gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(access): network interface config

Browse source
This commit is contained in:
arcnmx 2024-03-23 21:13:01 -07:00
parent ee3834d72a
commit f2fddc1001
42 changed files with 466 additions and 189 deletions
Download patch file Download diff file Expand all files Collapse all files

26
modules/nixos/access.nix
View file

@ -77,6 +77,14 @@ in {
"fe80::/64"
];
};
int = {
v4 = [
"10.9.1.0/24"
];
v6 = [
"fd0c::/64"
];
};
tail = mkIf tailscale.enable {
v4 = [
"100.64.0.0/10"
@ -86,6 +94,24 @@ in {
"fd7a:115c:a1e0:ab12::/64"
];
};
allLan = {
v4 = cfg.cidrForNetwork.loopback.v4
++ cfg.cidrForNetwork.local.v4
++ cfg.cidrForNetwork.int.v4;
v6 = cfg.cidrForNetwork.loopback.v6
++ cfg.cidrForNetwork.local.v6
++ cfg.cidrForNetwork.int.v6;
};
allLocal = {
v4 = mkMerge [
cfg.cidrForNetwork.allLan.v4
(mkIf tailscale.enable cfg.cidrForNetwork.tail.v4)
];
v6 = mkMerge [
cfg.cidrForNetwork.allLan.v6
(mkIf tailscale.enable cfg.cidrForNetwork.tail.v6)
];
};
};
localaddrs = {
nftablesInclude = mkBefore (''

6
modules/nixos/home-assistant.nix
View file

@ -7,7 +7,7 @@
cfg = config.services.home-assistant;
inherit (lib.modules) mkIf mkMerge mkBefore mkDefault mkOptionDefault;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.lists) optional optionals elem unique;
inherit (lib.lists) optional elem unique;
inherit (lib.strings) toLower;
in {
options.services.home-assistant = with lib.types; {
@ -118,9 +118,7 @@ in {
trusted_proxies = let
inherit (config.networking.access) cidrForNetwork;
in
cidrForNetwork.loopback.all
++ cidrForNetwork.local.all
++ optionals config.services.tailscale.enable cidrForNetwork.tail.all
cidrForNetwork.allLocal.all
++ [
"200::/7"
];

7
modules/nixos/network/namespace.nix
View file

@ -9,11 +9,10 @@
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkBefore mkAfter mkDefault mkOptionDefault;
inherit (lib.attrsets) mapAttrs' mapAttrsToList listToAttrs nameValuePair attrValues;
inherit (lib.lists) singleton optional optionals filter concatMap;
inherit (lib.lists) singleton optional filter concatMap;
inherit (lib.strings) concatStringsSep escapeShellArg;
inherit (utils) escapeSystemdExecArg;
inherit (inputs.self.lib.lib) unmerged;
inherit (config.services) tailscale;
inherit (config) networking;
inherit (networking) access;
enabledNamespaces = filter (ns: ns.enable) (attrValues networking.namespaces);
@ -324,8 +323,8 @@
''
];
extraOutput = let
addrs4 = access.cidrForNetwork.local.v4 ++ optionals tailscale.enable access.cidrForNetwork.tail.v4;
addrs6 = access.cidrForNetwork.local.v6 ++ optionals tailscale.enable access.cidrForNetwork.tail.v6;
addrs4 = access.cidrForNetwork.allLocal.v4;
addrs6 = access.cidrForNetwork.allLocal.v6;
daddr4 = ''{ ${concatStringsSep ", " addrs4} }'';
daddr6 = ''{ ${concatStringsSep ", " addrs6} }'';
in

17
modules/nixos/nginx/local.nix
View file

@ -6,7 +6,6 @@
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkBefore mkOptionDefault;
inherit (lib.strings) concatMapStringsSep optionalString;
inherit (lib.lists) optionals;
inherit (config.services) tailscale;
inherit (config.networking.access) cidrForNetwork localaddrs;
mkAddrVar = remoteAddr: varPrefix: ''
@ -29,6 +28,13 @@
if (${remoteAddr} ~ "^fe80::") {
set ${varPrefix}lan 1;
}
set ${varPrefix}int 0;
if (${remoteAddr} ~ "^10\.9\.1\.[0-9]+") {
set ${varPrefix}lan 1;
}
if (${remoteAddr} ~ "^fd0c::") {
set ${varPrefix}int 1;
}
set ${varPrefix}localhost 0;
if (${remoteAddr} = "::1") {
set ${varPrefix}localhost 1;
@ -43,6 +49,9 @@
if (${varPrefix}lan) {
set ${varPrefix}client 1;
}
if (${varPrefix}int) {
set ${varPrefix}client 1;
}
if (${varPrefix}localhost) {
set ${varPrefix}client 1;
}
@ -79,12 +88,8 @@
config = {
extraConfig = let
mkAllow = cidr: "allow ${cidr};";
allowAddresses =
cidrForNetwork.loopback.all
++ cidrForNetwork.local.all
++ optionals tailscale.enable cidrForNetwork.tail.all;
allows =
concatMapStringsSep "\n" mkAllow allowAddresses
concatMapStringsSep "\n" mkAllow cidrForNetwork.allLocal.all
+ optionalString localaddrs.enable ''
include ${localaddrs.stateDir}/*.nginx.conf;
'';

6
modules/nixos/postgres.nix
View file

@ -39,6 +39,9 @@
tailscale = {
allow = mkEnableOption "tailscale TCP connections";
};
int = {
allow = mkEnableOption "internal TCP connections";
};
local = {
allow = mkEnableOption "local TCP connections";
};
@ -55,7 +58,8 @@
in
mkMerge [
(mkIf config.authentication.tailscale.allow cidrForNetwork.tail.all)
(mkIf config.authentication.local.allow (cidrForNetwork.loopback.all ++ cidrForNetwork.local.all))
(mkIf config.authentication.int.allow cidrForNetwork.int.all)
(mkIf config.authentication.local.allow cidrForNetwork.local.all)
];
authentication = mkMerge (map (host: ''
host ${config.authentication.database} ${config.name} ${formatHost host} ${config.authentication.method}

15
modules/system/proxmox/container.nix Normal file
View file

@ -0,0 +1,15 @@
{config, lib, ...}: let
inherit (lib.options) mkOption mkEnableOption;
cfg = config.proxmox.container;
in {
options.proxmox.container = with lib.types; {
enable = mkEnableOption "LXC container";
privileged = mkEnableOption "root";
lxc = {
configJsonFile = mkOption {
type = nullOr path;
default = null;
};
};
};
}

155
modules/system/proxmox/network.nix Normal file
View file

@ -0,0 +1,155 @@
{config, lib, inputs, ...}: let
inherit (inputs.self.lib.lib) unmerged eui64;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkOptionDefault mkOverride;
inherit (lib.attrsets) attrValues;
inherit (lib.lists) elem findSingle;
inherit (lib.strings) hasPrefix removePrefix replaceStrings;
inherit (lib.trivial) toHexString mapNullable;
mkAlmostOptionDefault = mkOverride 1250;
cfg = config.proxmox.network;
internalOffset = 32;
networkInterfaceModule = { config, name, system, ... }: {
options = with lib.types; {
enable = mkEnableOption "network interface" // {
default = true;
};
bridge = mkOption {
type = str;
default = "vmbr0";
};
id = mkOption {
type = str;
default = name;
};
name = mkOption {
type = str;
};
macAddress = mkOption {
type = nullOr str;
default = null;
};
address4 = mkOption {
type = nullOr (either (enum [ "auto" ]) str);
default = null;
};
gateway4 = mkOption {
type = nullOr str;
default = null;
};
address6 = mkOption {
type = nullOr (either (enum [ "auto" "dhcp" ]) str);
default = null;
};
gateway6 = mkOption {
type = nullOr str;
default = null;
};
firewall.enable = mkEnableOption "firewall";
vm.model = mkOption {
type = enum [ "virtio" "e1000" "rtl8139" "vmxnet3" ];
default = "virtio";
};
mdns = {
enable = mkEnableOption "mDNS" // {
default = system.proxmox.node.name == "reisen" && config.id == "net0";
};
};
slaac = {
postfix = mkOption {
type = nullOr str;
};
};
internal = {
enable = mkEnableOption "internal network interface";
};
networkd = {
enable = mkEnableOption "systemd.network" // {
default = true;
};
networkSettings = mkOption {
type = unmerged.types.attrs;
};
};
};
config = let
conf = {
name = mkMerge [
(mkIf (hasPrefix "net" config.id && system.proxmox.container.enable) (mkOptionDefault ("eth" + removePrefix "net" config.id)))
# VMs have names like `ens18` for net0...
];
slaac.postfix = mkOptionDefault (mapNullable eui64 config.macAddress);
gateway4 = mkMerge [
(mkIf (system.proxmox.node.name == "reisen" && config.bridge == "vmbr0" && config.address4 != null && config.address4 != "auto") (mkAlmostOptionDefault "10.1.1.1"))
];
networkd.networkSettings = {
name = mkAlmostOptionDefault config.name;
matchConfig = {
MACAddress = mkIf (config.macAddress != null) (mkOptionDefault config.macAddress);
Type = mkOptionDefault "ether";
};
linkConfig = mkMerge [
(mkIf config.mdns.enable { Multicast = mkOptionDefault true; })
];
networkConfig = mkMerge [
(mkIf (config.address6 == "auto") {
IPv6AcceptRA = true;
})
(mkIf config.mdns.enable {
MulticastDNS = true;
})
];
address = mkMerge [
(mkIf (! elem config.address4 [ null "auto" ]) [ config.address4 ])
(mkIf (! elem config.address6 [ null "auto" "dhcp" ]) [ config.address6 ])
];
gateway = mkMerge [
(mkIf (config.gateway4 != null) [ config.gateway4 ])
(mkIf (config.gateway6 != null) [ config.gateway6 ])
];
DHCP = mkAlmostOptionDefault (
if config.address4 == "auto" && config.address6 == "dhcp" then "yes"
else if config.address6 == "dhcp" then "ipv6"
else if config.address4 == "dhcp" then "ipv4"
else "no"
);
};
};
confInternal = {
name = mkAlmostOptionDefault "eth9";
bridge = mkAlmostOptionDefault "vmbr9";
address4 = mkAlmostOptionDefault "10.9.1.${toString (system.proxmox.vm.id - internalOffset)}/24";
address6 = mkAlmostOptionDefault "fd0c::${toHexString (system.proxmox.vm.id - internalOffset)}/64";
macAddress = mkIf (system.proxmox.network.interfaces.net0.macAddress or null != null && hasPrefix "BC:24:11:" system.proxmox.network.interfaces.net0.macAddress) (mkAlmostOptionDefault (
replaceStrings [ "BC:24:11:" ] [ "BC:24:19:" ] system.proxmox.network.interfaces.net0.macAddress
));
networkd.networkSettings.linkConfig.RequiredForOnline = false;
};
in mkMerge [
conf
(mkIf config.internal.enable confInternal)
];
};
in {
options.proxmox.network = with lib.types; {
interfaces = mkOption {
type = attrsOf (submoduleWith {
modules = [ networkInterfaceModule ];
specialArgs = {
system = config;
};
});
default = { };
};
internal = {
interface = mkOption {
type = nullOr unspecified;
};
};
};
config.proxmox.network = {
internal = {
interface = mkOptionDefault (findSingle (interface: interface.internal.enable) null (throw "expected only one internal network interface") (attrValues cfg.interfaces));
};
};
}

22
modules/system/proxmox/vm.nix Normal file
View file

@ -0,0 +1,22 @@
{config, lib, ...}: let
inherit (lib.options) mkOption mkEnableOption;
cfg = config.proxmox;
in {
options.proxmox = with lib.types; {
enabled = mkOption {
type = bool;
default = cfg.vm.enable || cfg.container.enable;
readOnly = true;
};
vm = {
enable = mkEnableOption "QEMU VM";
id = mkOption {
type = int;
};
};
node.name = mkOption {
type = str;
default = "reisen";
};
};
}

8
nixos/access/ldap.nix
View file

@ -7,8 +7,6 @@ let
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge;
inherit (lib.strings) concatMapStringsSep optionalString;
inherit (lib.lists) optionals;
inherit (config.services) tailscale;
inherit (config.services.nginx) virtualHosts;
inherit (config.networking.access) cidrForNetwork localaddrs;
access = config.services.nginx.access.ldap;
@ -16,11 +14,7 @@ let
portSsl = 636;
allows = let
mkAllow = cidr: "allow ${cidr};";
allowAddresses =
cidrForNetwork.loopback.all
++ cidrForNetwork.local.all
++ optionals tailscale.enable cidrForNetwork.tail.all;
allows = concatMapStringsSep "\n" mkAllow allowAddresses + optionalString localaddrs.enable ''
allows = concatMapStringsSep "\n" mkAllow cidrForNetwork.allLocal.all + optionalString localaddrs.enable ''
include ${localaddrs.stateDir}/*.nginx.conf;
'';
in ''

6
nixos/kyuuto/opl.nix
View file

@ -42,10 +42,6 @@ in {
};
shares.opl = let
inherit (config.networking.access) cidrForNetwork;
localAddrs =
cidrForNetwork.loopback.all
++ cidrForNetwork.local.all
++ lib.optionals config.services.tailscale.enable cidrForNetwork.tail.all;
in
mkIf cfg.enable {
comment = "Kyuuto Media OPL";
@ -58,7 +54,7 @@ in {
"@kyuuto-peeps"
];
"strict sync" = false;
"hosts allow" = localAddrs;
"hosts allow" = cidrForNetwork.allLocal.all;
};
};
services.tmpfiles = let

9
nixos/kyuuto/samba.nix
View file

@ -4,14 +4,9 @@
...
}: let
inherit (lib.modules) mkIf mkMerge mkDefault;
inherit (lib.lists) optionals;
inherit (config.networking.access) cidrForNetwork;
inherit (config) kyuuto;
cfg = config.services.samba;
localAddrs =
cidrForNetwork.loopback.all
++ cidrForNetwork.local.all
++ optionals config.services.tailscale.enable cidrForNetwork.tail.all;
guestUsers = mkIf cfg.guest.enable [cfg.guest.user];
kyuuto-media = {
"create mask" = "0664";
@ -41,7 +36,7 @@ in {
["@peeps"]
];
#"guest only" = true;
"hosts allow" = localAddrs;
"hosts allow" = cidrForNetwork.allLocal.all;
"acl group control" = true;
"create mask" = "0664";
"force directory mode" = "3000";
@ -61,7 +56,7 @@ in {
];
"read list" = guestUsers;
"write list" = ["@kyuuto-peeps"];
"hosts allow" = localAddrs;
"hosts allow" = cidrForNetwork.allLocal.all;
}
];
kyuuto-library-net = mkMerge [

6
nixos/nfs.nix
View file

@ -23,9 +23,7 @@ in {
mountdPort = mkDefault 4002;
};
export = {
flagSets = let
localAddrs = cidrForNetwork.loopback.all ++ cidrForNetwork.local.all;
in {
flagSets = {
common = [
"no_subtree_check"
"anonuid=${toString config.users.users.guest.uid}"
@ -57,7 +55,7 @@ in {
"@trusted"
];
tailClients = optionals config.services.tailscale.enable cidrForNetwork.tail.all;
localClients = localAddrs ++ flagSets.tailClients;
localClients = cidrForNetwork.allLan.all ++ flagSets.tailClients;
allClients = flagSets.clientGroups ++ flagSets.trustedClients ++ flagSets.localClients;
};
root = {

48
nixos/reisen-ct/internal.nix
View file

@ -1,48 +0,0 @@
{
config,
lib,
...
}: let
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkDefault mkOptionDefault;
inherit (lib.trivial) toHexString;
cfg = config.access.internal;
offset = 32;
in {
options.access = with lib.types; {
internal = {
enable = mkEnableOption "eth9";
macAddress = mkOption {
type = nullOr str;
default = null;
};
vmid = mkOption {
type = int;
};
address4 = mkOption {
type = str;
};
address6 = mkOption {
type = str;
};
};
};
config.access.internal = {
address4 = mkOptionDefault "10.9.1.${toString (cfg.vmid - offset)}";
address6 = mkOptionDefault "fd0c::${toHexString (cfg.vmid - offset)}";
};
config.systemd.network.networks.eth9 = mkIf cfg.enable {
mdns.enable = false;
name = mkDefault "eth9";
matchConfig = {
MACAddress = mkIf (cfg.macAddress != null) (mkOptionDefault cfg.macAddress);
Type = mkOptionDefault "ether";
};
linkConfig.RequiredForOnline = mkOptionDefault false;
address = mkMerge [
["${cfg.address4}/24"]
(mkIf config.networking.enableIPv6 [ "${cfg.address6}/64" ])
];
DHCP = "no";
};
}

21
nixos/reisen-ct/proxmox.nix
View file

@ -1,9 +1,14 @@
{
lib,
inputs,
modulesPath,
system,
...
}: let
inherit (lib.modules) mkDefault;
inherit (inputs.self.lib.lib) unmerged;
inherit (lib.modules) mkIf mkMerge mkDefault;
inherit (lib.attrsets) mapAttrsToList;
inherit (system) proxmox;
in {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
@ -16,4 +21,18 @@ in {
# nix default is way too big
GC_INITIAL_HEAP_SIZE = mkDefault "8M";
};
proxmoxLXC.privileged = mkIf (proxmox.container.enable && proxmox.container.privileged) true;
systemd.network = mkIf proxmox.enabled (mkMerge (mapAttrsToList (_: interface: mkIf (interface.enable && interface.networkd.enable) {
networks.${interface.name} = unmerged.mergeAttrs interface.networkd.networkSettings;
}) proxmox.network.interfaces));
networking.firewall.interfaces.int = let
inherit (proxmox.network.internal) interface;
in mkIf (interface != null) {
nftables.conditions = [
"iifname ${interface.name}"
];
};
}

3
systems/aya/default.nix
View file

@ -1,4 +1,7 @@
_: {
imports = [
./proxmox.nix
];
arch = "x86_64";
type = "NixOS";
modules = [

20
systems/aya/nixos.nix
View file

@ -31,26 +31,6 @@
};
interfaces.eth1 = {};
};
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:C4:66:A9";
Type = "ether";
};
address = ["10.1.1.47/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
systemd.network.networks.eth1 = {
name = "eth1";
matchConfig = {
MACAddress = "BC:24:11:C4:66:AA";
Type = "ether";
};
DHCP = "no";
slaac.enable = false;
mdns.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;

20
systems/aya/proxmox.nix Normal file
View file

@ -0,0 +1,20 @@
_: {
proxmox = {
vm.id = 105;
container = {
enable = true;
lxc.configJsonFile = ./lxc.json;
};
network.interfaces = {
net0 = {
macAddress = "BC:24:11:C4:66:A9";
address4 = "10.1.1.47/24";
address6 = "auto";
};
net1 = {
macAddress = "BC:24:11:C4:66:AA";
networkd.networkSettings.linkConfig.RequiredForOnline = false;
};
};
};
}

15
systems/freeipa/default.nix Normal file
View file

@ -0,0 +1,15 @@
_: {
type = null;
proxmox = {
vm = {
id = 202;
enable = true;
};
network.interfaces = {
net0 = {
name = "ens18";
macAddress = "BC:24:11:3D:39:91";
};
};
};
}

11
systems/freepbx/default.nix
View file

@ -1,3 +1,14 @@
_: {
type = null;
proxmox = {
vm = {
id = 203;
enable = true;
};
network.interfaces = {
net0 = {
macAddress = "BC:24:11:33:19:04";
};
};
};
}

3
systems/hakurei/default.nix
View file

@ -1,4 +1,7 @@
_: {
imports = [
./proxmox.nix
];
arch = "x86_64";
type = "NixOS";
modules = [

11
systems/hakurei/nixos.nix
View file

@ -292,17 +292,6 @@ in {
services.samba.openFirewall = true;
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:C4:66:A7";
Type = "ether";
};
address = ["10.1.1.41/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
sops.defaultSopsFile = ./secrets.yaml;
system.stateVersion = "23.11";

16
systems/hakurei/proxmox.nix Normal file
View file

@ -0,0 +1,16 @@
_: {
proxmox = {
vm.id = 103;
container = {
enable = true;
lxc.configJsonFile = ./lxc.json;
};
network.interfaces = {
net0 = {
macAddress = "BC:24:11:C4:66:A7";
address4 = "10.1.1.41/24";
address6 = "auto";
};
};
};
}

3
systems/keycloak/default.nix
View file

@ -1,4 +1,7 @@
_: {
imports = [
./proxmox.nix
];
arch = "x86_64";
type = "NixOS";
modules = [

11
systems/keycloak/nixos.nix
View file

@ -38,16 +38,5 @@
sops.defaultSopsFile = ./secrets.yaml;
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:C4:66:AC";
Type = "ether";
};
address = ["10.1.1.48/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
system.stateVersion = "23.11";
}

16
systems/keycloak/proxmox.nix Normal file
View file

@ -0,0 +1,16 @@
_: {
proxmox = {
vm.id = 107;
container = {
enable = true;
lxc.configJsonFile = ./lxc.json;
};
network.interfaces = {
net0 = {
macAddress = "BC:24:11:C4:66:AC";
address4 = "10.1.1.48/24";
address6 = "auto";
};
};
};
}

15
systems/kuwubernetes/default.nix
View file

@ -4,4 +4,19 @@ _: {
modules = [
./nixos.nix
];
proxmox = {
vm = {
id = 201;
enable = true;
};
network.interfaces = {
net0 = {
mdns.enable = false;
name = "ens18";
macAddress = "BC:24:11:49:FE:DC";
address4 = "10.1.1.42/24";
address6 = "auto";
};
};
};
}

3
systems/litterbox/default.nix
View file

@ -1,4 +1,7 @@
_: {
imports = [
./proxmox.nix
];
arch = "x86_64";
type = "NixOS";
modules = [

9
systems/litterbox/nixos.nix
View file

@ -11,14 +11,5 @@
sops.defaultSopsFile = ./secrets.yaml;
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:C4:66:AB";
Type = "ether";
};
DHCP = "yes";
};
system.stateVersion = "23.11";
}

17
systems/litterbox/proxmox.nix Normal file
View file

@ -0,0 +1,17 @@
_: {
proxmox = {
vm.id = 106;
container = {
enable = true;
lxc.configJsonFile = ./lxc.json;
};
network.interfaces = {
net0 = {
mdns.enable = true;
macAddress = "BC:24:11:C4:66:AB";
address4 = "auto";
address6 = "auto";
};
};
};
}

3
systems/mediabox/default.nix
View file

@ -1,4 +1,7 @@
_: {
imports = [
./proxmox.nix
];
arch = "x86_64";
type = "NixOS";
modules = [

16
systems/mediabox/nixos.nix
View file

@ -106,22 +106,6 @@ in {
unitConfig.RequiresMountsFor = mapAttrsToList (path: _: path) plexLibrary;
};
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:34:F4:A8";
Type = "ether";
};
address = ["10.1.1.44/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
access.internal = {
enable = true;
macAddress = "BC:24:19:34:F4:A8";
vmid = 102;
};
sops.defaultSopsFile = ./secrets.yaml;
system.stateVersion = "21.05";

17
systems/mediabox/proxmox.nix Normal file
View file

@ -0,0 +1,17 @@
_: {
proxmox = {
vm.id = 102;
container = {
enable = true;
lxc.configJsonFile = ./lxc.json;
};
network.interfaces = {
net0 = {
macAddress = "BC:24:11:34:F4:A8";
address4 = "10.1.1.44/24";
address6 = "auto";
};
net1.internal.enable = true;
};
};
}

3
systems/reimu/default.nix
View file

@ -1,4 +1,7 @@
_: {
imports = [
./proxmox.nix
];
arch = "x86_64";
type = "NixOS";
modules = [

13
systems/reimu/nixos.nix
View file

@ -19,19 +19,6 @@
beatsaber.enable = false;
};
proxmoxLXC.privileged = true;
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:C4:66:A8";
Type = "ether";
};
address = ["10.1.1.45/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
sops.defaultSopsFile = ./secrets.yaml;
system.stateVersion = "23.11";

17
systems/reimu/proxmox.nix Normal file
View file

@ -0,0 +1,17 @@
_: {
proxmox = {
vm.id = 104;
container = {
enable = true;
privileged = true;
lxc.configJsonFile = ./lxc.json;
};
network.interfaces = {
net0 = {
macAddress = "BC:24:11:C4:66:A8";
address4 = "10.1.1.45/24";
address6 = "auto";
};
};
};
}

3
systems/tei/default.nix
View file

@ -1,4 +1,7 @@
_: {
imports = [
./proxmox.nix
];
arch = "x86_64";
type = "NixOS";
modules = [

11
systems/tei/nixos.nix
View file

@ -51,16 +51,5 @@ in {
];
};
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:CC:66:57";
Type = "ether";
};
address = ["10.1.1.39/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
system.stateVersion = "23.11";
}

16
systems/tei/proxmox.nix Normal file
View file

@ -0,0 +1,16 @@
_: {
proxmox = {
vm.id = 101;
container = {
enable = true;
lxc.configJsonFile = ./lxc.json;
};
network.interfaces = {
net0 = {
macAddress = "BC:24:11:CC:66:57";
address4 = "10.1.1.39/24";
address6 = "auto";
};
};
};
}

3
systems/utsuho/default.nix
View file

@ -1,4 +1,7 @@
_: {
imports = [
./proxmox.nix
];
arch = "x86_64";
type = "NixOS";
modules = [

11
systems/utsuho/nixos.nix
View file

@ -43,16 +43,5 @@ in {
sops.defaultSopsFile = ./secrets.yaml;
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:C4:66:A6";
Type = "ether";
};
address = ["10.1.1.38/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
system.stateVersion = "23.11";
}

16
systems/utsuho/proxmox.nix Normal file
View file

@ -0,0 +1,16 @@
_: {
proxmox = {
vm.id = 108;
container = {
enable = true;
lxc.configJsonFile = ./lxc.json;
};
network.interfaces = {
net0 = {
macAddress = "BC:24:11:C4:66:A6";
address4 = "10.1.1.38/24";
address6 = "auto";
};
};
};
}

1
tree.nix
View file

@ -60,6 +60,7 @@
"modules/nixos/steam".functor.enable = true;
"modules/meta".functor.enable = true;
"modules/system".functor.enable = true;
"modules/system/proxmox".functor.enable = true;
"modules/home".functor.enable = true;
"modules/type".functor.enable = true;
"nixos/*".functor = {