SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 12:51:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:c8db179bda254cb03b9c713e2bf4e690f3475051
Branches Tags
SebastianStork:main
SebastianStork:develop
...
compare: SebastianStork:de16ca49e8f5269f9f3ed75a388173681636aceb
Branches Tags
SebastianStork:main
SebastianStork:develop

4 commits
c8db179bda ... de16ca49e8

Author SHA1 Message Date
SebastianStork
de16ca49e8
nebula: Assert routability of lighthouses 2025-12-25 20:00:44 +01:00
SebastianStork
d58da5ce7d
nebula: Set logging level to warning 2025-12-25 19:40:29 +01:00
SebastianStork
61f4ac9053
nebula: Allow non-lighthouse nodes to be static hosts 2025-12-25 19:39:44 +01:00
SebastianStork
cb5177f595
flake.lock: Update 
Flake lock file updates:

• Updated input 'firefox-addons':
    'gitlab:rycee/nur-expressions/8b55bb199045aa79e2965b7482b04ee4773192e3?dir=pkgs/firefox-addons&narHash=sha256-UrIuqnXvM%2B73owAiq1zjHNtaWrv72wD1yKO6jTowhTQ%3D' (2025-12-20)
  → 'gitlab:rycee/nur-expressions/356637020672729e7d406e65cb2e72a633301aba?dir=pkgs/firefox-addons&narHash=sha256-GTT%2BpoVhfyQ3JoKIneAT8tZgUEt0KyC6jN6LewIDYLY%3D' (2025-12-24)
• Updated input 'home-manager':
    'github:nix-community/home-manager/d3135ab747fd9dac250ffb90b4a7e80634eacbe9?narHash=sha256-/r9/1KamvbHJx6I40H4HsSXnEcBAkj46ZwibhBx9kg0%3D' (2025-12-17)
  → 'github:nix-community/home-manager/0999ed8f965bbbd991437ad9c5ed3434cecbc30e?narHash=sha256-ZbnG01yA3O8Yr1vUm3%2BNQ2qk9iRhS5bloAnuXHHy7%2Bc%3D' (2025-12-24)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/9154f4569b6cdfd3c595851a6ba51bfaa472d9f3?narHash=sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x%2B6XUJ4YdFRjtO4%3D' (2025-11-29)
  → 'github:NixOS/nixos-hardware/c5db9569ac9cc70929c268ac461f4003e3e5ca80?narHash=sha256-UXVtN77D7pzKmzOotFTStgZBqpOcf8cO95FcupWp4Zo%3D' (2025-12-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/c6f52ebd45e5925c188d1a20119978aa4ffd5ef6?narHash=sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8%3D' (2025-12-15)
  → 'github:nixos/nixpkgs/76701a179d3a98b07653e2b0409847499b2a07d3?narHash=sha256-5G1NDO2PulBx1RoaA6U1YoUDX0qZslpPxv%2Bn5GX6Qto%3D' (2025-12-23)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c6245e83d836d0433170a16eb185cefe0572f8b8?narHash=sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc%3D' (2025-12-18)
  → 'github:nixos/nixpkgs/a6531044f6d0bef691ea18d4d4ce44d0daa6e816?narHash=sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC%2B2IVK0NoVEzDoOh4DA4%3D' (2025-12-21)
• Updated input 'sops':
    'github:Mic92/sops-nix/443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63?narHash=sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY%3D' (2025-12-15)
  → 'github:Mic92/sops-nix/9836912e37aef546029e48c8749834735a6b9dad?narHash=sha256-BOKCwOQQIP4p9z8DasT5r%2Bqjri3x7sPCOq%2BFTjY8Z%2Bo%3D' (2025-12-21)
• Updated input 'vscode-extensions':
    'github:nix-community/nix-vscode-extensions/4ee8ee764ea5cf2fcb44684d04488b8f5e2115b7?narHash=sha256-e7kkh5axo86jc7QRMnWYpHNf9hHbG53xMTzr5v63cjw%3D' (2025-12-20)
  → 'github:nix-community/nix-vscode-extensions/94058abef65a5f2916f4d9da67d9966039366514?narHash=sha256-8Z/4upd/AS7pU72QS3GesaWeTgM4VcrSf85bh9fxum8%3D' (2025-12-22)
 2025-12-24 22:16:36 +01:00
2 changed files with 38 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

42
flake.lock generated
View file

@ -88,11 +88,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1766203416, "lastModified": 1766549013,
"narHash": "sha256-UrIuqnXvM+73owAiq1zjHNtaWrv72wD1yKO6jTowhTQ=", "narHash": "sha256-GTT+poVhfyQ3JoKIneAT8tZgUEt0KyC6jN6LewIDYLY=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "8b55bb199045aa79e2965b7482b04ee4773192e3", "rev": "356637020672729e7d406e65cb2e72a633301aba",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -160,11 +160,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1765979862, "lastModified": 1766553861,
"narHash": "sha256-/r9/1KamvbHJx6I40H4HsSXnEcBAkj46ZwibhBx9kg0=", "narHash": "sha256-ZbnG01yA3O8Yr1vUm3+NQ2qk9iRhS5bloAnuXHHy7+c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d3135ab747fd9dac250ffb90b4a7e80634eacbe9", "rev": "0999ed8f965bbbd991437ad9c5ed3434cecbc30e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -191,11 +191,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1764440730, "lastModified": 1766568855,
"narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", "narHash": "sha256-UXVtN77D7pzKmzOotFTStgZBqpOcf8cO95FcupWp4Zo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", "rev": "c5db9569ac9cc70929c268ac461f4003e3e5ca80",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -207,11 +207,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1765838191, "lastModified": 1766473571,
"narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=", "narHash": "sha256-5G1NDO2PulBx1RoaA6U1YoUDX0qZslpPxv+n5GX6Qto=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6", "rev": "76701a179d3a98b07653e2b0409847499b2a07d3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -238,11 +238,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1766070988, "lastModified": 1766309749,
"narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", "narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", "rev": "a6531044f6d0bef691ea18d4d4ce44d0daa6e816",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -294,11 +294,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1765836173, "lastModified": 1766289575,
"narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=", "narHash": "sha256-BOKCwOQQIP4p9z8DasT5r+qjri3x7sPCOq+FTjY8Z+o=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63", "rev": "9836912e37aef546029e48c8749834735a6b9dad",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -382,11 +382,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766225876, "lastModified": 1766369649,
"narHash": "sha256-e7kkh5axo86jc7QRMnWYpHNf9hHbG53xMTzr5v63cjw=", "narHash": "sha256-8Z/4upd/AS7pU72QS3GesaWeTgM4VcrSf85bh9fxum8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "4ee8ee764ea5cf2fcb44684d04488b8f5e2115b7", "rev": "94058abef65a5f2916f4d9da67d9966039366514",
"type": "github" "type": "github"
}, },
"original": { "original": {

24
modules/system/services/nebula/default.nix
View file

@ -9,13 +9,16 @@ let
hostname = config.networking.hostName; hostname = config.networking.hostName;
lighthouses = nodes =
self.nixosConfigurations self.nixosConfigurations
|> lib.filterAttrs (name: _: name != hostname) |> lib.filterAttrs (name: _: name != hostname)
|> lib.attrValues |> lib.attrValues
|> lib.map (value: value.config.custom.services.nebula.node) |> lib.map (value: value.config.custom.services.nebula.node)
|> lib.filter (nebula: nebula.enable) |> lib.filter (node: node.enable);
|> lib.filter (nebula: nebula.isLighthouse);
lighthouses = nodes |> lib.filter (node: node.isLighthouse);
routableNodes = nodes |> lib.filter (node: node.routableAddress != null);
in in
{ {
options.custom.services.nebula.node = { options.custom.services.nebula.node = {
@ -28,15 +31,15 @@ in
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = ""; default = "";
}; };
isLighthouse = lib.mkEnableOption ""; isLighthouse = lib.mkEnableOption "";
routableAddress = lib.mkOption { routableAddress = lib.mkOption {
type = lib.types.nullOr lib.types.nonEmptyStr; type = lib.types.nullOr lib.types.nonEmptyStr;
default = null; default = null;
}; };
routablePort = lib.mkOption { routablePort = lib.mkOption {
type = lib.types.nullOr lib.types.port; type = lib.types.nullOr lib.types.port;
default = if cfg.isLighthouse then 47141 else null; default = if cfg.routableAddress != null then 47141 else null;
}; };
pubPath = lib.mkOption { pubPath = lib.mkOption {
@ -50,7 +53,12 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta.ports.udp = lib.optional (cfg.routablePort != 0) cfg.routablePort; meta.ports.udp = lib.optional (cfg.routablePort != null) cfg.routablePort;
assertions = lib.singleton {
assertion = cfg.isLighthouse -> cfg.routableAddress != null;
message = "'${hostname}' is a Nebula lighthouse, but routableAddress is not set. Lighthouses must be publicly reachable.";
};
sops.secrets."nebula/host-key" = { sops.secrets."nebula/host-key" = {
owner = config.users.users.nebula-main.name; owner = config.users.users.nebula-main.name;
@ -70,8 +78,9 @@ in
lighthouses = lib.mkIf (!cfg.isLighthouse) ( lighthouses = lib.mkIf (!cfg.isLighthouse) (
lighthouses |> lib.map (lighthouse: lighthouse.address) lighthouses |> lib.map (lighthouse: lighthouse.address)
); );
staticHostMap = staticHostMap =
lighthouses routableNodes
|> lib.map (lighthouse: { |> lib.map (lighthouse: {
name = lighthouse.address; name = lighthouse.address;
value = lib.singleton "${lighthouse.routableAddress}:${toString lighthouse.routablePort}"; value = lib.singleton "${lighthouse.routableAddress}:${toString lighthouse.routablePort}";
@ -94,6 +103,7 @@ in
settings = { settings = {
pki.disconnect_invalid = true; pki.disconnect_invalid = true;
cipher = "aes"; cipher = "aes";
logging.level = "warning";
}; };
}; };
}; };