SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-23 22:28:28 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:af2fcea45c6f0a0ee3afbefb8cde529e977f96cd
Branches Tags
SebastianStork:main
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:testing-srv-core
..
compare: SebastianStork:d696787ae71de26c06ced2e08e96c08c854ffbf7
Branches Tags
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:main
SebastianStork:testing-srv-core

No commits in common. "af2fcea45c6f0a0ee3afbefb8cde529e977f96cd" and "d696787ae71de26c06ced2e08e96c08c854ffbf7" have entirely different histories.
af2fcea45c ... d696787ae7

10 changed files with 40 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

54
flake.lock generated
View file

@ -3,11 +3,11 @@
"betterfox": { "betterfox": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1772315048, "lastModified": 1769104536,
"narHash": "sha256-rUuEfbjIXox5x5ul/4VarIm7bii/SCcDJjocEbHA1kM=", "narHash": "sha256-D2MIFdYMS3xrfO2vDYjCmC3Ah96jg5XUzvwMX3xJQBo=",
"owner": "yokoffing", "owner": "yokoffing",
"repo": "Betterfox", "repo": "Betterfox",
"rev": "f1c8e3809dbd23f4f9aa1e5e70805c61734b1f14", "rev": "310cbdee6ca20eb881749a559cb572ce9272a981",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -25,11 +25,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1772353697, "lastModified": 1772015457,
"narHash": "sha256-d9puAIgmq0emWPwHjGFklWoie9b9Qghy4GSL1YpgxIU=", "narHash": "sha256-F59AGLXs/kLBYK8kfvev5OPoLmpb6G9XF/1vk27Gzu4=",
"owner": "nlewo", "owner": "nlewo",
"repo": "comin", "repo": "comin",
"rev": "f3125c37f85bc0752930bb66a72f532e9ff9eb82", "rev": "d5bbf20a7e3afe492ab5b05e0250635f4e51da44",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -88,11 +88,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1772424169, "lastModified": 1772251378,
"narHash": "sha256-mhv7yclJj+qCagNv0WOuob5yQNV1aTqKcJLfBMUqsVA=", "narHash": "sha256-hZ5TwCAxef1e3S2V/BCL3LYaXYDyhXXu3SJjpmIxc/s=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "701de032cc247a1c309a34f0ed646e824efd7ac6", "rev": "80fa37b486765fc20784b7e3028a3eda04ce0067",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -123,11 +123,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1772408722, "lastModified": 1769996383,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -179,11 +179,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772380125, "lastModified": 1772020340,
"narHash": "sha256-8C+y46xA9bxcchj9GeDPJaRUDApaA3sy2fhJr1bTbUw=", "narHash": "sha256-aqBl3GNpCadMoJ/hVkWTijM1Aeilc278MjM+LA3jK6g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a07a44a839eb036e950bf397d9b782916f8dcab3", "rev": "36e38ca0d9afe4c55405fdf22179a5212243eecc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -267,11 +267,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1772328832, "lastModified": 1769909678,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -282,11 +282,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1772198003, "lastModified": 1771848320,
"narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", "rev": "2fc6539b481e1d2569f25f8799236694180c0993",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -371,11 +371,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772401007, "lastModified": 1772048434,
"narHash": "sha256-YHykQg0h9hrlZGpMcywnaFzQ1Kn/5YNCCOSaaAl6z7Q=", "narHash": "sha256-/wA0OaH6kZ/pFA+nXR/tvg5oupOmEDmMS5us79JT60o=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "d8be5ea4cd3bc363492ab5bc6e874ccdc5465fe4", "rev": "334daa7c273dd8bf7a0cd370e4e16022b64e55e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -467,11 +467,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772419365, "lastModified": 1772245870,
"narHash": "sha256-+IjvRKrbSQX9/ikWy1ptPJBqG+RildNl7Cd9yypyzU0=", "narHash": "sha256-MkcFNrEGekMhQRUB0/F6Jacp/LBUgNvZuacAwhPt7I0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "96e284c58556366535781d9a476121b2b5e839f1", "rev": "71308308af11faffcace34b6512579c59ce45bcd",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
hosts/homeserver/default.nix
View file

@ -21,7 +21,7 @@
}; };
services = { services = {
private-nameserver.enable = true; nameservers.overlay.enable = true;
syncthing = { syncthing = {
enable = true; enable = true;

6
hosts/vps-ns/default.nix
View file

@ -20,9 +20,9 @@
}; };
}; };
services = { services.nameservers = {
private-nameserver.enable = true; overlay.enable = true;
public-nameserver = { public = {
enable = true; enable = true;
zones = [ zones = [
"sprouted.cloud" "sprouted.cloud"

2
hosts/vps-public/default.nix
View file

@ -21,7 +21,7 @@
}; };
}; };
services.public-nameserver = { services.nameservers.public = {
enable = true; enable = true;
zones = [ zones = [
"sprouted.cloud" "sprouted.cloud"

2
modules/nixos/networking/overlay.nix
View file

@ -63,7 +63,7 @@ in
default = default =
allHosts allHosts
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config.custom.services.private-nameserver.enable) |> lib.filter (host: host.config.custom.services.nameservers.overlay.enable)
|> lib.map (host: host.config.custom.networking.overlay.address); |> lib.map (host: host.config.custom.networking.overlay.address);
}; };

5
modules/nixos/networking/underlay.nix
View file

@ -56,11 +56,6 @@ in
Gateway = cfg.gateway; Gateway = cfg.gateway;
GatewayOnLink = true; GatewayOnLink = true;
}; };
dns = lib.mkIf (!cfg.useDhcp) [
"1.1.1.1#cloudflare-dns.com"
"8.8.8.8#dns.google"
"9.9.9.9#dns.quad9.net"
];
}; };
}; };

6
modules/nixos/services/nameservers/private.nix → modules/nixos/services/nameservers/overlay.nix
View file

@ -7,7 +7,7 @@
... ...
}: }:
let let
cfg = config.custom.services.private-nameserver; cfg = config.custom.services.nameservers.overlay;
netCfg = config.custom.networking; netCfg = config.custom.networking;
zoneData = inputs.dns.lib.toString netCfg.overlay.domain { zoneData = inputs.dns.lib.toString netCfg.overlay.domain {
@ -20,7 +20,7 @@ let
NS = NS =
allHosts allHosts
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config.custom.services.private-nameserver.enable) |> lib.filter (host: host.config.custom.services.nameservers.overlay.enable)
|> lib.map (host: "${host.config.custom.networking.overlay.fqdn}."); |> lib.map (host: "${host.config.custom.networking.overlay.fqdn}.");
subdomains = subdomains =
@ -58,7 +58,7 @@ let
}; };
in in
{ {
options.custom.services.private-nameserver.enable = lib.mkEnableOption ""; options.custom.services.nameservers.overlay.enable = lib.mkEnableOption "";
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services = { services = {

11
modules/nixos/services/nameservers/public.nix
View file

@ -6,7 +6,7 @@
... ...
}: }:
let let
cfg = config.custom.services.public-nameserver; cfg = config.custom.services.nameservers.public;
netCfg = config.custom.networking; netCfg = config.custom.networking;
zoneData = zoneData =
@ -38,7 +38,7 @@ let
nsRecords = nsRecords =
allHosts allHosts
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config.custom.services.public-nameserver.enable) |> lib.filter (host: host.config.custom.services.nameservers.public.enable)
|> lib.map (host: { |> lib.map (host: {
name = host.config.custom.networking.hostName; name = host.config.custom.networking.hostName;
inherit (host.config.custom.networking.underlay) address; inherit (host.config.custom.networking.underlay) address;
@ -64,7 +64,7 @@ let
}; };
in in
{ {
options.custom.services.public-nameserver = { options.custom.services.nameservers.public = {
enable = lib.mkEnableOption ""; enable = lib.mkEnableOption "";
zones = lib.mkOption { zones = lib.mkOption {
type = lib.types.nonEmptyListOf lib.types.nonEmptyStr; type = lib.types.nonEmptyListOf lib.types.nonEmptyStr;
@ -73,11 +73,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
networking.firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
services.nsd = { services.nsd = {
enable = true; enable = true;
interfaces = [ netCfg.underlay.interface ]; interfaces = [ netCfg.underlay.interface ];

1
modules/nixos/services/nebula/default.nix
View file

@ -133,7 +133,6 @@ in
address = [ netCfg.overlay.cidr ]; address = [ netCfg.overlay.cidr ];
dns = netCfg.overlay.dnsServers; dns = netCfg.overlay.dnsServers;
domains = [ netCfg.overlay.domain ]; domains = [ netCfg.overlay.domain ];
networkConfig.DNSSEC = false;
}; };
}; };
}; };

2
tests/infrastructure/default.nix
View file

@ -58,7 +58,7 @@
}; };
}; };
services.private-nameserver.enable = true; services.nameservers.overlay.enable = true;
}; };
}; };