Compare commits

...

2 commits

25 changed files with 226 additions and 250 deletions

View file

@ -2,12 +2,14 @@ let
mods = import ./modules; mods = import ./modules;
users = import ./users; users = import ./users;
sources = import ./npins; sources = import ./npins;
mkNixpkgsSrc = (import sources.nix-patches { patchFile = ./patches; }).mkNixpkgsSrc; inherit (import sources.nix-patches { patchFile = ./patches; }) mkNixpkgsSrc;
lib = inherit
(import (mkNixpkgsSrc { (import (mkNixpkgsSrc {
src = sources.nixpkgs; src = sources.nixpkgs;
version = "unstable"; version = "unstable";
}) { }).lib; }) { })
lib
;
in in
{ {
meta = { meta = {

View file

@ -21,7 +21,7 @@ let
internal = port; internal = port;
}) (types.submodule redirected-ports-mod); }) (types.submodule redirected-ports-mod);
fqdn = config.kat.fqdn; inherit (config.kat) fqdn;
hostname = config.networking.hostName; hostname = config.networking.hostName;
cfg = config.kat.proxies; cfg = config.kat.proxies;
@ -51,7 +51,7 @@ let
map ( map (
host: host:
let let
fqdn = nodes.${host}.config.kat.fqdn; inherit (nodes.${host}.config.kat) fqdn;
host-cfg = nodes.${host}.config.kat.proxies; host-cfg = nodes.${host}.config.kat.proxies;
in in
{ {
@ -60,7 +60,7 @@ let
{ external, internal }: { external, internal }:
{ {
input = external; input = external;
ip = host-cfg.ip; inherit (host-cfg) ip;
out = internal; out = internal;
} }
) host-cfg.open-tcp; ) host-cfg.open-tcp;
@ -68,13 +68,12 @@ let
{ external, internal }: { external, internal }:
{ {
input = external; input = external;
ip = host-cfg.ip; inherit (host-cfg) ip;
out = internal; out = internal;
} }
) host-cfg.open-udp; ) host-cfg.open-udp;
vhosts.${fqdn} = { vhosts.${fqdn} = {
ip = host-cfg.ip; inherit (host-cfg) ip aliases;
aliases = host-cfg.aliases;
}; };
} }
) cfg.redirects ) cfg.redirects

View file

@ -9,7 +9,7 @@ in
imports = [ imports = [
zsh.user zsh.user
./neovim.nix ./neovim.nix
((import sources.nixvim).homeManagerModules.nixvim) (import sources.nixvim).homeManagerModules.nixvim
]; ];
# options.kat = { # options.kat = {
# ssh = mkEnableOption "ssh configuration"; # ssh = mkEnableOption "ssh configuration";

View file

@ -1,7 +1,4 @@
{ {
config,
lib,
pkgs,
nodes, nodes,
sources, sources,
ssh-keys, ssh-keys,
@ -12,7 +9,7 @@ let
in in
{ {
deployment = { deployment = {
targetHost = "mail-test.kat"; targetHost = "betamail.kat";
tags = [ "kat-vms" ]; tags = [ "kat-vms" ];
}; };
imports = [ imports = [

View file

@ -0,0 +1,27 @@
{
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
initrd = {
availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -1,13 +1,11 @@
{ {
config,
lib, lib,
pkgs,
ssh-keys, ssh-keys,
... ...
}: }:
{ {
deployment = { deployment = {
targetHost = "virt.kat"; targetHost = "degette.kat";
tags = [ "kat-vms" ]; tags = [ "kat-vms" ];
}; };

View file

@ -0,0 +1,46 @@
{
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
initrd = {
availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "UUID=301a23cf-1aa3-4c53-a174-1a97592da5fa";
fsType = "bcachefs";
options = [
"fsck"
"fix_errors"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/F594-E8DB";
fsType = "vfat";
};
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -1,6 +1,5 @@
{ {
pkgs, pkgs,
modulesPath,
lib, lib,
sources, sources,
... ...
@ -12,7 +11,7 @@
}; };
imports = [ imports = [
("${sources.nixos-images}/nix/kexec-installer/module.nix") "${sources.nixos-images}/nix/kexec-installer/module.nix"
]; ];
boot = { boot = {

View file

@ -1,25 +0,0 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -34,8 +34,8 @@
"kat-orchid" "kat-orchid"
"kat-son" "kat-son"
"kat-www" "kat-www"
"kat-virt" "kat-degette"
"kat-mail-test" "kat-betamail"
]; ];
}; };
wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM="; wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM=";

View file

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -12,64 +8,62 @@
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ boot = {
"xhci_pci" initrd = {
"usbhid" availableKernelModules = [
"usb_storage" "xhci_pci"
"sd_mod" "usbhid"
"sdhci_pci" "usb_storage"
]; "sd_mod"
boot.initrd.kernelModules = [ ]; "sdhci_pci"
boot.kernelModules = [ "kvm-intel" ]; ];
boot.extraModulePackages = [ ]; kernelModules = [ ];
};
fileSystems."/" = { kernelModules = [ "kvm-intel" ];
device = "UUID=2d6f7d3a-936d-457c-86c7-f49d816ff5b7"; extraModulePackages = [ ];
fsType = "bcachefs";
options = [
"fsck"
"fix_errors"
];
}; };
fileSystems."/boot" = { fileSystems = {
device = "/dev/disk/by-uuid/DD9A-3823"; "/" = {
fsType = "vfat"; device = "UUID=2d6f7d3a-936d-457c-86c7-f49d816ff5b7";
}; fsType = "bcachefs";
options = [
"fsck"
"fix_errors"
];
};
fileSystems."/.ssd" = { "/boot" = {
device = "UUID=b4fc22f8-aecd-4cde-b77d-79825fae65eb"; device = "/dev/disk/by-uuid/DD9A-3823";
fsType = "bcachefs"; fsType = "vfat";
options = [ };
"fsck"
"fix_errors"
];
neededForBoot = true;
};
fileSystems."/nix/store" = { "/.ssd" = {
device = "/.ssd/nix-store"; device = "UUID=b4fc22f8-aecd-4cde-b77d-79825fae65eb";
options = [ "bind" ]; fsType = "bcachefs";
depends = [ "/.ssd" ]; options = [
}; "fsck"
"fix_errors"
];
neededForBoot = true;
};
fileSystems."/var/lib/libvirt" = { "/nix/store" = {
device = "/.ssd/libvirt"; device = "/.ssd/nix-store";
options = [ "bind" ]; options = [ "bind" ];
depends = [ "/.ssd" ]; depends = [ "/.ssd" ];
};
"/var/lib/libvirt" = {
device = "/.ssd/libvirt";
options = [ "bind" ];
depends = [ "/.ssd" ];
};
}; };
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

View file

@ -2,7 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
mods,
kat-path, kat-path,
ssh-keys, ssh-keys,
sources, sources,

View file

@ -1,7 +1,5 @@
{ {
config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -9,16 +7,20 @@
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ boot = {
"ahci" initrd = {
"xhci_pci" availableKernelModules = [
"virtio_pci" "ahci"
"sr_mod" "xhci_pci"
"virtio_blk" "virtio_pci"
]; "sr_mod"
boot.initrd.kernelModules = [ ]; "virtio_blk"
boot.kernelModules = [ "kvm-intel" ]; ];
boot.extraModulePackages = [ ]; kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

View file

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -12,44 +8,46 @@
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ boot = {
"xhci_pci" initrd = {
"vmd" availableKernelModules = [
"nvme" "xhci_pci"
"usb_storage" "vmd"
"sd_mod" "nvme"
"rtsx_pci_sdmmc" "usb_storage"
]; "sd_mod"
boot.initrd.kernelModules = [ ]; "rtsx_pci_sdmmc"
boot.kernelModules = [ "kvm-intel" ]; ];
boot.extraModulePackages = [ ]; kernelModules = [ ];
luks.devices."dec-lin" = {
fileSystems."/" = { device = "/dev/disk/by-uuid/bba45bff-2356-4ec7-a20c-9cbf9d992822";
device = "/dev/disk/by-uuid/4c1f76c6-5ce6-4987-b15e-9419627b7f19"; preLVM = true;
fsType = "bcachefs"; allowDiscards = true;
# options = [ "fsck" "fix_errors" ]; };
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
}; };
boot.initrd.luks.devices."dec-lin" = { fileSystems = {
device = "/dev/disk/by-uuid/bba45bff-2356-4ec7-a20c-9cbf9d992822"; "/" = {
preLVM = true; device = "/dev/disk/by-uuid/4c1f76c6-5ce6-4987-b15e-9419627b7f19";
allowDiscards = true; fsType = "bcachefs";
}; options = [
"fsck"
"fix_errors"
];
};
fileSystems."/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/4F30-BEC7"; device = "/dev/disk/by-uuid/4F30-BEC7";
fsType = "vfat"; fsType = "vfat";
};
}; };
swapDevices = [ { device = "/dev/disk/by-uuid/5edcb909-6109-4198-84c7-703cbd471b44"; } ]; swapDevices = [ { device = "/dev/disk/by-uuid/5edcb909-6109-4198-84c7-703cbd471b44"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

View file

@ -1,9 +1,3 @@
{
config,
lib,
pkgs,
...
}:
{ {
boot.kernel.sysctl."net.ipv4.ip_forward" = true; boot.kernel.sysctl."net.ipv4.ip_forward" = true;

View file

@ -1,7 +1,5 @@
{ {
config,
lib, lib,
pkgs,
... ...
}: }:
{ {

View file

@ -1,7 +1,5 @@
{ {
config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -9,16 +7,20 @@
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ boot = {
"ahci" initrd = {
"xhci_pci" availableKernelModules = [
"virtio_pci" "ahci"
"sr_mod" "xhci_pci"
"virtio_blk" "virtio_pci"
]; "sr_mod"
boot.initrd.kernelModules = [ ]; "virtio_blk"
boot.kernelModules = [ "kvm-intel" ]; ];
boot.extraModulePackages = [ ]; kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

View file

@ -1,50 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "UUID=301a23cf-1aa3-4c53-a174-1a97592da5fa";
fsType = "bcachefs";
options = [
"fsck"
"fix_errors"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F594-E8DB";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -1,6 +1,4 @@
{ {
config,
lib,
pkgs, pkgs,
nodes, nodes,
... ...
@ -97,7 +95,7 @@
AllowedIPs = [ AllowedIPs = [
"10.42.2.1/32" "10.42.2.1/32"
]; ];
PublicKey = nodes.kat-mail-test.config.kat.wireguardPubKey; PublicKey = nodes.kat-betamail.config.kat.wireguardPubKey;
} }
]; ];
}; };

View file

@ -1,7 +1,5 @@
{ {
config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -9,23 +7,22 @@
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ boot = {
"ata_piix" initrd = {
"uhci_hcd" availableKernelModules = [
"virtio_pci" "ata_piix"
"virtio_scsi" "uhci_hcd"
"sd_mod" "virtio_pci"
]; "virtio_scsi"
boot.initrd.kernelModules = [ ]; "sd_mod"
boot.kernelModules = [ "kvm-intel" ]; ];
boot.extraModulePackages = [ ]; kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

View file

@ -1,7 +1,5 @@
{ {
config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -9,16 +7,20 @@
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ boot = {
"ahci" initrd = {
"xhci_pci" availableKernelModules = [
"virtio_pci" "ahci"
"sr_mod" "xhci_pci"
"virtio_blk" "virtio_pci"
]; "sr_mod"
boot.initrd.kernelModules = [ ]; "virtio_blk"
boot.kernelModules = [ "kvm-intel" ]; ];
boot.extraModulePackages = [ ]; kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

View file

@ -1,4 +1,3 @@
{ pkgs, config, ... }:
{ {
programs.aerc = { programs.aerc = {
extraConfig.general.unsafe-accounts-conf = true; extraConfig.general.unsafe-accounts-conf = true;

View file

@ -19,12 +19,12 @@
proxyJump = "watcher.kat"; proxyJump = "watcher.kat";
}; };
"virt.kat" = { "degette.kat" = {
user = "root"; user = "root";
hostname = "fe80::2%%virbr0"; hostname = "fe80::2%%virbr0";
proxyJump = "manah.kat"; proxyJump = "manah.kat";
}; };
"mail-test.kat" = { "betamail.kat" = {
user = "root"; user = "root";
hostname = "fe80::3%%virbr0"; hostname = "fe80::3%%virbr0";
proxyJump = "manah.kat"; proxyJump = "manah.kat";