aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Refactor Wireguard to make it use sisko as server

Browse source
This commit is contained in:
Andrea Ciceri 2023-12-13 13:55:27 +01:00
parent 0d3c1aae46
commit f05c12545a
Signed by: aciceri
SSH key fingerprint: SHA256:/AagBweyV4Hlfg9u092n8hbHwD5fcB6A3qhDiDA65Rg
29 changed files with 430 additions and 418 deletions
Download patch file Download diff file Expand all files Collapse all files

196
hosts/default.nix
View file

@ -7,99 +7,117 @@
}: {
imports = [./module.nix];
fleet.hosts = {
# thinkpad = {
# extraModules = with inputs; [
# nixosHardware.nixosModules.lenovo-thinkpad-x1-7th-gen
# buildbot-nix.nixosModules.buildbot-master
# buildbot-nix.nixosModules.buildbot-worker
# ];
# extraHmModules = with inputs; [
# ccrEmacs.hmModules.default
# {
# # TODO: remove after https://github.com/nix-community/home-manager/pull/3811
# imports = let
# hmModules = "${inputs.homeManagerGitWorkspace}/modules";
# in [
# "${hmModules}/services/git-workspace.nix"
# ];
# }
# ];
# overlays = [inputs.nil.overlays.default];
# secrets = {
# "thinkpad-wireguard-private-key" = {};
# "cachix-personal-token".owner = "ccr";
# "autistici-password".owner = "ccr";
# "git-workspace-tokens".owner = "ccr";
# "chatgpt-token".owner = "ccr";
# };
# };
# rock5b = {
# system = "aarch64-linux";
# extraModules = with inputs; [
# disko.nixosModules.disko
# rock5b.nixosModules.default
# ];
# secrets = {
# "rock5b-wireguard-private-key" = {};
# "hercules-ci-join-token".owner = "hercules-ci-agent";
# "hercules-ci-binary-caches".owner = "hercules-ci-agent";
# "cachix-personal-token".owner = "ccr";
# "home-planimetry".owner = "hass";
# "cloudflare-dyndns-api-token" = {};
# # "nextcloud-admin-pass".owner = "nextcloud";
# # "aws-credentials" = {};
# };
# colmena.deployment.buildOnTarget = true;
# };
# pbp = {
# system = "aarch64-linux";
# extraModules = with inputs; [
# nixosHardware.nixosModules.pine64-pinebook-pro
# disko.nixosModules.disko
# ];
# extraHmModules = [
# inputs.ccrEmacs.hmModules.default
# ];
# secrets = {
# "pbp-wireguard-private-key" = {};
# "cachix-personal-token".owner = "ccr";
# "chatgpt-token".owner = "ccr";
# };
# };
fleet = {
hosts = {
# thinkpad = {
# extraModules = with inputs; [
# nixosHardware.nixosModules.lenovo-thinkpad-x1-7th-gen
# buildbot-nix.nixosModules.buildbot-master
# buildbot-nix.nixosModules.buildbot-worker
# ];
# extraHmModules = with inputs; [
# ccrEmacs.hmModules.default
# {
# # TODO: remove after https://github.com/nix-community/home-manager/pull/3811
# imports = let
# hmModules = "${inputs.homeManagerGitWorkspace}/modules";
# in [
# "${hmModules}/services/git-workspace.nix"
# ];
# }
# ];
# overlays = [inputs.nil.overlays.default];
# secrets = {
# "thinkpad-wireguard-private-key" = {};
# "cachix-personal-token".owner = "ccr";
# "autistici-password".owner = "ccr";
# "git-workspace-tokens".owner = "ccr";
# "chatgpt-token".owner = "ccr";
# };
# };
# rock5b = {
# system = "aarch64-linux";
# extraModules = with inputs; [
# disko.nixosModules.disko
# rock5b.nixosModules.default
# ];
# secrets = {
# "rock5b-wireguard-private-key" = {};
# "hercules-ci-join-token".owner = "hercules-ci-agent";
# "hercules-ci-binary-caches".owner = "hercules-ci-agent";
# "cachix-personal-token".owner = "ccr";
# "home-planimetry".owner = "hass";
# "cloudflare-dyndns-api-token" = {};
# # "nextcloud-admin-pass".owner = "nextcloud";
# # "aws-credentials" = {};
# };
# colmena.deployment.buildOnTarget = true;
# };
# pbp = {
# system = "aarch64-linux";
# extraModules = with inputs; [
# nixosHardware.nixosModules.pine64-pinebook-pro
# disko.nixosModules.disko
# ];
# extraHmModules = [
# inputs.ccrEmacs.hmModules.default
# ];
# secrets = {
# "pbp-wireguard-private-key" = {};
# "cachix-personal-token".owner = "ccr";
# "chatgpt-token".owner = "ccr";
# };
# };
picard = {
extraModules = [
inputs.disko.nixosModules.disko
];
extraHmModules = [
inputs.ccrEmacs.hmModules.default
"${inputs.homeManagerGitWorkspace}/modules/services/git-workspace.nix"
];
secrets = {
"chatgpt-token".owner = "ccr";
"cachix-personal-token".owner = "ccr";
"hercules-ci-join-token".owner = "hercules-ci-agent";
"hercules-ci-binary-caches".owner = "hercules-ci-agent";
"hercules-ci-secrets-json".owner = "hercules-ci-agent";
"git-workspace-tokens".owner = "ccr";
picard = {
vpn = {
ip = "10.100.0.2";
publicKey = "O9V2PI7+vZm7gGn3f9SaTsJbVe9urf/jZkdXFz/mjVU=";
};
extraModules = [
inputs.disko.nixosModules.disko
];
extraHmModules = [
inputs.ccrEmacs.hmModules.default
"${inputs.homeManagerGitWorkspace}/modules/services/git-workspace.nix"
];
secrets = {
"picard-wireguard-private-key" = {};
"chatgpt-token".owner = "ccr";
"cachix-personal-token".owner = "ccr";
"hercules-ci-join-token".owner = "hercules-ci-agent";
"hercules-ci-binary-caches".owner = "hercules-ci-agent";
"hercules-ci-secrets-json".owner = "hercules-ci-agent";
"git-workspace-tokens".owner = "ccr";
};
};
sisko = {
system = "aarch64-linux";
vpn = {
ip = "10.100.0.1";
publicKey = "bc5giljukT1+ChbbyTLdOfejfR3c8RZ4XoXmQM54nTY=";
};
extraModules = with inputs; [
disko.nixosModules.disko
rock5b.nixosModules.default
];
secrets = {
"sisko-wireguard-private-key" = {};
"hercules-ci-join-token".owner = "hercules-ci-agent";
"hercules-ci-binary-caches".owner = "hercules-ci-agent";
"hercules-ci-secrets-json".owner = "hercules-ci-agent";
"cachix-personal-token".owner = "ccr";
"home-planimetry".owner = "hass";
"cloudflare-dyndns-api-token" = {};
};
};
};
sisko = {
system = "aarch64-linux";
extraModules = with inputs; [
disko.nixosModules.disko
rock5b.nixosModules.default
];
secrets = {
"sisko-wireguard-private-key" = {};
"hercules-ci-join-token".owner = "hercules-ci-agent";
"hercules-ci-binary-caches".owner = "hercules-ci-agent";
"hercules-ci-secrets-json".owner = "hercules-ci-agent";
"cachix-personal-token".owner = "ccr";
"home-planimetry".owner = "hass";
"cloudflare-dyndns-api-token" = {};
vpnExtra = {
oneplus6t = {
ip = "10.100.0.4";
publicKey = "O6/tKaA8Hs7OEqi15hV4RwviR6vyCTMYv6ZlhsI+tnI=";
};
};
};

38
hosts/module.nix
View file

@ -8,7 +8,9 @@
config,
inputs,
...
}: {
}: let
cfg = config.fleet;
in {
options.fleet = {
hosts = lib.mkOption {
description = "Host configuration";
@ -24,6 +26,16 @@
type = lib.types.str;
default = "x86_64-linux";
};
vpn = {
ip = lib.mkOption {
description = "Wireguard VPN ip";
type = lib.types.str;
};
publicKey = lib.mkOption {
description = "Wireguard public key";
type = lib.types.str;
};
};
secrets = lib.mkOption {
description = "List of secrets names in the `secrets` folder";
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
@ -84,10 +96,25 @@
[
nur.overlay
]
++ config.fleet.overlays;
++ cfg.overlays;
}));
default = {};
};
vpnExtra = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
options = {
ip = lib.mkOption {
description = "Wireguard VPN ip";
type = lib.types.str;
};
publicKey = lib.mkOption {
description = "Wireguard public key";
type = lib.types.str;
};
};
});
default = {};
};
_mkNixosConfiguration = lib.mkOption {
description = "Function returning a proper NixOS configuration";
type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type
@ -100,12 +127,6 @@
({lib, ...}: {
networking.hostName = lib.mkForce hostname;
nixpkgs.overlays = config.overlays;
networking.hosts =
lib.mapAttrs' (hostname: ip: {
name = ip;
value = ["${hostname}.fleet"];
})
(import "${self}/lib").ips;
})
"${self.outPath}/hosts/${hostname}"
]
@ -156,6 +177,7 @@
fleetModules = builtins.map (moduleName: "${self.outPath}/modules/${moduleName}");
fleetHmModules = builtins.map (moduleName: "${self.outPath}/hmModules/${moduleName}");
fleetFlake = self;
vpn = cfg.vpnExtra // (lib.mapAttrs (_: host: host.vpn) cfg.hosts);
};
};
};

1
hosts/picard/default.nix
View file

@ -27,6 +27,7 @@
"hercules-ci"
"printing"
"pam"
"wireguard-client"
]
++ [
./disko.nix

2
hosts/sisko/default.nix
View file

@ -8,7 +8,7 @@
"common"
"ssh"
"ccr"
"wireguard-client"
"wireguard-server"
# "minidlna"
"mediatomb"
"transmission"