||||
mkSecrets =
|
mkSecrets =
|
||||||
nodes: setDefault { publicKeys = unique (rootKeys ++ (builtins.concatMap getNodeKeys' nodes)); };
|
nodes: setDefault { publicKeys = unique (rootKeys ++ (builtins.concatMap getNodeKeys' nodes)); };
|
||||||
|
|
||||||
|
|
27
machines/dns01/_configuration.nix
Normal file
27
machines/dns01/_configuration.nix
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
|
||||||
|
lib.extra.mkConfig {
|
||||||
|
enabledModules = [
|
||||||
|
# List of modules to enable
|
||||||
|
];
|
||||||
|
|
||||||
|
enabledServices = [
|
||||||
|
# List of services to enable
|
||||||
|
"nsd"
|
||||||
|
];
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
|
# TODO : retrieve this address from meta/network.nix
|
||||||
|
deployment.targetHost = "45.13.104.26";
|
||||||
|
deployment.tags = [ "cst1" ];
|
||||||
|
networking.firewall = {
|
||||||
|
enable = true;
|
||||||
|
logRefusedConnections = lib.mkForce true;
|
||||||
|
logRefusedPackets = lib.mkForce true;
|
||||||
|
allowedTCPPorts = [ 53 ];
|
||||||
|
allowedUDPPorts = [ 53 ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
root = ./.;
|
||||||
|
}
|
34
machines/dns01/_hardware-configuration.nix
Normal file
34
machines/dns01/_hardware-configuration.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{ lib, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader.systemd-boot.enable = true;
|
||||||
|
initrd.kernelModules = [ ];
|
||||||
|
kernelModules = [ ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
initrd.availableKernelModules = [
|
||||||
|
"ata_piix"
|
||||||
|
"uhci_hcd"
|
||||||
|
"virtio_pci"
|
||||||
|
"virtio_scsi"
|
||||||
|
"sd_mod"
|
||||||
|
"sr_mod"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-partlabel/disk-sda-root";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-partlabel/disk-sda-ESP";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault false;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
61
machines/dns01/lab.dgnum.eu.nix
Normal file
61
machines/dns01/lab.dgnum.eu.nix
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
{
|
||||||
|
meta,
|
||||||
|
dns,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (lib) mapAttrs' nameValuePair;
|
||||||
|
in
|
||||||
|
with dns.lib.combinators;
|
||||||
|
{
|
||||||
|
SOA = {
|
||||||
|
nameServer = "ns01.lab.dgnum.eu";
|
||||||
|
adminEmail = "dns@dgnum.eu";
|
||||||
|
serial = 2019030800;
|
||||||
|
retry = 3600;
|
||||||
|
minimum = 300;
|
||||||
|
};
|
||||||
|
|
||||||
|
NS = [ "ns01.lab.dgnum.eu." ];
|
||||||
|
|
||||||
|
#A = [ "203.0.113.1" ];
|
||||||
|
#AAAA = [ "4321:0:1:2:3:4:567:89ab" ];
|
||||||
|
|
||||||
|
subdomains = {
|
||||||
|
# Hosted services
|
||||||
|
# NOTE: for now manually supplied, in the future automatically filled in
|
||||||
|
photoprism = host "129.199.146.101" null;
|
||||||
|
immich = host "129.199.146.101" null;
|
||||||
|
|
||||||
|
homebox = host "129.199.146.102" null;
|
||||||
|
|
||||||
|
status = host "129.199.146.103" null;
|
||||||
|
|
||||||
|
kfet = host "129.199.146.230" "2a0e:e701:1120:1000::f:1";
|
||||||
|
|
||||||
|
# Nameservers
|
||||||
|
ns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26";
|
||||||
|
|
||||||
|
# *.infra.lab.dgnum.eu
|
||||||
|
infra = {
|
||||||
|
subdomains = mapAttrs' (
|
||||||
|
host:
|
||||||
|
{ site, ... }:
|
||||||
|
nameValuePair "${host}.${site}" (
|
||||||
|
with meta.network.${host}.addresses;
|
||||||
|
{
|
||||||
|
A = ipv4;
|
||||||
|
AAAA = ipv6;
|
||||||
|
|
||||||
|
subdomains = {
|
||||||
|
v4.A = ipv4;
|
||||||
|
v6.AAAA = ipv6;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
)
|
||||||
|
) meta.nodes;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
24
machines/dns01/nsd.nix
Normal file
24
machines/dns01/nsd.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{
|
||||||
|
sources,
|
||||||
|
lib,
|
||||||
|
meta,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
dns = import sources.dns-nix { };
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.nsd = {
|
||||||
|
enable = true;
|
||||||
|
verbosity = 1000;
|
||||||
|
interfaces = [ "2a0e:e701:1120:1000:ffff::45.13.104.26" ];
|
||||||
|
zones = {
|
||||||
|
"lab.dgnum.eu" = {
|
||||||
|
# provideXFR = [ ... ];
|
||||||
|
# notify = [ ... ];
|
||||||
|
data = dns.lib.toString "lab.dgnum.eu" (import ./lab.dgnum.eu.nix { inherit meta dns lib; });
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
3
machines/dns01/secrets/secrets.nix
Normal file
3
machines/dns01/secrets/secrets.nix
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
(import ../../../keys).mkSecrets [ "dns01" ] [
|
||||||
|
# List of secrets for router02
|
||||||
|
]
|
25
machines/homebox01/_configuration.nix
Normal file
25
machines/homebox01/_configuration.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
|
||||||
|
lib.extra.mkConfig {
|
||||||
|
enabledModules = [
|
||||||
|
# List of modules to enable
|
||||||
|
];
|
||||||
|
|
||||||
|
enabledServices = [
|
||||||
|
# List of services to enable
|
||||||
|
"homebox"
|
||||||
|
"nginx"
|
||||||
|
];
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
|
deployment.tags = [ "cst1" ];
|
||||||
|
networking = {
|
||||||
|
firewall.allowedTCPPorts = [
|
||||||
|
80
|
||||||
|
443
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
root = ./.;
|
||||||
|
}
|
34
machines/homebox01/_hardware-configuration.nix
Normal file
34
machines/homebox01/_hardware-configuration.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{ lib, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader.systemd-boot.enable = true;
|
||||||
|
initrd.kernelModules = [ ];
|
||||||
|
kernelModules = [ ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
initrd.availableKernelModules = [
|
||||||
|
"ata_piix"
|
||||||
|
"uhci_hcd"
|
||||||
|
"virtio_pci"
|
||||||
|
"virtio_scsi"
|
||||||
|
"sd_mod"
|
||||||
|
"sr_mod"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-partlabel/disk-sda-root";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-partlabel/disk-sda-ESP";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault false;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
14
machines/homebox01/homebox.nix
Normal file
14
machines/homebox01/homebox.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
services.homebox = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
HBOX_OPTIONS_ALLOW_REGISTRATION = "false";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."homebox.lab.dgnum.eu" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
serverAliases = [ ];
|
||||||
|
locations."/".proxyPass = "http://localhost:7745/";
|
||||||
|
};
|
||||||
|
}
|
10
machines/homebox01/nginx.nix
Normal file
10
machines/homebox01/nginx.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
clientMaxBodySize = "500m";
|
||||||
|
};
|
||||||
|
}
|
3
machines/homebox01/secrets/secrets.nix
Normal file
3
machines/homebox01/secrets/secrets.nix
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
(import ../../../keys).mkSecrets [ "homebox01" ] [
|
||||||
|
# List of secrets for router02
|
||||||
|
]
|
|
@ -8,8 +8,8 @@ lib.extra.mkConfig {
|
||||||
enabledServices = [
|
enabledServices = [
|
||||||
# INFO: This list needs to stay sorted alphabetically
|
# INFO: This list needs to stay sorted alphabetically
|
||||||
# Machine learning API machine
|
# Machine learning API machine
|
||||||
# "microvm-ml01"
|
"microvm-ml01"
|
||||||
# "microvm-router01"
|
"microvm-router01"
|
||||||
"nvidia-tesla-k80"
|
"nvidia-tesla-k80"
|
||||||
"ollama"
|
"ollama"
|
||||||
"whisper"
|
"whisper"
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ sources, ... }:
|
{
|
||||||
|
sources,
|
||||||
|
meta,
|
||||||
|
name,
|
||||||
|
...
|
||||||
|
}:
|
||||||
let
|
let
|
||||||
proxmox-nixos = import sources.proxmox-nixos;
|
proxmox-nixos = import sources.proxmox-nixos;
|
||||||
in
|
in
|
||||||
|
@ -6,6 +11,7 @@ in
|
||||||
imports = [ proxmox-nixos.nixosModules.proxmox-ve ];
|
imports = [ proxmox-nixos.nixosModules.proxmox-ve ];
|
||||||
services.proxmox-ve = {
|
services.proxmox-ve = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
ipAddress = meta.network.${name}.netbirdIp;
|
||||||
openFirewall = false;
|
openFirewall = false;
|
||||||
};
|
};
|
||||||
nixpkgs.overlays = [ proxmox-nixos.overlays.x86_64-linux ];
|
nixpkgs.overlays = [ proxmox-nixos.overlays.x86_64-linux ];
|
||||||
|
|
|
@ -8,6 +8,7 @@ lib.extra.mkConfig {
|
||||||
enabledServices = [
|
enabledServices = [
|
||||||
# List of services to enable
|
# List of services to enable
|
||||||
"unbound"
|
"unbound"
|
||||||
|
"nginx"
|
||||||
];
|
];
|
||||||
|
|
||||||
extraConfig = { };
|
extraConfig = { };
|
||||||
|
|
BIN
machines/labcore01/kfet/favicon.png
Normal file
BIN
machines/labcore01/kfet/favicon.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 3.5 KiB |
93
machines/labcore01/kfet/index.html
Normal file
93
machines/labcore01/kfet/index.html
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8" />
|
||||||
|
<meta name="viewport" content="width=device-width" />
|
||||||
|
<title>Ouverture K-Fêt</title>
|
||||||
|
<style>
|
||||||
|
#main {
|
||||||
|
margin: 0;
|
||||||
|
padding: 0;
|
||||||
|
width: 100vw;
|
||||||
|
height: 100vh;
|
||||||
|
text-align: center;
|
||||||
|
font-weight: bold;
|
||||||
|
font-size: 15vw;
|
||||||
|
display: flex;
|
||||||
|
justify-content: center;
|
||||||
|
align-content: center;
|
||||||
|
flex-direction: column;
|
||||||
|
}
|
||||||
|
|
||||||
|
* {
|
||||||
|
margin: 0;
|
||||||
|
padding: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.red {
|
||||||
|
background-color: red;
|
||||||
|
color: white;
|
||||||
|
}
|
||||||
|
|
||||||
|
.orange {
|
||||||
|
background-color: orange;
|
||||||
|
color: black;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
.green {
|
||||||
|
background-color: green;
|
||||||
|
color: white;
|
||||||
|
}
|
||||||
|
|
||||||
|
#main > p {
|
||||||
|
overflow: hidden;
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.orange > #orange {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
.green > #green {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
.red > #red {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
</style>
|
||||||
|
<link rel="manifest" href="manifest.webmanifest" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div id="main" class="orange">
|
||||||
|
<p id="orange">Non défini</p>
|
||||||
|
<p id="red">Fermé</p>
|
||||||
|
<p id="green">Ouvert</p>
|
||||||
|
</div>
|
||||||
|
<script>
|
||||||
|
// Créer une connexion WebSocket
|
||||||
|
const socket = new WebSocket('wss://kfet.sinavir.fr/ws/');
|
||||||
|
const div = document.getElementById("main");
|
||||||
|
|
||||||
|
// Écouter les messages
|
||||||
|
socket.addEventListener('message', function (event) {
|
||||||
|
console.log('Voici un message du serveur', event.data);
|
||||||
|
switch (JSON.parse(event.data).status) {
|
||||||
|
case "opened":
|
||||||
|
div.className = "green";
|
||||||
|
document.title = "🟢 Ouvert | K-Fêt";
|
||||||
|
break;
|
||||||
|
case "closed":
|
||||||
|
div.className = "red";
|
||||||
|
document.title = "🔴 Fermé | K-Fêt";
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
div.className = "orange";
|
||||||
|
document.title = "🟠 Indéfini | K-Fêt";
|
||||||
|
}
|
||||||
|
});
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
8
machines/labcore01/nginx.nix
Normal file
8
machines/labcore01/nginx.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{
|
||||||
|
dgn-web.enable = true;
|
||||||
|
services.nginx.virtualHosts."kfet.lab.dgnum.eu" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
root = ./kfet;
|
||||||
|
};
|
||||||
|
}
|
56
machines/photo01/_configuration.nix
Normal file
56
machines/photo01/_configuration.nix
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
# TODO: revamp to use the same framework as the other VMs
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
address = "129.199.146.101";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./_hardware-configuration.nix
|
||||||
|
|
||||||
|
./immich.nix
|
||||||
|
./nginx.nix
|
||||||
|
./photoprism.nix
|
||||||
|
];
|
||||||
|
deployment.targetHost = address;
|
||||||
|
deployment.tags = [ "cst1" ];
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
firewall.allowedTCPPorts = [
|
||||||
|
22
|
||||||
|
80
|
||||||
|
443
|
||||||
|
8007
|
||||||
|
];
|
||||||
|
firewall.allowedUDPPorts = [ ];
|
||||||
|
useNetworkd = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
time.timeZone = "Europe/Paris";
|
||||||
|
environment.systemPackages = with pkgs; [ neovim ];
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270"
|
||||||
|
];
|
||||||
|
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
|
||||||
|
systemd.network = {
|
||||||
|
config.routeTables = {
|
||||||
|
he = 100;
|
||||||
|
mwan = 110;
|
||||||
|
};
|
||||||
|
networks = {
|
||||||
|
"10-ens18" = {
|
||||||
|
name = "ens18";
|
||||||
|
|
||||||
|
networkConfig = {
|
||||||
|
Description = "ENS uplink";
|
||||||
|
Address = [ "129.199.146.101/24" ];
|
||||||
|
Gateway = "129.199.146.254";
|
||||||
|
LLDP = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
34
machines/photo01/_hardware-configuration.nix
Normal file
34
machines/photo01/_hardware-configuration.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{ lib, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader.systemd-boot.enable = true;
|
||||||
|
initrd.kernelModules = [ ];
|
||||||
|
kernelModules = [ ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
initrd.availableKernelModules = [
|
||||||
|
"ata_piix"
|
||||||
|
"uhci_hcd"
|
||||||
|
"virtio_pci"
|
||||||
|
"virtio_scsi"
|
||||||
|
"sd_mod"
|
||||||
|
"sr_mod"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-partlabel/disk-sda-root";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-partlabel/disk-sda-ESP";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault false;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
16
machines/photo01/immich.nix
Normal file
16
machines/photo01/immich.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{
|
||||||
|
services.immich = {
|
||||||
|
enable = true;
|
||||||
|
# NOTE: default port changes in a later version
|
||||||
|
port = 3001;
|
||||||
|
machine-learning.enable = true;
|
||||||
|
host = "localhost";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."immich.lab.dgnum.eu" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
serverAliases = [ ];
|
||||||
|
locations."/".proxyPass = "http://localhost:3001/";
|
||||||
|
};
|
||||||
|
}
|
10
machines/photo01/nginx.nix
Normal file
10
machines/photo01/nginx.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
clientMaxBodySize = "500m";
|
||||||
|
};
|
||||||
|
}
|
8
machines/photo01/openssh.nix
Normal file
8
machines/photo01/openssh.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
PasswordAuthentication = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
54
machines/photo01/photoprism.nix
Normal file
54
machines/photo01/photoprism.nix
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services = {
|
||||||
|
photoprism = {
|
||||||
|
enable = true;
|
||||||
|
port = 2342;
|
||||||
|
settings = {
|
||||||
|
PHOTOPRISM_DEFAULT_LOCALE = "fr";
|
||||||
|
PHOTOPRISM_ADMIN_USERNAME = "admin";
|
||||||
|
PHOHOPRISM_SITE_URL = "https://photoprism.lab.dgnum.eu";
|
||||||
|
PHOTOPRISM_SITE_CAPTION = "PhotoPrism";
|
||||||
|
|
||||||
|
# DB access config
|
||||||
|
PHOTOPRISM_DATABASE_DRIVER = "mysql";
|
||||||
|
PHOTOPRISM_DATABASE_NAME = "photoprism";
|
||||||
|
PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
|
||||||
|
PHOTOPRISM_DATABASE_USER = "photoprism";
|
||||||
|
};
|
||||||
|
|
||||||
|
originalsPath = "/data/photos";
|
||||||
|
|
||||||
|
address = "localhost";
|
||||||
|
|
||||||
|
#importPath = "/photoprism/imports";
|
||||||
|
passwordFile = "/passwords/photoprism";
|
||||||
|
};
|
||||||
|
|
||||||
|
mysql = {
|
||||||
|
enable = true;
|
||||||
|
dataDir = "/data/mysql";
|
||||||
|
package = pkgs.mariadb;
|
||||||
|
ensureDatabases = [ "photoprism" ];
|
||||||
|
ensureUsers = [
|
||||||
|
{
|
||||||
|
name = "photoprism";
|
||||||
|
ensurePermissions = {
|
||||||
|
"photoprism.*" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
nginx.virtualHosts."photoprism.lab.dgnum.eu" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
serverAliases = [ ];
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://localhost:2342/";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
3
machines/photo01/secrets/secrets.nix
Normal file
3
machines/photo01/secrets/secrets.nix
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
(import ../../../keys).mkSecrets [ "photo01" ] [
|
||||||
|
# List of secrets for router02
|
||||||
|
]
|
18
machines/roam01/_configuration.nix
Normal file
18
machines/roam01/_configuration.nix
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
|
||||||
|
lib.extra.mkConfig {
|
||||||
|
enabledModules = [
|
||||||
|
# List of modules to enable
|
||||||
|
];
|
||||||
|
|
||||||
|
enabledServices = [
|
||||||
|
# List of services to enable
|
||||||
|
"wireguard"
|
||||||
|
];
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
|
networking.interfaces.enp1s0.useDHCP = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
root = ./.;
|
||||||
|
}
|
58
machines/roam01/_hardware-configuration.nix
Normal file
58
machines/roam01/_hardware-configuration.nix
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
initrd = {
|
||||||
|
availableKernelModules = [
|
||||||
|
"xhci_pci"
|
||||||
|
"usb_storage"
|
||||||
|
"usbhid"
|
||||||
|
"sd_mod"
|
||||||
|
"sdhci_pci"
|
||||||
|
];
|
||||||
|
kernelModules = [ ];
|
||||||
|
};
|
||||||
|
kernelModules = [ "kvm-intel" ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/bfb4359b-75b2-4fa0-bdb6-283658a0019a";
|
||||||
|
fsType = "xfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/1A70-E9AE";
|
||||||
|
fsType = "vfat";
|
||||||
|
options = [
|
||||||
|
"fmask=0022"
|
||||||
|
"dmask=0022"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ { device = "/dev/disk/by-uuid/6518c729-a0cb-41b4-acc8-ec219d0afba6"; } ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp4s0d1.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
4
machines/roam01/secrets/secrets.nix
Normal file
4
machines/roam01/secrets/secrets.nix
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
(import ../../../keys).mkSecrets [ "roam01" ] [
|
||||||
|
# List of secrets for router02
|
||||||
|
"systemd-network-wg_key"
|
||||||
|
]
|
39
machines/roam01/secrets/systemd-network-wg_key
Normal file
39
machines/roam01/secrets/systemd-network-wg_key
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 jIXfPA eITDLS0bZ9nCNbcpXN2S2JK6+gy0V9Ix5anuz1DXpi8
|
||||||
|
h/3wu702P2+Mnrsh5EimLoLY6XPiyTvjytjVr2nVPU0
|
||||||
|
-> ssh-ed25519 QlRB9Q atT+Cb4dk/jH7uhQ7b8Qu1E4tFcrm7mUzqhwlvciCng
|
||||||
|
eZvsq5OsW7cxf4EmE7L4KhzmiCRhV72ILT5mOg3D7GY
|
||||||
|
-> ssh-ed25519 r+nK/Q RfAubzTOifMb9Pukkwkh7iUgOLxmIxkPCBhZqzohHA4
|
||||||
|
0rdpQrp7iSRjGCsi7EjOcuCx2YXXscJxIYv0vfpV9hw
|
||||||
|
-> ssh-rsa krWCLQ
|
||||||
|
tBs7XiMvJdAqbtZTaDxgyLrHxyUjgKU4amTtPdVxRUuqm4uSoxoHJj7N6NGBPhW4
|
||||||
|
ODB8ft5OoAwjtP/D12pNUn3fsIuo7DJGc57Dt74f0ge+MWTVI/tEC8I8EVOVYIpv
|
||||||
|
Udc1kW8n2CCdkAulSrvlfLQPuVFUcOYWGTvEVE05gPRoJ7NiXR9CW2ByyRjD12Fj
|
||||||
|
W+8c/H0/h8CmWGRFMZG+xlt9DmYNegz2TCKyTJPtWHRT6sYCqct13GQP/C8s8fJv
|
||||||
|
ZQjIUcF91EBTr6Gc0fGEYFmKQckOkEeAG3P92YuK9NLyHw5xHl9M+gFZlYsQ91kg
|
||||||
|
/uVW29GmK7qoyxpUP0GamA
|
||||||
|
-> ssh-ed25519 /vwQcQ 0y6bP+6t8EhcHs7ap/FmCDWxQLCkDF5KyeXlGZln9Qc
|
||||||
|
9xpybiFqQTxJ8Po0044HRhoBlmcFzqeXMG3IrZzKOdI
|
||||||
|
-> ssh-ed25519 0R97PA 1pn+9GwTf+AHsSCqI+xe0blM/6qJUgCgjCF3mlEV4k0
|
||||||
|
W278+7Qc5/QyALiy1Gt8WKqCw+MX4Ko0VLV+p1KoSjA
|
||||||
|
-> ssh-ed25519 JGx7Ng hrWsXtVn1DNQ86woVee66ljaMpgBBoJmHdS7qyESbz0
|
||||||
|
dRPPTNmGYFZ+VR9gPhfD5wutqIuJXXEtoMapnAShrHE
|
||||||
|
-> ssh-ed25519 bUjjig RzQTuUiEmKd9VqYMKz3cbaU7v4OncTK8N1VA+4M851w
|
||||||
|
49tmBO+NwrGfNyDwcyuk+7DFqK0yYfZoJ98qeYg0yBY
|
||||||
|
-> ssh-ed25519 5SY7Kg 9icmp/ZQKCNxep3mnqbJs3pfjaunJwpK9OP5PhXSvE4
|
||||||
|
Yx6OjFMMwg+MRsHSlg8DjBDF5jumxJcweaWPsy0TCNU
|
||||||
|
-> ssh-ed25519 p/Mg4Q yhvaDm7yq75qq2Sb5wmXqunG5sHoamAi0r/kBOFHJjw
|
||||||
|
ZnmJd4au4dGscs7HdW1TqqLjqniRT3EhivgllyuGp5s
|
||||||
|
-> ssh-ed25519 5rrg4g oQn9sbjixiuN02aDo/v4n6JWTT4MPbYVwni0OW04NFk
|
||||||
|
hhYoASjz7CPqNXwGCOydrzadudrvncUsv318zFFUB0A
|
||||||
|
-> ssh-ed25519 oRtTqQ holCshSmzD+N5BYaUOv00WZlFn0UOLTikddFPZpCw1o
|
||||||
|
XdPjWqs7UqmA4ZLbgNAlDuHcdEGeeGCryBLE0jUtRbM
|
||||||
|
-> ssh-ed25519 F2C+8w h7ncoDRcnH+pVcRAP5au111c47oRjg4ISn93qK912zk
|
||||||
|
7sisrDx+avRb9HE2WvYkgSErsvNMqsc+UESmRKt7xz8
|
||||||
|
-> ssh-ed25519 PMC4Bw oyKwRE22OV8RupaRKV6MgdL9sYK12NvhRDseQwo2MWE
|
||||||
|
oQOX7qy2Lo6eqmOBqgCjssu5mrd85NQDwmOdzIrj7yg
|
||||||
|
-> :1G-grease
|
||||||
|
krZ6nazBc8pS3EHxhcidv4uBigiek7jhODqwOoFQa3+31acCrziN8elOxd6gEa7B
|
||||||
|
a/xpMlN0
|
||||||
|
--- BZD889tFoBkFafKWHk0vfNhpP+YtdcU+wpmm0d9RV+Q
|
||||||
|
Ç„yz¥5Y7ùY}‡ˆ"·Q{±sy;âÇ“˜dÛü°”PX4¹Ï›Ã×c½Š1AÕv©ýJ›î<ž^fÁ¯ƒñv3U%eó]–P
|
54
machines/roam01/wireguard.nix
Normal file
54
machines/roam01/wireguard.nix
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
dgn-keys,
|
||||||
|
name,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
mkPeer =
|
||||||
|
prefix: peerName:
|
||||||
|
let
|
||||||
|
peer = dgn-keys.getVpnKey "wg-mgmt" peerName;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
Endpoint = "129.199.146.230:1194";
|
||||||
|
PersistentKeepalive = 25;
|
||||||
|
AllowedIPs = [ "fdaa::${prefix}:0/64" ];
|
||||||
|
PublicKey = peer.key;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
age-secrets.autoMatch = [ "systemd-network" ];
|
||||||
|
networking.firewall.trustedInterfaces = [ "wg0" ];
|
||||||
|
systemd.network = {
|
||||||
|
networks = {
|
||||||
|
"50-wg-mgmt" = {
|
||||||
|
name = "wg-mgmt";
|
||||||
|
address = [ "fdaa::${lib.toHexString (dgn-keys.getVpnKey "wg-mgmt" name).id}/64" ];
|
||||||
|
routes = [
|
||||||
|
{
|
||||||
|
Destination = "fdaa::/64";
|
||||||
|
Scope = "link";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
netdevs = {
|
||||||
|
"50-wg-mgmt" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "wg-mgmt";
|
||||||
|
Kind = "wireguard";
|
||||||
|
};
|
||||||
|
wireguardConfig = {
|
||||||
|
ListenPort = 1194;
|
||||||
|
PrivateKeyFile = config.age.secrets."systemd-network-wg_key".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
wireguardPeers = builtins.map (mkPeer "0") [ "router02" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.allowedUDPPorts = [ 1194 ];
|
||||||
|
}
|
|
@ -8,6 +8,8 @@ lib.extra.mkConfig {
|
||||||
enabledServices = [
|
enabledServices = [
|
||||||
# List of services to enable
|
# List of services to enable
|
||||||
"networking"
|
"networking"
|
||||||
|
"wireguard"
|
||||||
|
"nginx-sni"
|
||||||
];
|
];
|
||||||
|
|
||||||
extraConfig = { };
|
extraConfig = { };
|
||||||
|
|
|
@ -42,7 +42,7 @@
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
networking.useDHCP = lib.mkDefault true;
|
# networking.useDHCP = lib.mkDefault true;
|
||||||
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
|
|
@ -10,7 +10,10 @@
|
||||||
|
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
Description = "ENS uplink";
|
Description = "ENS uplink";
|
||||||
Address = [ "129.199.146.230/24" ];
|
Address = [
|
||||||
|
"129.199.146.231/24"
|
||||||
|
"129.199.146.230/24"
|
||||||
|
];
|
||||||
Gateway = "129.199.146.254";
|
Gateway = "129.199.146.254";
|
||||||
LLDP = true;
|
LLDP = true;
|
||||||
# Only to the switch we are connected to directly, e.g. the hypervisor or the switch.
|
# Only to the switch we are connected to directly, e.g. the hypervisor or the switch.
|
||||||
|
@ -34,36 +37,32 @@
|
||||||
"50-tun-he" = {
|
"50-tun-he" = {
|
||||||
name = "sit-he";
|
name = "sit-he";
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
Description = "HE.NET IPv6 Tunnel (gdd)";
|
Description = "HE.NET IPv6 Tunnel (maurice)";
|
||||||
Address = [ "2001:470:1f12:187::2/64" ];
|
Address = [ "2001:470:1f12:2b::2/64" ];
|
||||||
ConfigureWithoutCarrier = true;
|
ConfigureWithoutCarrier = true;
|
||||||
};
|
};
|
||||||
routes = [
|
routes = [
|
||||||
{
|
{
|
||||||
routeConfig = {
|
|
||||||
Destination = "::/0";
|
Destination = "::/0";
|
||||||
Table = "he";
|
Table = "he";
|
||||||
Scope = "global";
|
Scope = "global";
|
||||||
};
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
# Use HE tunnel for router trafic as well
|
# Use HE tunnel for router trafic as well
|
||||||
routeConfig = {
|
|
||||||
Destination = "::/0";
|
Destination = "::/0";
|
||||||
Scope = "global";
|
Scope = "global";
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
routingPolicyRules = [
|
routingPolicyRules = [
|
||||||
{
|
{
|
||||||
routingPolicyRuleConfig = {
|
routingPolicyRuleConfig = {
|
||||||
From = "2001:470:1f13:187::/64";
|
From = "2001:470:1f13:2b::/64";
|
||||||
Table = "he";
|
Table = "he";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
routingPolicyRuleConfig = {
|
routingPolicyRuleConfig = {
|
||||||
To = "2001:470:1f13:187::/64";
|
To = "2001:470:1f13:2b::/64";
|
||||||
Table = "he";
|
Table = "he";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -82,41 +81,31 @@
|
||||||
};
|
};
|
||||||
routes = [
|
routes = [
|
||||||
{
|
{
|
||||||
routeConfig = {
|
|
||||||
Gateway = "2a0b:cbc0:1::215";
|
Gateway = "2a0b:cbc0:1::215";
|
||||||
PreferredSource = "2a0e:e701:1120::1";
|
PreferredSource = "2a0e:e701:1120::1";
|
||||||
};
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
# Local route
|
# Local route
|
||||||
routeConfig = {
|
|
||||||
Table = "mwan";
|
Table = "mwan";
|
||||||
Destination = "2a0e:e701:1120::/64";
|
Destination = "2a0e:e701:1120::/64";
|
||||||
};
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
# Default unreachable route for unattributed prefixes of our /48
|
# Default unreachable route for unattributed prefixes of our /48
|
||||||
routeConfig = {
|
|
||||||
Table = "mwan";
|
Table = "mwan";
|
||||||
Metric = 9999;
|
Metric = 9999;
|
||||||
Destination = "2a0e:e701:1120::/48";
|
Destination = "2a0e:e701:1120::/48";
|
||||||
Type = "unreachable";
|
Type = "unreachable";
|
||||||
};
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
routeConfig = {
|
|
||||||
Table = "mwan";
|
Table = "mwan";
|
||||||
Gateway = "2a0b:cbc0:1::215";
|
Gateway = "2a0b:cbc0:1::215";
|
||||||
PreferredSource = "2a0e:e701:1120::1";
|
PreferredSource = "2a0e:e701:1120::1";
|
||||||
};
|
|
||||||
}
|
}
|
||||||
# IPv4
|
# IPv4
|
||||||
{
|
{
|
||||||
routeConfig = {
|
|
||||||
Scope = "global";
|
Scope = "global";
|
||||||
Table = "mwan";
|
Table = "mwan";
|
||||||
Gateway = "10.1.1.49";
|
Gateway = "10.1.1.49";
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
routingPolicyRules = [
|
routingPolicyRules = [
|
||||||
|
@ -165,10 +154,8 @@
|
||||||
];
|
];
|
||||||
routes = [
|
routes = [
|
||||||
{
|
{
|
||||||
routeConfig = {
|
|
||||||
Table = "mwan";
|
Table = "mwan";
|
||||||
Destination = "2a0e:e701:1120:1000::/64";
|
Destination = "2a0e:e701:1120:1000::/64";
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -176,23 +163,21 @@
|
||||||
name = "vlan-he-dmz";
|
name = "vlan-he-dmz";
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
Description = "HE DMZ VLAN";
|
Description = "HE DMZ VLAN";
|
||||||
Address = [ "2001:470:1f13:187::1/64" ];
|
Address = [ "2001:470:1f13:2b::1/64" ];
|
||||||
IPv6SendRA = "yes";
|
IPv6SendRA = "yes";
|
||||||
};
|
};
|
||||||
ipv6Prefixes = [
|
ipv6Prefixes = [
|
||||||
{
|
{
|
||||||
ipv6PrefixConfig = {
|
ipv6PrefixConfig = {
|
||||||
Prefix = "2001:470:1f13:187::0/64";
|
Prefix = "2001:470:1f13:2b::0/64";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
routes = [
|
routes = [
|
||||||
{
|
{
|
||||||
routeConfig = {
|
|
||||||
Table = "he";
|
Table = "he";
|
||||||
Scope = "global";
|
Scope = "global";
|
||||||
Destination = "2001:470:1f13:187::/64";
|
Destination = "2001:470:1f13:2b::/64";
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -204,7 +189,7 @@
|
||||||
Name = "sit-he";
|
Name = "sit-he";
|
||||||
};
|
};
|
||||||
tunnelConfig = {
|
tunnelConfig = {
|
||||||
Local = "129.199.146.230";
|
Local = "129.199.146.231";
|
||||||
Remote = "216.66.84.42";
|
Remote = "216.66.84.42";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
21
machines/router02/nginx-sni.nix
Normal file
21
machines/router02/nginx-sni.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{ meta, ... }:
|
||||||
|
let
|
||||||
|
# Beware, jool will not translate. Prefer ipv6 proxy target
|
||||||
|
machines = builtins.mapAttrs (
|
||||||
|
host: { site, ... }: "v6.${host}.${site}.infra.lab.dgnum.eu:443"
|
||||||
|
) meta.nodes;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
dgn-web.enable = true;
|
||||||
|
services.nginx = {
|
||||||
|
sni-proxy = {
|
||||||
|
preStreamConfig = ''
|
||||||
|
resolver 127.0.0.53;
|
||||||
|
'';
|
||||||
|
enable = true;
|
||||||
|
redirects = {
|
||||||
|
"kfet.lab.dgnum.eu" = machines.labcore01;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,3 +1,4 @@
|
||||||
(import ../../../keys).mkSecrets [ "router02" ] [
|
(import ../../../keys).mkSecrets [ "router02" ] [
|
||||||
# List of secrets for router02
|
# List of secrets for router02
|
||||||
|
"systemd-network-wg_key"
|
||||||
]
|
]
|
||||||
|
|
39
machines/router02/secrets/systemd-network-wg_key
Normal file
39
machines/router02/secrets/systemd-network-wg_key
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 jIXfPA 6v2v03EntXNNOnWAuZEcLybn6iWI+LB0kA/AbzszgQs
|
||||||
|
aqtydlqLgpfvC9rz0x0MshF+RfYJSpQaah5moS3CsGY
|
||||||
|
-> ssh-ed25519 QlRB9Q 8SqWmf7skeFnmT1HU43V7PwaqYl/hHTifx70qr05Y3c
|
||||||
|
W/b0CABozdoiSXWokOs+ChRL2pKCjL/b3kZHsBLBemw
|
||||||
|
-> ssh-ed25519 r+nK/Q TwRRJzM7q81lTdiMwINKYs5RqUaKR9odwTj0CaAUOFU
|
||||||
|
mYvyP/UeLFDgXFAUkCfZRNuRTJBL5t01nQ5a3U9BVrc
|
||||||
|
-> ssh-rsa krWCLQ
|
||||||
|
ssWV1ySMEEZJEsNUjss0U+rLVLYVLlPovyeqv3dWgRdbojFOboXZh7yo07KHOuu8
|
||||||
|
N3QU64Iy1B8VOoPPhkfRURJjsjEEt/48gwMm9Ff9lmF/rxuw8KOPlGgAF+HwGK0z
|
||||||
|
Y2gTJkehFuuBN70jsPpCGqlEpmbwLfw1BbYp8zYEq6OKXkhZjIWVEwfa3Ahiw0Z7
|
||||||
|
3VTC/9GVhpPu/s532TxYNsTZj6nBSp22jc8AZZvOxbPrV5Qk8yLb3JMfXBWn3bJv
|
||||||
|
N4A1x+ibCI6bnl+gYzmVjiquMuo8CMR1t+KAp6nNfv1dZT5UDBYKswYQ1AhQi7jh
|
||||||
|
KzBK3vInE18L3qWPxt4Zdw
|
||||||
|
-> ssh-ed25519 /vwQcQ YilslLDdIPQRNOr/ZA+WreHP5PNBiy/f6xz2UImsEQA
|
||||||
|
gjH2VsGYM/bJu+X5vwF1y+r0+pDC7EOjesuawUw5WAo
|
||||||
|
-> ssh-ed25519 0R97PA qFqvdP6/zg+/ruLrNmmFdi0ED43LVNtrfFISTVMLimA
|
||||||
|
YQyo/5tyH2JMPWiqV0bxWhMWVpyjcaQc9nr1WPUMygc
|
||||||
|
-> ssh-ed25519 JGx7Ng /SvvUDt/rDTaFOqaxL+d49pNyx7Wvkl0FMr36RIsxgQ
|
||||||
|
pF191qRavD24LSw2JHKpVKFGK281UitMTcLDV7Zw87M
|
||||||
|
-> ssh-ed25519 bUjjig +o1W/J1qFW96kC5SCz5azW4ar/bGglWOIST/VEBl0k8
|
||||||
|
mHPgOqZN5eLw5AG47TIXccckR1qhhr6Ix08l3CY2NF4
|
||||||
|
-> ssh-ed25519 5SY7Kg 53VjPE/xjun7Q1fKUaRKoEw1p5ble9fiunb/hX8sSns
|
||||||
|
5ro90MKLPz2rqdHghVBbrKXiRHHUEeRKkB+RZwxX1Ls
|
||||||
|
-> ssh-ed25519 p/Mg4Q tLc6UNchEe2AR/91gGauHIhD84UfKbIgS5MR77dhxhw
|
||||||
|
Q5/8BbmXj9wTv0oHr73Au3gNgMDPxT1btyRFhVZ+My8
|
||||||
|
-> ssh-ed25519 5rrg4g WVq0dsHIxZffMqbAgdtBoMZDpzWI2eSc/gYuohn2JHc
|
||||||
|
CXBXkFLl8ljpBZK3emGaj5D0lb07KfCBeHPLc0AuCFA
|
||||||
|
-> ssh-ed25519 oRtTqQ Zq/GevKIc0qaGd0jXWpkd88BxA6yPonFzvxqxtylCiw
|
||||||
|
KO0avMpoF1ICg+17xvsmBLGsZ4FVorjkcMl/adT2/IU
|
||||||
|
-> ssh-ed25519 F2C+8w b9E1FgolbSv9cbAKTwSUnUhcilOFC3mkX8zEgeYwJxs
|
||||||
|
vqh2UldeQQTkDuiRxrT8+Xxdpt2s16X+14J57rpZVKM
|
||||||
|
-> ssh-ed25519 Dk/ltw 9zNl1I2J0A99y6G2M4JHhUVgn/9xcCaDz+I1NQxJewg
|
||||||
|
GFQp+hYM9dyICmI5UmdnNftq7g3QyNH3MlkAoag8YtQ
|
||||||
|
-> jn$!zr-grease w#SDYrYf
|
||||||
|
tNm7A1/g1RMy3lwzsibb/VhsMojufa8iCJCfZ5PG13ikyKab/8GY2oBO282yzcGJ
|
||||||
|
NLDaG5WbIbese3Rxi+rC0ucRZYWlx/w
|
||||||
|
--- 8tELVgxGaIQsgC4NrrRbSh8Y8p+d8sQLG6pWZrc4b3o
|
||||||
|
<16>kÜèŽuûEõ¬4>7>«p<C2AB>KøÎH¶ê$8MÞŸ@¢’¢û„<C3BB>°º
fñ`ÿ°XÍÚLi½:”öû³&wè>
4€•,#q¿h™4
|
57
machines/router02/wireguard.nix
Normal file
57
machines/router02/wireguard.nix
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
dgn-keys,
|
||||||
|
name,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
mkPeer =
|
||||||
|
prefix: peerName:
|
||||||
|
let
|
||||||
|
peer = dgn-keys.getVpnKey "wg-mgmt" peerName;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
AllowedIPs = [ "fdaa::${prefix}:${lib.toHexString peer.id}/32" ];
|
||||||
|
PublicKey = peer.key;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
age-secrets.autoMatch = [ "systemd-network" ];
|
||||||
|
networking.firewall.trustedInterfaces = [ "wg0" ];
|
||||||
|
systemd.network = {
|
||||||
|
networks = {
|
||||||
|
"50-wg-mgmt" = {
|
||||||
|
name = "wg-mgmt";
|
||||||
|
address = [ "fdaa::${lib.toHexString (dgn-keys.getVpnKey "wg-mgmt" name).id}/64" ];
|
||||||
|
routes = [
|
||||||
|
{
|
||||||
|
Destination = "fdaa::/64";
|
||||||
|
Scope = "link";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
netdevs = {
|
||||||
|
"50-wg-mgmt" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "wg-mgmt";
|
||||||
|
Kind = "wireguard";
|
||||||
|
};
|
||||||
|
wireguardConfig = {
|
||||||
|
ListenPort = 1194;
|
||||||
|
PrivateKeyFile = config.age.secrets."systemd-network-wg_key".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
wireguardPeers =
|
||||||
|
builtins.map (mkPeer "1") [
|
||||||
|
"mdebray"
|
||||||
|
"catvayor"
|
||||||
|
]
|
||||||
|
++ builtins.map (mkPeer "0") [ "roam01" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.allowedUDPPorts = [ 1194 ];
|
||||||
|
}
|
25
machines/routexp01/_configuration.nix
Normal file
25
machines/routexp01/_configuration.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
|
||||||
|
lib.extra.mkConfig {
|
||||||
|
enabledModules = [
|
||||||
|
# List of modules to enable
|
||||||
|
"lab-routexp"
|
||||||
|
];
|
||||||
|
|
||||||
|
enabledServices = [
|
||||||
|
# List of services to enable
|
||||||
|
];
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
|
lab-routexp = {
|
||||||
|
id = 1;
|
||||||
|
|
||||||
|
connections = [
|
||||||
|
1001
|
||||||
|
1002
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
root = ./.;
|
||||||
|
}
|
40
machines/routexp01/_hardware-configuration.nix
Normal file
40
machines/routexp01/_hardware-configuration.nix
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
sources,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
(sources.disko + "/module.nix")
|
||||||
|
./disko.nix
|
||||||
|
];
|
||||||
|
boot = {
|
||||||
|
initrd = {
|
||||||
|
availableKernelModules = [
|
||||||
|
"ata_piix"
|
||||||
|
"uhci_hcd"
|
||||||
|
"virtio_pci"
|
||||||
|
"virtio_scsi"
|
||||||
|
"sd_mod"
|
||||||
|
"sr_mod"
|
||||||
|
];
|
||||||
|
kernelModules = [ ];
|
||||||
|
};
|
||||||
|
kernelModules = [ ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
33
machines/routexp01/disko.nix
Normal file
33
machines/routexp01/disko.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
_: {
|
||||||
|
disko.devices = {
|
||||||
|
disk = {
|
||||||
|
main = {
|
||||||
|
device = "/dev/sda";
|
||||||
|
type = "disk";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
ESP = {
|
||||||
|
type = "EF00";
|
||||||
|
size = "1G";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
mountOptions = [ "umask=0077" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "ext4";
|
||||||
|
mountpoint = "/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
1
machines/routexp01/networking.nix
Normal file
1
machines/routexp01/networking.nix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{ }
|
3
machines/routexp01/secrets/secrets.nix
Normal file
3
machines/routexp01/secrets/secrets.nix
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
(import ../../../keys).mkSecrets [ "routexp01" ] [
|
||||||
|
# List of secrets for router02
|
||||||
|
]
|
25
machines/status01/_configuration.nix
Normal file
25
machines/status01/_configuration.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
|
||||||
|
lib.extra.mkConfig {
|
||||||
|
enabledModules = [
|
||||||
|
# List of modules to enable
|
||||||
|
];
|
||||||
|
|
||||||
|
enabledServices = [
|
||||||
|
# List of services to enable
|
||||||
|
"nginx"
|
||||||
|
"uptime-kuma"
|
||||||
|
];
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
|
deployment.tags = [ "cst1" ];
|
||||||
|
networking = {
|
||||||
|
firewall.allowedTCPPorts = [
|
||||||
|
80
|
||||||
|
443
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
root = ./.;
|
||||||
|
}
|
34
machines/status01/_hardware-configuration.nix
Normal file
34
machines/status01/_hardware-configuration.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{ lib, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader.systemd-boot.enable = true;
|
||||||
|
initrd.kernelModules = [ ];
|
||||||
|
kernelModules = [ ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
initrd.availableKernelModules = [
|
||||||
|
"ata_piix"
|
||||||
|
"uhci_hcd"
|
||||||
|
"virtio_pci"
|
||||||
|
"virtio_scsi"
|
||||||
|
"sd_mod"
|
||||||
|
"sr_mod"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-partlabel/disk-sda-root";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-partlabel/disk-sda-ESP";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault false;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
10
machines/status01/nginx.nix
Normal file
10
machines/status01/nginx.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
clientMaxBodySize = "500m";
|
||||||
|
};
|
||||||
|
}
|
4
machines/status01/secrets/secrets.nix
Normal file
4
machines/status01/secrets/secrets.nix
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
(import ../../../keys).mkSecrets [ "status01" ] [
|
||||||
|
# List of secrets for router02
|
||||||
|
"stateless-uptime-kuma-password"
|
||||||
|
]
|
39
machines/status01/secrets/stateless-uptime-kuma-password
Normal file
39
machines/status01/secrets/stateless-uptime-kuma-password
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 jIXfPA 53kqaGHoIiBW34TabFATNf+2Nju2FAQm5euxBlp4L2E
|
||||||
|
65jmuV2qa4FggzatITYncVQNSYTRtKEFZsBbtkQ487A
|
||||||
|
-> ssh-ed25519 QlRB9Q VwYIAUut50rqvm4nOUZf6Sp/HzyfE1Fg6JSsMF0H53s
|
||||||
|
euInJsL53RwaCza7OTZNRx+swsXcnN9FUMFMgmSnLug
|
||||||
|
-> ssh-ed25519 r+nK/Q 4ZxPhgovFEX8cX3mEarpl83i4Gg1IjDBdFwqlqt0p0E
|
||||||
|
n0oIgVJbCV9wd8GgPm4zDSKU+WPxrpXe1hNOH0M9orE
|
||||||
|
-> ssh-rsa krWCLQ
|
||||||
|
QxjqLVS1ANlU4kOSq9ybEHLlTrC9V9l5kQAakG9FLvGg6J88MM5v2oJzqN0MdRMy
|
||||||
|
HC26YFwibUMrues0qXfEYAx3uuss2TS82XAlZPGC4/dn31czI7mTjgbkkwVZZ1ED
|
||||||
|
SP8VWCAb/zjJoN+cSiVsTbu++b5dnavI2HrEA45pGopkG0usJE8Llr7kI/1Pb5Hi
|
||||||
|
GaYdjBk5MVrA+K8PTRJ3OdDM3aTKFaoPS5vgWM2RfSSkhVK51fKxIWkiphk5hZ7l
|
||||||
|
dmHk9qNiwZkg2wWp0W4pBCbHRzoIT2osNlbsO1IpsaNrVijrvxg5qHUHa1uqw5pB
|
||||||
|
fJ/7dh59Ckc6FkE7Mka1EQ
|
||||||
|
-> ssh-ed25519 /vwQcQ h3/pglzg2HhJ9AYixQgm//hDDfKwDm0qfdEYj94FF0Y
|
||||||
|
mJh35flVyki/cpuIlHMR2j2WI35W/HarJzJBvpa2hps
|
||||||
|
-> ssh-ed25519 0R97PA FKZr+kWHbRcZ0Ne6KdCH6mALFgTjAzquDyw3/HvTHXA
|
||||||
|
m0hzEpVB0n8LXEjFompdmDbGQQSEvXhQrxJWaCAhziA
|
||||||
|
-> ssh-ed25519 JGx7Ng TjvfKNCJIf8wW4p4VurJG4Ynl/s9ZoDndcP9GQs7K24
|
||||||
|
5Ps+MgsCaws3PKv1EFPHv1BdZVD4u/DfPiNgxTIEPDI
|
||||||
|
-> ssh-ed25519 bUjjig UEHCVJRj+Np4EvAUacUKaEIEtcv/92h/mdxpqwW9XjQ
|
||||||
|
nQfWPkwJ7MufMbTJ1ktE3skBxKu89ps7b/P48bevkwM
|
||||||
|
-> ssh-ed25519 5SY7Kg wP8S7omqt+wibyrLGdwChOilKLhlk3Uttouofrvn6Hg
|
||||||
|
PeHvagZGw11Jq8NZFi6Pvh+XSNgklY/235YKhUPogN4
|
||||||
|
-> ssh-ed25519 p/Mg4Q SC0lkuoNTFyPzVWW+CFQfsV5thLhnAlNMlW6r/M70WA
|
||||||
|
DR1hkNnQ1xOwSC6gk0i33Tn52iDNqsszPmxBrSS2/aU
|
||||||
|
-> ssh-ed25519 5rrg4g isrznX6EZE5Do1eNekhqaR/ZFeiMIzkk+y3+nIJ3dTM
|
||||||
|
nxLDqq/xhgCWQKlolE+7u06j3GrMKxSAirkDl5Y8zzA
|
||||||
|
-> ssh-ed25519 oRtTqQ GvvIExclzvOhzRs9TqSyPUMpPvFDcwOkthEKgxoOH3I
|
||||||
|
LkdOSCDASTS9EryBmarT9m2TVL3aafeN+FVGSyxN9AY
|
||||||
|
-> ssh-ed25519 F2C+8w USOT3pzvufIWjz7zelcMDACuyGAbwHfJ1wQc0Z5aS0A
|
||||||
|
ZnuvqZ0NdgmpDSc//c99j2X+B0FvioLS1eBC4mX9PQ0
|
||||||
|
-> ssh-ed25519 LCTbpA SLX/uFy8NniL/3dG2sOWFJqelwbcRC5UA+Ji7pYAFlQ
|
||||||
|
ckIg5nwZSsM1DAMT9DN2LPKnlQTQye54YUmHYDJ4rp4
|
||||||
|
-> +ka/`8V-grease `iuUWsh
|
||||||
|
61TbfYZeLgnlK2g7xDxOvPyZx1i1WlkyM6HtZVUUlUag0+k2mF2kuANCsm8GDJd4
|
||||||
|
qFDrRc6wmaCRnVf78HSdIJXKviR4QlxNXDnpTeh1jFGtIW4GXVHp
|
||||||
|
--- S/VYe23MY+e4qRXq615pCpV2VYHJF+s3ioeIEDaKPA8
|
||||||
|
n~,ló̓’ŽSïD10<31>“àBFjºÞ1çbÃU©íš>Ö½íø˹Ýâ{÷§b$ϧ
|
30
machines/status01/unethical_patch_0.patch
Normal file
30
machines/status01/unethical_patch_0.patch
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
diff --git a/server/model/group.js b/server/model/group.js
|
||||||
|
index 5b712ace..ecbced1a 100644
|
||||||
|
--- a/server/model/group.js
|
||||||
|
+++ b/server/model/group.js
|
||||||
|
@@ -31,10 +31,23 @@ class Group extends BeanModel {
|
||||||
|
*/
|
||||||
|
async getMonitorList() {
|
||||||
|
return R.convertToBeans("monitor", await R.getAll(`
|
||||||
|
- SELECT monitor.*, monitor_group.send_url FROM monitor, monitor_group
|
||||||
|
- WHERE monitor.id = monitor_group.monitor_id
|
||||||
|
+ SELECT monitor.*, monitor_group.send_url
|
||||||
|
+ FROM monitor
|
||||||
|
+ INNER JOIN monitor_group ON monitor.id = monitor_group.monitor_id
|
||||||
|
+ WHERE monitor.id IN (
|
||||||
|
+ SELECT hb.monitor_id
|
||||||
|
+ FROM heartbeat hb
|
||||||
|
+ INNER JOIN (
|
||||||
|
+ SELECT monitor_id, MAX(time) AS latest_time
|
||||||
|
+ FROM heartbeat
|
||||||
|
+ GROUP BY monitor_id
|
||||||
|
+ ) latest_hb
|
||||||
|
+ ON hb.monitor_id = latest_hb.monitor_id AND hb.time = latest_hb.latest_time
|
||||||
|
+ WHERE hb.status = 1
|
||||||
|
+ )
|
||||||
|
AND group_id = ?
|
||||||
|
ORDER BY monitor_group.weight
|
||||||
|
+
|
||||||
|
`, [
|
||||||
|
this.id,
|
||||||
|
]));
|
150
machines/status01/uptime-kuma.nix
Normal file
150
machines/status01/uptime-kuma.nix
Normal file
|
@ -0,0 +1,150 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
nodes,
|
||||||
|
sources,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
inherit (lib) concatLists mapAttrsToList mkMerge;
|
||||||
|
|
||||||
|
inherit (config.statelessUptimeKuma.lib)
|
||||||
|
pingProbesFromHive
|
||||||
|
fromHive
|
||||||
|
httpProbesFromConfig
|
||||||
|
probesWithTag
|
||||||
|
;
|
||||||
|
|
||||||
|
probesCfg = config.statelessUptimeKuma.probesConfig;
|
||||||
|
|
||||||
|
mkMonitors = name: builtins.attrNames (probesWithTag { inherit name; } probesCfg);
|
||||||
|
|
||||||
|
host = "status.lab.dgnum.eu";
|
||||||
|
|
||||||
|
port = 3001;
|
||||||
|
|
||||||
|
httpExcludes = [
|
||||||
|
"localhost"
|
||||||
|
] ++ (concatLists (mapAttrsToList (_: { config, ... }: config.dgn-redirections.retired) nodes));
|
||||||
|
|
||||||
|
extraProbes = {
|
||||||
|
monitors = {
|
||||||
|
# NOTE: Empty
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
status_pages = {
|
||||||
|
"dgnum" = {
|
||||||
|
title = "DGNum";
|
||||||
|
description = "Etat de l'infra du lab de la DGNum";
|
||||||
|
showTags = true;
|
||||||
|
publicGroupList = [
|
||||||
|
{
|
||||||
|
name = "Services";
|
||||||
|
weight = 1;
|
||||||
|
monitorList = mkMonitors "Service";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "Serveurs";
|
||||||
|
weight = 2;
|
||||||
|
monitorList = mkMonitors "Ping";
|
||||||
|
}
|
||||||
|
#{
|
||||||
|
# name = "VPN Interne";
|
||||||
|
# weight = 2;
|
||||||
|
# monitorList = mkMonitors "VPN";
|
||||||
|
#}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
pingProbes = pingProbesFromHive {
|
||||||
|
inherit nodes;
|
||||||
|
mkHost = _: config: config.networking.fqdn;
|
||||||
|
tags = [ { name = "Ping"; } ];
|
||||||
|
excludes = [
|
||||||
|
"status01"
|
||||||
|
"labcore01"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
#vpnProbes = pingProbesFromHive {
|
||||||
|
# inherit nodes;
|
||||||
|
# prefix = "VPN - ";
|
||||||
|
# mkHost = node: _: "${node}.dgnum";
|
||||||
|
# tags = [ { name = "VPN"; } ];
|
||||||
|
# excludes = [
|
||||||
|
# "web02"
|
||||||
|
# "status01"
|
||||||
|
# ];
|
||||||
|
#};
|
||||||
|
|
||||||
|
httpProbes = fromHive {
|
||||||
|
inherit nodes;
|
||||||
|
builder =
|
||||||
|
_: module:
|
||||||
|
httpProbesFromConfig {
|
||||||
|
inherit (module) config;
|
||||||
|
tags = [
|
||||||
|
{
|
||||||
|
name = "Host";
|
||||||
|
value = module.config.networking.fqdn;
|
||||||
|
}
|
||||||
|
{ name = "Service"; }
|
||||||
|
];
|
||||||
|
excludes = httpExcludes;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [ (sources.stateless-uptime-kuma + "/nixos/module.nix") ];
|
||||||
|
nixpkgs.overlays = [ (import (sources.stateless-uptime-kuma + "/overlay.nix")) ];
|
||||||
|
|
||||||
|
services.uptime-kuma = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.uptime-kuma.overrideAttrs (
|
||||||
|
_: prev: {
|
||||||
|
patches = prev.patches ++ [
|
||||||
|
# Very important patch
|
||||||
|
./unethical_patch_0.patch
|
||||||
|
];
|
||||||
|
}
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
virtualHosts.${host} = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${builtins.toString port}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
80
|
||||||
|
443
|
||||||
|
];
|
||||||
|
|
||||||
|
statelessUptimeKuma = {
|
||||||
|
probesConfig = mkMerge [
|
||||||
|
pingProbes
|
||||||
|
httpProbes
|
||||||
|
extraProbes
|
||||||
|
#vpnProbes
|
||||||
|
{ inherit status_pages; }
|
||||||
|
];
|
||||||
|
|
||||||
|
extraFlags = [ "-s" ];
|
||||||
|
|
||||||
|
host = "http://localhost:${builtins.toString port}/";
|
||||||
|
username = "dgnum-lab";
|
||||||
|
passwordFile = config.age.secrets."stateless-uptime-kuma-password".path;
|
||||||
|
enableService = true;
|
||||||
|
};
|
||||||
|
}
|
114
meta/network.nix
114
meta/network.nix
|
@ -1,4 +1,73 @@
|
||||||
|
let
|
||||||
|
mkRoutexp =
|
||||||
|
l:
|
||||||
|
builtins.listToAttrs (
|
||||||
|
builtins.map (
|
||||||
|
{ id, hostId, ... }:
|
||||||
{
|
{
|
||||||
|
name = "routexp${id}";
|
||||||
|
value = {
|
||||||
|
interfaces = {
|
||||||
|
ens18 = {
|
||||||
|
ipv6 = [
|
||||||
|
{
|
||||||
|
address = "2a0e:e701:1120:1000::1000:${id}";
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
gateways = [ "2a0e:e701:1120:1000::1" ];
|
||||||
|
dns = [ "2a0e:e701:1120:1000::f:1" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
inherit hostId;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
) l
|
||||||
|
);
|
||||||
|
in
|
||||||
|
{
|
||||||
|
|
||||||
|
dns01 = {
|
||||||
|
interfaces = {
|
||||||
|
ens18 = {
|
||||||
|
ipv6 = [
|
||||||
|
{
|
||||||
|
address = "2a0e:e701:1120:1000:ffff::45.13.104.26";
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
ipv4 = [
|
||||||
|
{
|
||||||
|
address = "45.13.104.26";
|
||||||
|
prefixLength = 32;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
gateways = [ "2a0e:e701:1120:1000::1" ];
|
||||||
|
dns = [ "2a0e:e701:1120:1000::f:1" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hostId = "1758233d";
|
||||||
|
};
|
||||||
|
homebox01 = {
|
||||||
|
interfaces = {
|
||||||
|
ens18 = {
|
||||||
|
ipv4 = [
|
||||||
|
{
|
||||||
|
address = "129.199.146.102";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
gateways = [ "129.199.146.254" ];
|
||||||
|
enableDefaultDNS = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hostId = "ef3bd5c0";
|
||||||
|
};
|
||||||
krz01 = {
|
krz01 = {
|
||||||
interfaces = {
|
interfaces = {
|
||||||
vmbr0 = {
|
vmbr0 = {
|
||||||
|
@ -21,6 +90,7 @@
|
||||||
hostId = "bd11e8fc";
|
hostId = "bd11e8fc";
|
||||||
netbirdIp = "100.80.103.206";
|
netbirdIp = "100.80.103.206";
|
||||||
};
|
};
|
||||||
|
|
||||||
labcore01 = {
|
labcore01 = {
|
||||||
interfaces = {
|
interfaces = {
|
||||||
ens18 = {
|
ens18 = {
|
||||||
|
@ -47,6 +117,50 @@
|
||||||
|
|
||||||
addresses.ipv4 = [ "129.199.146.230" ];
|
addresses.ipv4 = [ "129.199.146.230" ];
|
||||||
|
|
||||||
|
vpnKeys = {
|
||||||
|
wg-mgmt = {
|
||||||
|
id = 1;
|
||||||
|
key = "PN8/zo1Clue7jAnkvaUOg1ZdmcXmcTb6kIRpu5cplHs=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
hostId = "144d0f7a";
|
hostId = "144d0f7a";
|
||||||
};
|
};
|
||||||
|
photo01 = {
|
||||||
|
interfaces = { };
|
||||||
|
|
||||||
|
addresses.ipv4 = [ "129.199.146.101" ];
|
||||||
|
|
||||||
|
hostId = "bcf8ff03";
|
||||||
|
};
|
||||||
|
status01 = {
|
||||||
|
interfaces = {
|
||||||
|
ens18 = {
|
||||||
|
ipv4 = [
|
||||||
|
{
|
||||||
|
address = "129.199.146.103";
|
||||||
|
prefixLength = 24;
|
||||||
}
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
gateways = [ "129.199.146.254" ];
|
||||||
|
enableDefaultDNS = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hostId = "7ce86f3d";
|
||||||
|
};
|
||||||
|
roam01 = {
|
||||||
|
interfaces = { };
|
||||||
|
|
||||||
|
vpnKeys = {
|
||||||
|
wg-mgmt = {
|
||||||
|
id = 2;
|
||||||
|
key = "Yg1GwHbJ7kwNbnjxI+5LtgDvzMPMiOm3EgI/saLI7FU=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hostId = "999dc679";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
// mkRoutexp (import ./routexp.nix)
|
||||||
|
|
|
@ -18,8 +18,36 @@
|
||||||
- hyp01 -> Salle serveur Hypnos 1
|
- hyp01 -> Salle serveur Hypnos 1
|
||||||
- luj01 -> VM de Luj
|
- luj01 -> VM de Luj
|
||||||
*/
|
*/
|
||||||
|
let
|
||||||
|
mkRoutexp =
|
||||||
|
l:
|
||||||
|
builtins.listToAttrs (
|
||||||
|
builtins.map (
|
||||||
|
{ id, ... }:
|
||||||
{
|
{
|
||||||
|
name = "routexp${id}";
|
||||||
|
value = {
|
||||||
|
site = "pav01";
|
||||||
|
|
||||||
|
hashedPassword = "$y$j9T$XJTT9MWCE49axmQppQSKc0$b9OzdEaQgDdXTc.meKWNeKd.TeTui2PdzdcFI/ggKk3";
|
||||||
|
|
||||||
|
stateVersion = "24.11";
|
||||||
|
nixpkgs = "unstable";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
) l
|
||||||
|
);
|
||||||
|
in
|
||||||
|
{
|
||||||
|
dns01 = {
|
||||||
|
site = "pav01";
|
||||||
|
|
||||||
|
# TODO:
|
||||||
|
hashedPassword = "$y$j9T$eNZQgDN.J5y7KTG2hXgat1$J1i5tjx5dnSZu.C9B7swXi5zMFIkUnmRrnmyLHFAt8/";
|
||||||
|
|
||||||
|
stateVersion = "24.05";
|
||||||
|
nixpkgs = "24.05";
|
||||||
|
};
|
||||||
krz01 = {
|
krz01 = {
|
||||||
site = "pav01";
|
site = "pav01";
|
||||||
|
|
||||||
|
@ -28,6 +56,14 @@
|
||||||
stateVersion = "24.05";
|
stateVersion = "24.05";
|
||||||
nixpkgs = "unstable";
|
nixpkgs = "unstable";
|
||||||
};
|
};
|
||||||
|
homebox01 = {
|
||||||
|
site = "pav01";
|
||||||
|
|
||||||
|
hashedPassword = "$y$j9T$eNZQgDN.J5y7KTG2hXgat1$J1i5tjx5dnSZu.C9B7swXi5zMFIkUnmRrnmyLHFAt8/";
|
||||||
|
|
||||||
|
stateVersion = "24.05";
|
||||||
|
nixpkgs = "unstable";
|
||||||
|
};
|
||||||
labcore01 = {
|
labcore01 = {
|
||||||
site = "pav01";
|
site = "pav01";
|
||||||
|
|
||||||
|
@ -36,6 +72,15 @@
|
||||||
stateVersion = "24.05";
|
stateVersion = "24.05";
|
||||||
nixpkgs = "24.05";
|
nixpkgs = "24.05";
|
||||||
};
|
};
|
||||||
|
photo01 = {
|
||||||
|
site = "pav01";
|
||||||
|
|
||||||
|
# TODO
|
||||||
|
hashedPassword = "$y$j9T$aFhOWa05W7VKeKt3Nc.nA1$uBOvG4wf7/yWjwOxO8NLf9ipCsAkS1.5cD2EJpLx57A";
|
||||||
|
|
||||||
|
stateVersion = "24.05";
|
||||||
|
nixpkgs = "unstable";
|
||||||
|
};
|
||||||
router02 = {
|
router02 = {
|
||||||
site = "pav01";
|
site = "pav01";
|
||||||
|
|
||||||
|
@ -44,4 +89,23 @@
|
||||||
stateVersion = "24.05";
|
stateVersion = "24.05";
|
||||||
nixpkgs = "unstable";
|
nixpkgs = "unstable";
|
||||||
};
|
};
|
||||||
|
status01 = {
|
||||||
|
site = "pav01";
|
||||||
|
|
||||||
|
hashedPassword = "$y$j9T$eNZQgDN.J5y7KTG2hXgat1$J1i5tjx5dnSZu.C9B7swXi5zMFIkUnmRrnmyLHFAt8/";
|
||||||
|
|
||||||
|
stateVersion = "24.05";
|
||||||
|
nixpkgs = "unstable";
|
||||||
|
};
|
||||||
|
roam01 = {
|
||||||
|
site = "nowhere";
|
||||||
|
|
||||||
|
hashedPassword = "$y$j9T$5OchePm5POsgveGLY/bKy/$9XkkZq9aBycg.YImEzFSiYRbAfBO0A4G7qMGIF/WEo9";
|
||||||
|
|
||||||
|
deployment.targetHost = "129.199.146.39";
|
||||||
|
|
||||||
|
stateVersion = "24.11";
|
||||||
|
nixpkgs = "unstable";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
// mkRoutexp (import ./routexp.nix)
|
||||||
|
|
114
meta/options.nix
114
meta/options.nix
|
@ -14,11 +14,14 @@ let
|
||||||
ints
|
ints
|
||||||
listOf
|
listOf
|
||||||
nullOr
|
nullOr
|
||||||
|
singleLineStr
|
||||||
str
|
str
|
||||||
submodule
|
submodule
|
||||||
unspecified
|
unspecified
|
||||||
;
|
;
|
||||||
|
|
||||||
|
inherit (ints) positive;
|
||||||
|
|
||||||
addressType =
|
addressType =
|
||||||
max:
|
max:
|
||||||
submodule {
|
submodule {
|
||||||
|
@ -34,6 +37,22 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
vpnKeyType = submodule {
|
||||||
|
options = {
|
||||||
|
id = mkOption {
|
||||||
|
type = positive;
|
||||||
|
description = ''
|
||||||
|
Unique ID that will be used to guess IP address
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
key = mkOption {
|
||||||
|
type = str;
|
||||||
|
description = ''
|
||||||
|
Public key of the user for this VPN
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
org = config.organization;
|
org = config.organization;
|
||||||
in
|
in
|
||||||
|
|
||||||
|
@ -41,7 +60,10 @@ in
|
||||||
options = {
|
options = {
|
||||||
organization = {
|
organization = {
|
||||||
members = mkOption {
|
members = mkOption {
|
||||||
type = attrsOf (submodule {
|
type = attrsOf (
|
||||||
|
submodule (
|
||||||
|
{ name, ... }:
|
||||||
|
{
|
||||||
options = {
|
options = {
|
||||||
name = mkOption {
|
name = mkOption {
|
||||||
type = str;
|
type = str;
|
||||||
|
@ -56,8 +78,37 @@ in
|
||||||
Main e-mail address of the member.
|
Main e-mail address of the member.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
username = mkOption {
|
||||||
|
type = str;
|
||||||
|
default = name;
|
||||||
|
description = ''
|
||||||
|
The username used for authentication.
|
||||||
|
WARNING: Must be the same as the ens login!
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
});
|
|
||||||
|
sshKeys = lib.mkOption {
|
||||||
|
type = listOf singleLineStr;
|
||||||
|
description = ''
|
||||||
|
A list of verbatim OpenSSH public keys that should be added to the
|
||||||
|
user's authorized keys.
|
||||||
|
'';
|
||||||
|
example = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host"
|
||||||
|
"ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
vpnKeys = mkOption {
|
||||||
|
type = attrsOf vpnKeyType;
|
||||||
|
default = { };
|
||||||
|
description = "Attribute sets to define vpn keys of the user";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
description = ''
|
description = ''
|
||||||
Members of the DGNum organization.
|
Members of the DGNum organization.
|
||||||
|
@ -70,6 +121,39 @@ in
|
||||||
Groups of the DGNum organization.
|
Groups of the DGNum organization.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
external = mkOption {
|
||||||
|
type = attrsOf (listOf str);
|
||||||
|
description = ''
|
||||||
|
External services used by the DGNum organization.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services = mkOption {
|
||||||
|
type = attrsOf (submodule {
|
||||||
|
options = {
|
||||||
|
admins = mkOption {
|
||||||
|
type = listOf str;
|
||||||
|
default = [ ];
|
||||||
|
description = ''
|
||||||
|
List of administrators of the service.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
adminGroups = mkOption {
|
||||||
|
type = listOf str;
|
||||||
|
default = [ ];
|
||||||
|
description = ''
|
||||||
|
List of administrator groups of the service.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
description = ''
|
||||||
|
Administrator access of the different DGNum services,
|
||||||
|
it is mainly indicative as most services cannot configure this statically.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nodes = mkOption {
|
nodes = mkOption {
|
||||||
|
@ -256,6 +340,13 @@ in
|
||||||
IP address of the node in the netbird network.
|
IP address of the node in the netbird network.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
vpnKeys = mkOption {
|
||||||
|
type = attrsOf vpnKeyType;
|
||||||
|
default = { };
|
||||||
|
description = "Attribute sets to define vpn keys of the machine";
|
||||||
|
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config =
|
config =
|
||||||
|
@ -327,11 +418,20 @@ in
|
||||||
extract "adminGroups" config.nodes
|
extract "adminGroups" config.nodes
|
||||||
))
|
))
|
||||||
|
|
||||||
# Check that all members have ssh keys
|
# Check that all services admins exist
|
||||||
(builtins.map (name: {
|
(membersExists (name: "A member of the service ${name} admins was not found in the members list.") (
|
||||||
assertion = ((import ../keys)._keys.${name} or [ ]) != [ ];
|
extract "admins" org.services
|
||||||
message = "No ssh keys found for ${name}.";
|
))
|
||||||
}) members)
|
|
||||||
|
# Check that all services adminGroups exist
|
||||||
|
(groupsExists (
|
||||||
|
name: "A member of the service ${name} adminGroups was not found in the groups list."
|
||||||
|
) (extract "adminGroups" org.services))
|
||||||
|
|
||||||
|
# Check that all external services admins exist
|
||||||
|
(membersExists (
|
||||||
|
name: "A member of the external service ${name} admins was not found in the members list."
|
||||||
|
) org.external)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,44 +5,104 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
members = {
|
members = {
|
||||||
|
agroudiev = {
|
||||||
|
name = "Antoine Groudiev";
|
||||||
|
email = "antoine.groudiev@dgnum.eu";
|
||||||
|
sshKeys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgyt3ntpcoI/I2n97R1hzjBiNL6R98S73fSi7pkSE/8mQbI8r9GzsPUBcxQ+tIg0FgwkLxTwF8DwLf0E+Le/rPznxBS5LUQaAktSQSrxz/IIID1+jN8b03vf5PjfKS8H2Tu3Q8jZXa8HNsj3cpySpGMqGrE3ieUmknd/YfppRRf+wM4CsGKZeS3ZhB9oZi3Jn22A0U/17AOJTnv4seq+mRZWRQt3pvQvpp8/2M7kEqizie/gTr/DnwxUr45wisqYYH4tat9Cw6iDr7LK10VCrK37BfFagMIZ08Hkh3c46jghjYNQWe+mBUWJByWYhTJ0AtYrbaYeUV1HVYbsRJ6bNx25K6794QQPaE/vc2Z/VK/ILgvJ+9myFSAWVylCWdyYpwUu07RH/jDBl2aqH62ESwAG7SDUUcte6h9N+EryAQLWc8OhsGAYLpshhBpiqZwzX90m+nkbhx1SqMbtt6TS+RPDEHKFYn8E6FBrf1FK34482ndq/hHXZ88mqzGb1nOnM="
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
catvayor = {
|
catvayor = {
|
||||||
name = "Lubin Bailly";
|
name = "Lubin Bailly";
|
||||||
email = "catvayor@dgnum.eu";
|
email = "catvayor@dgnum.eu";
|
||||||
|
username = "lbailly";
|
||||||
|
sshKeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
|
||||||
|
];
|
||||||
|
vpnKeys = {
|
||||||
|
wg-mgmt = {
|
||||||
|
id = 1;
|
||||||
|
key = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
cst1 = {
|
cst1 = {
|
||||||
name = "Constantin Gierczak--Galle";
|
name = "Constantin Gierczak--Galle";
|
||||||
email = "cst1@dgnum.eu";
|
email = "cst1@dgnum.eu";
|
||||||
|
username = "cgierczakgalle";
|
||||||
|
sshKeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
ecoppens = {
|
ecoppens = {
|
||||||
name = "Elias Coppens";
|
name = "Elias Coppens";
|
||||||
email = "ecoppens@dgnum.eu";
|
email = "ecoppens@dgnum.eu";
|
||||||
|
sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGmU7yEOCGuGNt4PlQbzd0Cms1RePpo8yEA7Ij/+TdA" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
jemagius = {
|
jemagius = {
|
||||||
name = "Jean-Marc Gailis";
|
name = "Jean-Marc Gailis";
|
||||||
email = "jm@dgnum.eu";
|
email = "jm@dgnum.eu";
|
||||||
|
username = "jgailis";
|
||||||
|
sshKeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOoxmou5OU74GgpIUkhVt6GiB+O9Jy4ge0TwK5MDFJ2F"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxQX0JLRah3GfIOkua4ZhEJhp5Ykv55RO0SPrSUwCBs5arnALg8gq12YLr09t4bzW/NA9/jn7flhh4S54l4RwBUhmV4JSQhGu71KGhfOj5ZBkDoSyYqzbu206DfZP5eQonSmjfP6XghcWOr/jlBzw9YAAQkFxsQgXEkr4kdn0ZXfZGz6b0t3YUjYIuDNbptFsGz2V9iQVy1vnxrjnLSfc25j4et8z729Vpy4M7oCaE6a6hgon4V1jhVbg43NAE5gu2eYFAPIzO3E7ZI8WjyLu1wtOBClk1f+HMen3Tr+SX2PXmpPGb+I2fAkbzu/C4X/M3+2bL1dYjxuvQhvvpAjxFwmdoXW4gWJ3J/FRiFrKsiAY0rYC+yi8SfacJWCv4EEcV/yQ4gYwpmU9xImLaro6w5cOHGCqrzYqjZc4Wi6AWFGeBSNzNs9PXLgMRWeUyiIDOFnSep2ebZeVjTB16m+o/YDEhE10uX9kCCx3Dy/41iJ1ps7V4JWGFsr0Fqaz8mu8="
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
luj = {
|
luj = {
|
||||||
name = "Julien Malka";
|
name = "Julien Malka";
|
||||||
email = "luj@dgnum.eu";
|
email = "luj@dgnum.eu";
|
||||||
|
username = "jmalka";
|
||||||
|
sshKeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
mboyer = {
|
||||||
|
name = "Matthieu Boyer";
|
||||||
|
email = "matthieu.boyer@dgnum.eu";
|
||||||
|
username = "mboyer02";
|
||||||
|
sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYnwZaFYvUxtJeNvpaA20rLfq8fOO4dFp7cIXsD8YNx" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
mdebray = {
|
mdebray = {
|
||||||
name = "Maurice Debray";
|
name = "Maurice Debray";
|
||||||
email = "maurice.debray@dgnum.eu";
|
email = "maurice.debray@dgnum.eu";
|
||||||
|
sshKeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdDnSl3cyWil+S5JiyGqOvBR3wVh+lduw58S5WvraoL maurice@fekda"
|
||||||
|
];
|
||||||
|
vpnKeys = {
|
||||||
|
wg-mgmt = {
|
||||||
|
id = 2;
|
||||||
|
key = "+nTxD4ZAzk+9LHGwEfK0t2cMQf0ognBYmhybNbCzW38=";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
raito = {
|
raito = {
|
||||||
name = "Ryan Lahfa";
|
name = "Ryan Lahfa";
|
||||||
email = "ryan@dgnum.eu";
|
email = "ryan@dgnum.eu";
|
||||||
|
username = "rlahfa";
|
||||||
|
sshKeys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
thubrecht = {
|
thubrecht = {
|
||||||
name = "Tom Hubrecht";
|
name = "Tom Hubrecht";
|
||||||
email = "tom.hubrecht@dgnum.eu";
|
email = "tom.hubrecht@dgnum.eu";
|
||||||
|
sshKeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
7
meta/routexp.nix
Normal file
7
meta/routexp.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# List of routers for the routexp experiment
|
||||||
|
[
|
||||||
|
{
|
||||||
|
id = "01";
|
||||||
|
hostId = "d70d0593";
|
||||||
|
}
|
||||||
|
]
|
|
@ -1,12 +1,23 @@
|
||||||
{ lib, sources, ... }:
|
{ lib, sources, ... }:
|
||||||
{
|
{
|
||||||
imports = (lib.extra.mkImports ./. [ "lab-acme" ]) ++ [
|
imports =
|
||||||
|
(lib.extra.mkImports ./. [
|
||||||
|
"lab-acme"
|
||||||
|
"lab-network"
|
||||||
|
"lab-routexp"
|
||||||
|
])
|
||||||
|
++ [
|
||||||
"${sources."microvm.nix"}/nixos-modules/host"
|
"${sources."microvm.nix"}/nixos-modules/host"
|
||||||
|
(import sources.proxmox-nixos).nixosModules.declarative-vms
|
||||||
|
]
|
||||||
|
++ (import sources.nix-modules { inherit lib; }).importModules [
|
||||||
|
"services/nginx-sni"
|
||||||
];
|
];
|
||||||
|
|
||||||
dgn-notify.enable = false;
|
dgn-notify.enable = false;
|
||||||
|
|
||||||
dgn-records.enable = false;
|
dgn-records.enable = false;
|
||||||
|
dgn-network.enable = false;
|
||||||
|
|
||||||
# TODO think about how to use netbox with lab
|
# TODO think about how to use netbox with lab
|
||||||
dgn-netbox-agent.enable = false;
|
dgn-netbox-agent.enable = false;
|
||||||
|
|
58
modules/lab-network.nix
Normal file
58
modules/lab-network.nix
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
meta,
|
||||||
|
name,
|
||||||
|
nodeMeta,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (lib)
|
||||||
|
mapAttrs'
|
||||||
|
mkEnableOption
|
||||||
|
mkIf
|
||||||
|
;
|
||||||
|
|
||||||
|
net' = meta.network.${name};
|
||||||
|
|
||||||
|
mkAddress = { address, prefixLength, ... }: "${address}/${builtins.toString prefixLength}";
|
||||||
|
mkRoute = gateway: {
|
||||||
|
routeConfig = {
|
||||||
|
Gateway = gateway;
|
||||||
|
GatewayOnLink = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
mkInterface = interface: net: {
|
||||||
|
name = "10-${interface}";
|
||||||
|
value = {
|
||||||
|
name = interface;
|
||||||
|
address = builtins.map mkAddress (net.ipv4 ++ net.ipv6);
|
||||||
|
routes = builtins.map mkRoute net.gateways;
|
||||||
|
|
||||||
|
inherit (net) DHCP dns;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
cfg = config.lab-network;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.lab-network.enable = mkEnableOption "automatic network configuration based on metadata" // {
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
networking = {
|
||||||
|
inherit (net') hostId;
|
||||||
|
|
||||||
|
hostName = name;
|
||||||
|
domain = "${nodeMeta.site}.infra.lab.dgnum.eu";
|
||||||
|
useNetworkd = true;
|
||||||
|
|
||||||
|
firewall.logRefusedConnections = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.networks = mapAttrs' mkInterface net'.interfaces;
|
||||||
|
};
|
||||||
|
}
|
112
modules/lab-routexp/default.nix
Normal file
112
modules/lab-routexp/default.nix
Normal file
|
@ -0,0 +1,112 @@
|
||||||
|
# Copyright :
|
||||||
|
# - Tom Hubrecht <tom.hubrecht@dgnum.eu> 2023
|
||||||
|
#
|
||||||
|
# Ce logiciel est un programme informatique servant à déployer des
|
||||||
|
# configurations de serveurs via NixOS.
|
||||||
|
#
|
||||||
|
# Ce logiciel est régi par la licence CeCILL soumise au droit français et
|
||||||
|
# respectant les principes de diffusion des logiciels libres. Vous pouvez
|
||||||
|
# utiliser, modifier et/ou redistribuer ce programme sous les conditions
|
||||||
|
# de la licence CeCILL telle que diffusée par le CEA, le CNRS et l'INRIA
|
||||||
|
# sur le site "http://www.cecill.info".
|
||||||
|
#
|
||||||
|
# En contrepartie de l'accessibilité au code source et des droits de copie,
|
||||||
|
# de modification et de redistribution accordés par cette licence, il n'est
|
||||||
|
# offert aux utilisateurs qu'une garantie limitée. Pour les mêmes raisons,
|
||||||
|
# seule une responsabilité restreinte pèse sur l'auteur du programme, le
|
||||||
|
# titulaire des droits patrimoniaux et les concédants successifs.
|
||||||
|
#
|
||||||
|
# A cet égard l'attention de l'utilisateur est attirée sur les risques
|
||||||
|
# associés au chargement, à l'utilisation, à la modification et/ou au
|
||||||
|
# développement et à la reproduction du logiciel par l'utilisateur étant
|
||||||
|
# donné sa spécificité de logiciel libre, qui peut le rendre complexe à
|
||||||
|
# manipuler et qui le réserve donc à des développeurs et des professionnels
|
||||||
|
# avertis possédant des connaissances informatiques approfondies. Les
|
||||||
|
# utilisateurs sont donc invités à charger et tester l'adéquation du
|
||||||
|
# logiciel à leurs besoins dans des conditions permettant d'assurer la
|
||||||
|
# sécurité de leurs systèmes et ou de leurs données et, plus généralement,
|
||||||
|
# à l'utiliser et l'exploiter dans les mêmes conditions de sécurité.
|
||||||
|
#
|
||||||
|
# Le fait que vous puissiez accéder à cet en-tête signifie que vous avez
|
||||||
|
# pris connaissance de la licence CeCILL, et que vous en avez accepté les
|
||||||
|
# termes.
|
||||||
|
|
||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (lib)
|
||||||
|
mkOption
|
||||||
|
types
|
||||||
|
mkEnableOption
|
||||||
|
mkIf
|
||||||
|
;
|
||||||
|
|
||||||
|
cfg = config.lab-routexp;
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options.lab-routexp = {
|
||||||
|
enable = mkEnableOption "Routing experimentation settings.";
|
||||||
|
connections = mkOption {
|
||||||
|
type = types.listOf types.int;
|
||||||
|
default = { };
|
||||||
|
description = "Interface -> Address/CIDR map";
|
||||||
|
};
|
||||||
|
id = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
description = "machine id";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
virtualisation.proxmox = {
|
||||||
|
node = "krz01";
|
||||||
|
autoInstall = true;
|
||||||
|
vmid = 150 + config.lab-routexp.id;
|
||||||
|
bios = "ovmf";
|
||||||
|
memory = 4096;
|
||||||
|
cores = 2;
|
||||||
|
net =
|
||||||
|
[
|
||||||
|
{
|
||||||
|
model = "virtio";
|
||||||
|
bridge = "vmbr1";
|
||||||
|
tag = 2520;
|
||||||
|
}
|
||||||
|
]
|
||||||
|
++ builtins.map (vlan: {
|
||||||
|
model = "virtio";
|
||||||
|
bridge = "vmbr1";
|
||||||
|
tag = vlan;
|
||||||
|
}) cfg.connections;
|
||||||
|
scsi = [ { file = "zfs-noraid:16"; } ]; # This will create a 16GB volume in 'local'
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network = {
|
||||||
|
networks =
|
||||||
|
builtins.listToAttrs (
|
||||||
|
lib.imap0 (i: vlan: {
|
||||||
|
name = "20-ens${builtins.toString (20 + i)}";
|
||||||
|
value = {
|
||||||
|
name = "ens${builtins.toString (20 + i)}";
|
||||||
|
address = [ "fdfd:1794:0:${builtins.toString vlan}::${builtins.toString cfg.id}/64" ];
|
||||||
|
};
|
||||||
|
}) cfg.connections
|
||||||
|
)
|
||||||
|
// {
|
||||||
|
"20-babel-local" = {
|
||||||
|
name = "babel-local";
|
||||||
|
address = [ "fdfd:1794::${builtins.toString cfg.id}/64" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
netdevs = {
|
||||||
|
"babel-local" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "babel-local";
|
||||||
|
Kind = "dummy";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
7
nixmoxer.conf
Normal file
7
nixmoxer.conf
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# nixmoxer.conf
|
||||||
|
host=krz01.dgnum:8006
|
||||||
|
user=root@pam
|
||||||
|
password=7GsnLcPfXV4OzHg3wo1e2zWphek0
|
||||||
|
#token_value=971e236f-60f3-445c-b574-142230409312
|
||||||
|
#token_name=nixmoxer-maurice
|
||||||
|
verify_ssl=0
|
|
@ -25,10 +25,25 @@
|
||||||
"pre_releases": false,
|
"pre_releases": false,
|
||||||
"version_upper_bound": null,
|
"version_upper_bound": null,
|
||||||
"release_prefix": null,
|
"release_prefix": null,
|
||||||
"version": "v1.8.0",
|
"version": "v1.9.0",
|
||||||
"revision": "624fd86460e482017ed9c3c3c55a3758c06a4e7f",
|
"revision": "49a4936cee640e27d74baee6fd1278285d29b100",
|
||||||
"url": "https://api.github.com/repos/nix-community/disko/tarball/v1.8.0",
|
"url": "https://api.github.com/repos/nix-community/disko/tarball/v1.9.0",
|
||||||
"hash": "06ifryv6rw25cz8zda4isczajdgrvcl3aqr145p8njxx5jya2d77"
|
"hash": "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388"
|
||||||
|
},
|
||||||
|
"dns-nix": {
|
||||||
|
"type": "GitRelease",
|
||||||
|
"repository": {
|
||||||
|
"type": "GitHub",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "dns.nix"
|
||||||
|
},
|
||||||
|
"pre_releases": false,
|
||||||
|
"version_upper_bound": null,
|
||||||
|
"release_prefix": null,
|
||||||
|
"version": "v1.2.0",
|
||||||
|
"revision": "a3196708a56dee76186a9415c187473b94e6cbae",
|
||||||
|
"url": "https://api.github.com/repos/nix-community/dns.nix/tarball/v1.2.0",
|
||||||
|
"hash": "011b6ahj4qcf7jw009qgbf6k5dvjmgls88khwzgjr9kxlgbypb90"
|
||||||
},
|
},
|
||||||
"git-hooks": {
|
"git-hooks": {
|
||||||
"type": "Git",
|
"type": "Git",
|
||||||
|
@ -38,9 +53,9 @@
|
||||||
"repo": "git-hooks.nix"
|
"repo": "git-hooks.nix"
|
||||||
},
|
},
|
||||||
"branch": "master",
|
"branch": "master",
|
||||||
"revision": "1211305a5b237771e13fcca0c51e60ad47326a9a",
|
"revision": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
|
||||||
"url": "https://github.com/cachix/git-hooks.nix/archive/1211305a5b237771e13fcca0c51e60ad47326a9a.tar.gz",
|
"url": "https://github.com/cachix/git-hooks.nix/archive/cd1af27aa85026ac759d5d3fccf650abe7e1bbf0.tar.gz",
|
||||||
"hash": "1qz8d9g7rhwjk4p2x0rx59alsf0dpjrb6kpzs681gi3rjr685ivq"
|
"hash": "1icl4cz33lkr4bz7fvlf3jppmahgpzij81wfa5any3z7w7b5lnxw"
|
||||||
},
|
},
|
||||||
"infrastructure": {
|
"infrastructure": {
|
||||||
"type": "Git",
|
"type": "Git",
|
||||||
|
@ -49,9 +64,9 @@
|
||||||
"url": "https://git.dgnum.eu/DGNum/infrastructure"
|
"url": "https://git.dgnum.eu/DGNum/infrastructure"
|
||||||
},
|
},
|
||||||
"branch": "main",
|
"branch": "main",
|
||||||
"revision": "45f2f5905506ad7523bde63ae94d0a3dc19dd604",
|
"revision": "32f68a54a92b3742030d43cb0402ea9de332a004",
|
||||||
"url": null,
|
"url": null,
|
||||||
"hash": "171rwwvx4mq01g1c2rhn6v4hyv5c8g2jzzxmff4qz70yzlhs8806"
|
"hash": "1wk0wwa74gq35rx77jannkz2y1zlqz2v7ngm0sn6zj9mx9wwp0b2"
|
||||||
},
|
},
|
||||||
"lix": {
|
"lix": {
|
||||||
"type": "Git",
|
"type": "Git",
|
||||||
|
@ -60,9 +75,9 @@
|
||||||
"url": "https://git.lix.systems/lix-project/lix.git"
|
"url": "https://git.lix.systems/lix-project/lix.git"
|
||||||
},
|
},
|
||||||
"branch": "main",
|
"branch": "main",
|
||||||
"revision": "ed9b7f4f84fd60ad8618645cc1bae2d686ff0db6",
|
"revision": "f116608a20430b8484814300cdf22eebeb75a59f",
|
||||||
"url": null,
|
"url": null,
|
||||||
"hash": "05kxga8fs9h4qm0yvp5l7jvsda7hzqs7rvxcn8r52dqg3c80hva9"
|
"hash": "0hhjx3vk7rchkb4njhsf4vk2f7ipkpqb9jvywm0xcbpwa08xffis"
|
||||||
},
|
},
|
||||||
"lix-module": {
|
"lix-module": {
|
||||||
"type": "Git",
|
"type": "Git",
|
||||||
|
@ -71,9 +86,9 @@
|
||||||
"url": "https://git.lix.systems/lix-project/nixos-module.git"
|
"url": "https://git.lix.systems/lix-project/nixos-module.git"
|
||||||
},
|
},
|
||||||
"branch": "main",
|
"branch": "main",
|
||||||
"revision": "fd186f535a4ac7ae35d98c1dd5d79f0a81b7976d",
|
"revision": "aa2846680fa9a2032939d720487942567fd9eb63",
|
||||||
"url": null,
|
"url": null,
|
||||||
"hash": "0jxpqaz12lqibg03iv36sa0shfvamn2yhg937llv3kl4csijd34f"
|
"hash": "0gb174800sgh6y6sir23nxsx85xrk478hbwqbzyd46ac34clz9wz"
|
||||||
},
|
},
|
||||||
"lon": {
|
"lon": {
|
||||||
"type": "Git",
|
"type": "Git",
|
||||||
|
@ -106,9 +121,9 @@
|
||||||
"url": "https://git.hubrecht.ovh/hubrecht/nix-modules.git"
|
"url": "https://git.hubrecht.ovh/hubrecht/nix-modules.git"
|
||||||
},
|
},
|
||||||
"branch": "main",
|
"branch": "main",
|
||||||
"revision": "2fd7c7810b2a901020ddd2d0cc82810b83a313fc",
|
"revision": "75e8d70a051dd19d126b5248b62f61d6f8ce4361",
|
||||||
"url": null,
|
"url": null,
|
||||||
"hash": "0rag870ll745r5isnk6hlxv0b0sbgriba5k6nihahcwsal2f4830"
|
"hash": "0yx5by3v2cshiidyh27n75lcqy9d1kk5zz5mchmfv63s9p0cjzqn"
|
||||||
},
|
},
|
||||||
"nix-patches": {
|
"nix-patches": {
|
||||||
"type": "GitRelease",
|
"type": "GitRelease",
|
||||||
|
@ -131,9 +146,9 @@
|
||||||
"url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
|
"url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
|
||||||
},
|
},
|
||||||
"branch": "main",
|
"branch": "main",
|
||||||
"revision": "0e80d4dcdd54a75556c0784de55dc139ad4fe797",
|
"revision": "3ab3e49269d9e2536c8c5f78d4da673d7a3f5286",
|
||||||
"url": null,
|
"url": null,
|
||||||
"hash": "1hlb0cczxq0jrzw4lhmkibnb8skcar0rmny594aqgyikknwzx2qf"
|
"hash": "0b4k0gchxcdlmvs88403hdbidsxswigzxswcba7a3fxz9d884c4y"
|
||||||
},
|
},
|
||||||
"nixos-23.11": {
|
"nixos-23.11": {
|
||||||
"type": "Channel",
|
"type": "Channel",
|
||||||
|
@ -144,8 +159,8 @@
|
||||||
"nixos-24.05": {
|
"nixos-24.05": {
|
||||||
"type": "Channel",
|
"type": "Channel",
|
||||||
"name": "nixos-24.05",
|
"name": "nixos-24.05",
|
||||||
"url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.5518.ecbc1ca8ffd6/nixexprs.tar.xz",
|
"url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.6668.e8c38b73aeb2/nixexprs.tar.xz",
|
||||||
"hash": "1yr2v17d8jg9567rvadv62bpr6i47fp73by2454yjxh1m9ric2cm"
|
"hash": "0lhh36z3fvd3b64dz7an08y3c3shb67aj17ny9z28bs21i3dc5yh"
|
||||||
},
|
},
|
||||||
"nixos-generators": {
|
"nixos-generators": {
|
||||||
"type": "Git",
|
"type": "Git",
|
||||||
|
@ -155,21 +170,21 @@
|
||||||
"repo": "nixos-generators"
|
"repo": "nixos-generators"
|
||||||
},
|
},
|
||||||
"branch": "master",
|
"branch": "master",
|
||||||
"revision": "9ae128172f823956e54947fe471bc6dfa670ecb4",
|
"revision": "15a87ccb45e06d24a9fd5f99a49782efe11b23f0",
|
||||||
"url": "https://github.com/nix-community/nixos-generators/archive/9ae128172f823956e54947fe471bc6dfa670ecb4.tar.gz",
|
"url": "https://github.com/nix-community/nixos-generators/archive/15a87ccb45e06d24a9fd5f99a49782efe11b23f0.tar.gz",
|
||||||
"hash": "1zn3lykymimzh21q4fixw6ql42n8j82dqwm5axifhcnl8dsdgrvr"
|
"hash": "0mwllbwinr6cira94347vhzq3jn3zgp28xg6w1ga0ncls7s476q4"
|
||||||
},
|
},
|
||||||
"nixos-unstable": {
|
"nixos-unstable": {
|
||||||
"type": "Channel",
|
"type": "Channel",
|
||||||
"name": "nixos-unstable",
|
"name": "nixos-unstable",
|
||||||
"url": "https://releases.nixos.org/nixos/unstable/nixos-24.11pre688563.bc947f541ae5/nixexprs.tar.xz",
|
"url": "https://releases.nixos.org/nixos/unstable/nixos-25.05beta723344.d3c42f187194/nixexprs.tar.xz",
|
||||||
"hash": "1jsaxwi128fiach3dj8rdj5agqivsr4sidb8lmdnl7g07fl9x0kj"
|
"hash": "0kwwzcza46ygfvrhhbnc7x02z3qw3zkyrjaxcdxmza0jzdv8gydj"
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"type": "Channel",
|
"type": "Channel",
|
||||||
"name": "nixpkgs-unstable",
|
"name": "nixpkgs-unstable",
|
||||||
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre689466.7d49afd36b55/nixexprs.tar.xz",
|
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre709559.5083ec887760/nixexprs.tar.xz",
|
||||||
"hash": "0r4zb6j8in4dk7gxciapfm49dqbdd0c7ajjzj9iy2xrrj5aj32qp"
|
"hash": "1z912j1lmrg8zp2hpmmi69dls9zlpvqfvdkvh5xc3x6iqkqwn0cd"
|
||||||
},
|
},
|
||||||
"proxmox-nixos": {
|
"proxmox-nixos": {
|
||||||
"type": "Git",
|
"type": "Git",
|
||||||
|
@ -179,9 +194,20 @@
|
||||||
"repo": "proxmox-nixos"
|
"repo": "proxmox-nixos"
|
||||||
},
|
},
|
||||||
"branch": "main",
|
"branch": "main",
|
||||||
"revision": "950e4cccac0f942076e8558f7f9f4d496cabfb18",
|
"revision": "15187a4c4ac50d1a38c734f72dd201a7eb504a89",
|
||||||
"url": "https://github.com/SaumonNet/proxmox-nixos/archive/950e4cccac0f942076e8558f7f9f4d496cabfb18.tar.gz",
|
"url": "https://github.com/SaumonNet/proxmox-nixos/archive/15187a4c4ac50d1a38c734f72dd201a7eb504a89.tar.gz",
|
||||||
"hash": "0bhqw42ydc0jfkfqw64xsg518a1pbxnvpqw92nna7lm8mzpxm6d4"
|
"hash": "1scyza59y0kfjhl5chsl53l61p0dv5ymb4k7bq8grg9nla4aj7f2"
|
||||||
|
},
|
||||||
|
"stateless-uptime-kuma": {
|
||||||
|
"type": "Git",
|
||||||
|
"repository": {
|
||||||
|
"type": "Git",
|
||||||
|
"url": "https://git.dgnum.eu/DGNum/stateless-uptime-kuma"
|
||||||
|
},
|
||||||
|
"branch": "master",
|
||||||
|
"revision": "880f444ff7862d6127b051cf1a993ad1585b1652",
|
||||||
|
"url": null,
|
||||||
|
"hash": "166057469hhxnyqbpd7jjlccdmigzch51616n1d5r617xg0y1mwp"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": 3
|
"version": 3
|
||||||
|
|
Loading…
Reference in a new issue