Compare commits

...

2 commits

25 changed files with 226 additions and 250 deletions

View file

@ -2,12 +2,14 @@ let
mods = import ./modules;
users = import ./users;
sources = import ./npins;
mkNixpkgsSrc = (import sources.nix-patches { patchFile = ./patches; }).mkNixpkgsSrc;
lib =
inherit (import sources.nix-patches { patchFile = ./patches; }) mkNixpkgsSrc;
inherit
(import (mkNixpkgsSrc {
src = sources.nixpkgs;
version = "unstable";
}) { }).lib;
}) { })
lib
;
in
{
meta = {

View file

@ -21,7 +21,7 @@ let
internal = port;
}) (types.submodule redirected-ports-mod);
fqdn = config.kat.fqdn;
inherit (config.kat) fqdn;
hostname = config.networking.hostName;
cfg = config.kat.proxies;
@ -51,7 +51,7 @@ let
map (
host:
let
fqdn = nodes.${host}.config.kat.fqdn;
inherit (nodes.${host}.config.kat) fqdn;
host-cfg = nodes.${host}.config.kat.proxies;
in
{
@ -60,7 +60,7 @@ let
{ external, internal }:
{
input = external;
ip = host-cfg.ip;
inherit (host-cfg) ip;
out = internal;
}
) host-cfg.open-tcp;
@ -68,13 +68,12 @@ let
{ external, internal }:
{
input = external;
ip = host-cfg.ip;
inherit (host-cfg) ip;
out = internal;
}
) host-cfg.open-udp;
vhosts.${fqdn} = {
ip = host-cfg.ip;
aliases = host-cfg.aliases;
inherit (host-cfg) ip aliases;
};
}
) cfg.redirects

View file

@ -9,7 +9,7 @@ in
imports = [
zsh.user
./neovim.nix
((import sources.nixvim).homeManagerModules.nixvim)
(import sources.nixvim).homeManagerModules.nixvim
];
# options.kat = {
# ssh = mkEnableOption "ssh configuration";

View file

@ -1,7 +1,4 @@
{
config,
lib,
pkgs,
nodes,
sources,
ssh-keys,
@ -12,7 +9,7 @@ let
in
{
deployment = {
targetHost = "mail-test.kat";
targetHost = "betamail.kat";
tags = [ "kat-vms" ];
};
imports = [

View file

@ -0,0 +1,27 @@
{
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
initrd = {
availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -1,13 +1,11 @@
{
config,
lib,
pkgs,
ssh-keys,
...
}:
{
deployment = {
targetHost = "virt.kat";
targetHost = "degette.kat";
tags = [ "kat-vms" ];
};

View file

@ -0,0 +1,46 @@
{
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
initrd = {
availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "UUID=301a23cf-1aa3-4c53-a174-1a97592da5fa";
fsType = "bcachefs";
options = [
"fsck"
"fix_errors"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/F594-E8DB";
fsType = "vfat";
};
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -1,6 +1,5 @@
{
pkgs,
modulesPath,
lib,
sources,
...
@ -12,7 +11,7 @@
};
imports = [
("${sources.nixos-images}/nix/kexec-installer/module.nix")
"${sources.nixos-images}/nix/kexec-installer/module.nix"
];
boot = {

View file

@ -1,25 +0,0 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -34,8 +34,8 @@
"kat-orchid"
"kat-son"
"kat-www"
"kat-virt"
"kat-mail-test"
"kat-degette"
"kat-betamail"
];
};
wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM=";

View file

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
@ -12,18 +8,23 @@
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
fileSystems = {
"/" = {
device = "UUID=2d6f7d3a-936d-457c-86c7-f49d816ff5b7";
fsType = "bcachefs";
options = [
@ -32,12 +33,12 @@
];
};
fileSystems."/boot" = {
"/boot" = {
device = "/dev/disk/by-uuid/DD9A-3823";
fsType = "vfat";
};
fileSystems."/.ssd" = {
"/.ssd" = {
device = "UUID=b4fc22f8-aecd-4cde-b77d-79825fae65eb";
fsType = "bcachefs";
options = [
@ -47,29 +48,22 @@
neededForBoot = true;
};
fileSystems."/nix/store" = {
"/nix/store" = {
device = "/.ssd/nix-store";
options = [ "bind" ];
depends = [ "/.ssd" ];
};
fileSystems."/var/lib/libvirt" = {
"/var/lib/libvirt" = {
device = "/.ssd/libvirt";
options = [ "bind" ];
depends = [ "/.ssd" ];
};
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
mods,
kat-path,
ssh-keys,
sources,

View file

@ -1,7 +1,5 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
@ -9,16 +7,20 @@
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
boot = {
initrd = {
availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

View file

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
@ -12,7 +8,9 @@
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"vmd"
"nvme"
@ -20,36 +18,36 @@
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/4c1f76c6-5ce6-4987-b15e-9419627b7f19";
fsType = "bcachefs";
# options = [ "fsck" "fix_errors" ];
};
boot.initrd.luks.devices."dec-lin" = {
kernelModules = [ ];
luks.devices."dec-lin" = {
device = "/dev/disk/by-uuid/bba45bff-2356-4ec7-a20c-9cbf9d992822";
preLVM = true;
allowDiscards = true;
};
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/boot" = {
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/4c1f76c6-5ce6-4987-b15e-9419627b7f19";
fsType = "bcachefs";
options = [
"fsck"
"fix_errors"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/4F30-BEC7";
fsType = "vfat";
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/5edcb909-6109-4198-84c7-703cbd471b44"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

View file

@ -1,9 +1,3 @@
{
config,
lib,
pkgs,
...
}:
{
boot.kernel.sysctl."net.ipv4.ip_forward" = true;

View file

@ -1,7 +1,5 @@
{
config,
lib,
pkgs,
...
}:
{

View file

@ -1,7 +1,5 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
@ -9,16 +7,20 @@
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
boot = {
initrd = {
availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

View file

@ -1,50 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "UUID=301a23cf-1aa3-4c53-a174-1a97592da5fa";
fsType = "bcachefs";
options = [
"fsck"
"fix_errors"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F594-E8DB";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -1,6 +1,4 @@
{
config,
lib,
pkgs,
nodes,
...
@ -97,7 +95,7 @@
AllowedIPs = [
"10.42.2.1/32"
];
PublicKey = nodes.kat-mail-test.config.kat.wireguardPubKey;
PublicKey = nodes.kat-betamail.config.kat.wireguardPubKey;
}
];
};

View file

@ -1,7 +1,5 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
@ -9,23 +7,22 @@
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
boot = {
initrd = {
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -1,7 +1,5 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
@ -9,16 +7,20 @@
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
boot = {
initrd = {
availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

View file

@ -1,4 +1,3 @@
{ pkgs, config, ... }:
{
programs.aerc = {
extraConfig.general.unsafe-accounts-conf = true;

View file

@ -19,12 +19,12 @@
proxyJump = "watcher.kat";
};
"virt.kat" = {
"degette.kat" = {
user = "root";
hostname = "fe80::2%%virbr0";
proxyJump = "manah.kat";
};
"mail-test.kat" = {
"betamail.kat" = {
user = "root";
hostname = "fe80::3%%virbr0";
proxyJump = "manah.kat";