SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 16:21:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:de16ca49e8f5269f9f3ed75a388173681636aceb
Branches Tags
SebastianStork:main
SebastianStork:develop
..
compare: SebastianStork:c8db179bda254cb03b9c713e2bf4e690f3475051
Branches Tags
SebastianStork:main
SebastianStork:develop

No commits in common. "de16ca49e8f5269f9f3ed75a388173681636aceb" and "c8db179bda254cb03b9c713e2bf4e690f3475051" have entirely different histories.
de16ca49e8 ... c8db179bda

2 changed files with 28 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

42
flake.lock generated
View file

@ -88,11 +88,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1766549013, "lastModified": 1766203416,
"narHash": "sha256-GTT+poVhfyQ3JoKIneAT8tZgUEt0KyC6jN6LewIDYLY=", "narHash": "sha256-UrIuqnXvM+73owAiq1zjHNtaWrv72wD1yKO6jTowhTQ=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "356637020672729e7d406e65cb2e72a633301aba", "rev": "8b55bb199045aa79e2965b7482b04ee4773192e3",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -160,11 +160,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766553861, "lastModified": 1765979862,
"narHash": "sha256-ZbnG01yA3O8Yr1vUm3+NQ2qk9iRhS5bloAnuXHHy7+c=", "narHash": "sha256-/r9/1KamvbHJx6I40H4HsSXnEcBAkj46ZwibhBx9kg0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0999ed8f965bbbd991437ad9c5ed3434cecbc30e", "rev": "d3135ab747fd9dac250ffb90b4a7e80634eacbe9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -191,11 +191,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1766568855, "lastModified": 1764440730,
"narHash": "sha256-UXVtN77D7pzKmzOotFTStgZBqpOcf8cO95FcupWp4Zo=", "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "c5db9569ac9cc70929c268ac461f4003e3e5ca80", "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -207,11 +207,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1766473571, "lastModified": 1765838191,
"narHash": "sha256-5G1NDO2PulBx1RoaA6U1YoUDX0qZslpPxv+n5GX6Qto=", "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "76701a179d3a98b07653e2b0409847499b2a07d3", "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -238,11 +238,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1766309749, "lastModified": 1766070988,
"narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=", "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a6531044f6d0bef691ea18d4d4ce44d0daa6e816", "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -294,11 +294,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766289575, "lastModified": 1765836173,
"narHash": "sha256-BOKCwOQQIP4p9z8DasT5r+qjri3x7sPCOq+FTjY8Z+o=", "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "9836912e37aef546029e48c8749834735a6b9dad", "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -382,11 +382,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766369649, "lastModified": 1766225876,
"narHash": "sha256-8Z/4upd/AS7pU72QS3GesaWeTgM4VcrSf85bh9fxum8=", "narHash": "sha256-e7kkh5axo86jc7QRMnWYpHNf9hHbG53xMTzr5v63cjw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "94058abef65a5f2916f4d9da67d9966039366514", "rev": "4ee8ee764ea5cf2fcb44684d04488b8f5e2115b7",
"type": "github" "type": "github"
}, },
"original": { "original": {

24
modules/system/services/nebula/default.nix
View file

@ -9,16 +9,13 @@ let
hostname = config.networking.hostName; hostname = config.networking.hostName;
nodes = lighthouses =
self.nixosConfigurations self.nixosConfigurations
|> lib.filterAttrs (name: _: name != hostname) |> lib.filterAttrs (name: _: name != hostname)
|> lib.attrValues |> lib.attrValues
|> lib.map (value: value.config.custom.services.nebula.node) |> lib.map (value: value.config.custom.services.nebula.node)
|> lib.filter (node: node.enable); |> lib.filter (nebula: nebula.enable)
|> lib.filter (nebula: nebula.isLighthouse);
lighthouses = nodes |> lib.filter (node: node.isLighthouse);
routableNodes = nodes |> lib.filter (node: node.routableAddress != null);
in in
{ {
options.custom.services.nebula.node = { options.custom.services.nebula.node = {
@ -31,15 +28,15 @@ in
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = ""; default = "";
}; };
isLighthouse = lib.mkEnableOption "";
isLighthouse = lib.mkEnableOption "";
routableAddress = lib.mkOption { routableAddress = lib.mkOption {
type = lib.types.nullOr lib.types.nonEmptyStr; type = lib.types.nullOr lib.types.nonEmptyStr;
default = null; default = null;
}; };
routablePort = lib.mkOption { routablePort = lib.mkOption {
type = lib.types.nullOr lib.types.port; type = lib.types.nullOr lib.types.port;
default = if cfg.routableAddress != null then 47141 else null; default = if cfg.isLighthouse then 47141 else null;
}; };
pubPath = lib.mkOption { pubPath = lib.mkOption {
@ -53,12 +50,7 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta.ports.udp = lib.optional (cfg.routablePort != null) cfg.routablePort; meta.ports.udp = lib.optional (cfg.routablePort != 0) cfg.routablePort;
assertions = lib.singleton {
assertion = cfg.isLighthouse -> cfg.routableAddress != null;
message = "'${hostname}' is a Nebula lighthouse, but routableAddress is not set. Lighthouses must be publicly reachable.";
};
sops.secrets."nebula/host-key" = { sops.secrets."nebula/host-key" = {
owner = config.users.users.nebula-main.name; owner = config.users.users.nebula-main.name;
@ -78,9 +70,8 @@ in
lighthouses = lib.mkIf (!cfg.isLighthouse) ( lighthouses = lib.mkIf (!cfg.isLighthouse) (
lighthouses |> lib.map (lighthouse: lighthouse.address) lighthouses |> lib.map (lighthouse: lighthouse.address)
); );
staticHostMap = staticHostMap =
routableNodes lighthouses
|> lib.map (lighthouse: { |> lib.map (lighthouse: {
name = lighthouse.address; name = lighthouse.address;
value = lib.singleton "${lighthouse.routableAddress}:${toString lighthouse.routablePort}"; value = lib.singleton "${lighthouse.routableAddress}:${toString lighthouse.routablePort}";
@ -103,7 +94,6 @@ in
settings = { settings = {
pki.disconnect_invalid = true; pki.disconnect_invalid = true;
cipher = "aes"; cipher = "aes";
logging.level = "warning";
}; };
}; };
}; };