peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

architect: Use networking options

Browse Source
This commit is contained in:
Giulio De Pasquale 2023-05-12 13:48:45 +02:00
parent 65c76f5a6a
commit 3a4d4e9c4f
1 changed files with 33 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
hosts/architect/default.nix
View File

@ -1,11 +1,13 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
let let
pubkeys = [ pubkeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"
]; ];
hostname = "architect"; domain = "devs.giugl.io";
network = import ./network.nix; # device.address device.hostname
generateDeviceStrings = devices: lib.concatStringsSep "\n"
(lib.mapAttrsToList (name: device: "${device.address} ${device.hostname}") devices);
in in
{ {
imports = [ imports = [
@ -44,6 +46,25 @@ in
./headscale.nix ./headscale.nix
]; ];
architect = {
networks.lan = {
interface = "enp5s0";
net = "10.0.0.0/24";
devices = {
vodafoneStation = { address = "192.168.1.1"; hostname = "vodafone.station"; };
architect = { address = "10.0.0.250"; hostname = "architect.${domain}"; };
router = { address = "10.0.0.1"; hostname = "router.${domain}"; };
dvr = { address = "10.0.0.3"; hostname = "dvr.${domain}"; };
};
};
firewall = {
openTCP = [ 22 ];
openTCPVPN = [ 22 ];
};
};
time.timeZone = "Europe/Rome"; time.timeZone = "Europe/Rome";
users.users.giulio.openssh.authorizedKeys.keys = pubkeys; users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
boot = { boot = {
@ -60,8 +81,8 @@ in
}; };
}; };
kernelParams = [ kernelParams = with config.architect.networks.lan; [
"ip=${network.architect-lan}::10.0.0.1:255.255.255.0::${network.wan-if}:off" "ip=${devices.architect.address}::${devices.router.address}:255.255.255.0::${interface}:off"
"nvme_core.default_ps_max_latency_us=5500" "nvme_core.default_ps_max_latency_us=5500"
"zfs_arc_max=1073741824" "zfs_arc_max=1073741824"
"memmap=32M$0x4ca6f9478" "memmap=32M$0x4ca6f9478"
@ -82,30 +103,20 @@ in
tmpOnTmpfsSize = "50%"; tmpOnTmpfsSize = "50%";
}; };
networking = { networking = with config.architect.networks.lan; {
hostName = hostname; hostName = "architect";
hostId = "49350853"; hostId = "49350853";
useDHCP = false; useDHCP = false;
defaultGateway = "10.0.0.1"; defaultGateway = devices.router.address;
interfaces = { interfaces = {
enp5s0.ipv4.addresses = [{ ${interface}.ipv4.addresses = [{
address = network.architect-lan; address = devices.architect.address;
prefixLength = 24; prefixLength = 24;
}]; }];
enp6s0.useDHCP = false; enp6s0.useDHCP = false;
wlp4s0.useDHCP = false; wlp4s0.useDHCP = false;
}; };
extraHosts = '' extraHosts = (generateDeviceStrings config.architect.networks.lan.devices) + ''
127.0.0.1 ${hostname}.devs.giugl.io localhost
# LAN
${network.architect-lan} ${hostname}.devs.giugl.io
${network.dvr-lan} dvr.devs.giugl.io
${network.nas-lan} nas.devs.giugl.io
${network.router-lan} router-manduria.devs.giugl.io
192.168.1.1 vodafone.station
# Blacklist # Blacklist
0.0.0.0 metrics.plex.tv 0.0.0.0 metrics.plex.tv
0.0.0.0 analytics.plex.tv 0.0.0.0 analytics.plex.tv
@ -132,11 +143,6 @@ in
driSupport = true; driSupport = true;
}; };
architect.firewall = {
openTCP = [ 22 ];
openTCPVPN = [ 22 ];
};
services = { services = {
fwupd.enable = true; fwupd.enable = true;
das_watchdog.enable = true; das_watchdog.enable = true;
@ -158,3 +164,4 @@ in
systemPackages = with pkgs; [ cachix ]; systemPackages = with pkgs; [ cachix ];
}; };
} }