diff --git a/flake.lock b/flake.lock index ea2322c..ad6b5c4 100644 --- a/flake.lock +++ b/flake.lock @@ -88,11 +88,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1766549013, - "narHash": "sha256-GTT+poVhfyQ3JoKIneAT8tZgUEt0KyC6jN6LewIDYLY=", + "lastModified": 1766203416, + "narHash": "sha256-UrIuqnXvM+73owAiq1zjHNtaWrv72wD1yKO6jTowhTQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "356637020672729e7d406e65cb2e72a633301aba", + "rev": "8b55bb199045aa79e2965b7482b04ee4773192e3", "type": "gitlab" }, "original": { @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1766553861, - "narHash": "sha256-ZbnG01yA3O8Yr1vUm3+NQ2qk9iRhS5bloAnuXHHy7+c=", + "lastModified": 1765979862, + "narHash": "sha256-/r9/1KamvbHJx6I40H4HsSXnEcBAkj46ZwibhBx9kg0=", "owner": "nix-community", "repo": "home-manager", - "rev": "0999ed8f965bbbd991437ad9c5ed3434cecbc30e", + "rev": "d3135ab747fd9dac250ffb90b4a7e80634eacbe9", "type": "github" }, "original": { @@ -191,11 +191,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1766568855, - "narHash": "sha256-UXVtN77D7pzKmzOotFTStgZBqpOcf8cO95FcupWp4Zo=", + "lastModified": 1764440730, + "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c5db9569ac9cc70929c268ac461f4003e3e5ca80", + "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", "type": "github" }, "original": { @@ -207,11 +207,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1766473571, - "narHash": "sha256-5G1NDO2PulBx1RoaA6U1YoUDX0qZslpPxv+n5GX6Qto=", + "lastModified": 1765838191, + "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "76701a179d3a98b07653e2b0409847499b2a07d3", + "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6", "type": "github" }, "original": { @@ -238,11 +238,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1766309749, - "narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=", + "lastModified": 1766070988, + "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a6531044f6d0bef691ea18d4d4ce44d0daa6e816", + "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", "type": "github" }, "original": { @@ -294,11 +294,11 @@ ] }, "locked": { - "lastModified": 1766289575, - "narHash": "sha256-BOKCwOQQIP4p9z8DasT5r+qjri3x7sPCOq+FTjY8Z+o=", + "lastModified": 1765836173, + "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "9836912e37aef546029e48c8749834735a6b9dad", + "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63", "type": "github" }, "original": { @@ -382,11 +382,11 @@ ] }, "locked": { - "lastModified": 1766369649, - "narHash": "sha256-8Z/4upd/AS7pU72QS3GesaWeTgM4VcrSf85bh9fxum8=", + "lastModified": 1766225876, + "narHash": "sha256-e7kkh5axo86jc7QRMnWYpHNf9hHbG53xMTzr5v63cjw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "94058abef65a5f2916f4d9da67d9966039366514", + "rev": "4ee8ee764ea5cf2fcb44684d04488b8f5e2115b7", "type": "github" }, "original": { diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix index 9ae8915..106328e 100644 --- a/modules/system/services/nebula/default.nix +++ b/modules/system/services/nebula/default.nix @@ -9,16 +9,13 @@ let hostname = config.networking.hostName; - nodes = + lighthouses = self.nixosConfigurations |> lib.filterAttrs (name: _: name != hostname) |> lib.attrValues |> lib.map (value: value.config.custom.services.nebula.node) - |> lib.filter (node: node.enable); - - lighthouses = nodes |> lib.filter (node: node.isLighthouse); - - routableNodes = nodes |> lib.filter (node: node.routableAddress != null); + |> lib.filter (nebula: nebula.enable) + |> lib.filter (nebula: nebula.isLighthouse); in { options.custom.services.nebula.node = { @@ -31,15 +28,15 @@ in type = lib.types.nonEmptyStr; default = ""; }; - isLighthouse = lib.mkEnableOption ""; + isLighthouse = lib.mkEnableOption ""; routableAddress = lib.mkOption { type = lib.types.nullOr lib.types.nonEmptyStr; default = null; }; routablePort = lib.mkOption { type = lib.types.nullOr lib.types.port; - default = if cfg.routableAddress != null then 47141 else null; + default = if cfg.isLighthouse then 47141 else null; }; pubPath = lib.mkOption { @@ -53,12 +50,7 @@ in }; config = lib.mkIf cfg.enable { - meta.ports.udp = lib.optional (cfg.routablePort != null) cfg.routablePort; - - assertions = lib.singleton { - assertion = cfg.isLighthouse -> cfg.routableAddress != null; - message = "'${hostname}' is a Nebula lighthouse, but routableAddress is not set. Lighthouses must be publicly reachable."; - }; + meta.ports.udp = lib.optional (cfg.routablePort != 0) cfg.routablePort; sops.secrets."nebula/host-key" = { owner = config.users.users.nebula-main.name; @@ -78,9 +70,8 @@ in lighthouses = lib.mkIf (!cfg.isLighthouse) ( lighthouses |> lib.map (lighthouse: lighthouse.address) ); - staticHostMap = - routableNodes + lighthouses |> lib.map (lighthouse: { name = lighthouse.address; value = lib.singleton "${lighthouse.routableAddress}:${toString lighthouse.routablePort}"; @@ -103,7 +94,6 @@ in settings = { pki.disconnect_invalid = true; cipher = "aes"; - logging.level = "warning"; }; }; };