starred/nix-config-ryan4yin
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-01-11 14:20:23 +01:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: use mainGateway for idols-ai, rename defaultGateway to proxyGateway

Browse Source
This commit is contained in:
Ryan Yin
2025-08-11 00:31:55 +08:00
parent 01448b6e0e
commit 3c409bd83a
7 changed files with 85 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/idols-ai/default.nix
View File

@@ -1,4 +1,4 @@
{ myvars, ... }:
{myvars, ...}:
#############################################################
#
# Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
@@ -7,12 +7,11 @@
let
hostName = "ai"; # Define your hostname.
inherit (myvars.networking) defaultGateway defaultGateway6 nameservers;
inherit (myvars.networking) mainGateway mainGateway6 nameservers;
inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4 ipv6;
ipv4WithMask = "${ipv4}/24";
ipv6WithMask = "${ipv6}/64";
in
{
in {
imports = [
./netdev-mount.nix
# Include the results of the hardware scan.
@@ -36,7 +35,7 @@ in
systemd.network.enable = true;
systemd.network.networks."10-${iface}" = {
matchConfig.Name = [ iface ];
matchConfig.Name = [iface];
networkConfig = {
Address = [
ipv4WithMask
@@ -50,11 +49,11 @@ in
routes = [
{
Destination = "0.0.0.0/0";
Gateway = defaultGateway;
Gateway = mainGateway;
}
{
Destination = "::/0";
Gateway = defaultGateway6;
Gateway = mainGateway6;
GatewayOnLink = true; # it's a gateway on local link.
}
];

23
hosts/idols-aquamarine/default.nix
View File

@@ -14,14 +14,15 @@
let
hostName = "aquamarine"; # Define your hostname.
inherit (myvars.networking) defaultGateway defaultGateway6 nameservers;
inherit (myvars.networking) proxyGateway proxyGateway6 nameservers;
inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4;
ipv4WithMask = "${ipv4}/24";
in
{
imports = (mylib.scanPaths ./.) ++ [
disko.nixosModules.default
];
in {
imports =
(mylib.scanPaths ./.)
++ [
disko.nixosModules.default
];
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
@@ -41,7 +42,7 @@ in
zramSwap.memoryPercent = lib.mkForce 100;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelModules = [ "kvm-amd" ];
boot.kernelModules = ["kvm-amd"];
boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
networking = {
@@ -56,9 +57,9 @@ in
systemd.network.enable = true;
systemd.network.networks."10-${iface}" = {
matchConfig.Name = [ iface ];
matchConfig.Name = [iface];
networkConfig = {
Address = [ ipv4WithMask ];
Address = [ipv4WithMask];
DNS = nameservers;
DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
@@ -67,11 +68,11 @@ in
routes = [
{
Destination = "0.0.0.0/0";
Gateway = defaultGateway;
Gateway = proxyGateway;
}
{
Destination = "::/0";
Gateway = defaultGateway6;
Gateway = proxyGateway6;
GatewayOnLink = true; # it's a gateway on local link.
}
];

15
hosts/idols-kana/default.nix
View File

@@ -11,11 +11,10 @@
let
hostName = "kana"; # Define your hostname.
inherit (myvars.networking) defaultGateway defaultGateway6 nameservers;
inherit (myvars.networking) proxyGateway proxyGateway6 nameservers;
inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4;
ipv4WithMask = "${ipv4}/24";
in
{
in {
imports = mylib.scanPaths ./.;
# supported file systems, so we can mount any removable disks with these filesystems
@@ -30,7 +29,7 @@ in
"exfat"
];
boot.kernelModules = [ "kvm-amd" ];
boot.kernelModules = ["kvm-amd"];
boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
networking = {
@@ -45,9 +44,9 @@ in
systemd.network.enable = true;
systemd.network.networks."10-${iface}" = {
matchConfig.Name = [ iface ];
matchConfig.Name = [iface];
networkConfig = {
Address = [ ipv4WithMask ];
Address = [ipv4WithMask];
DNS = nameservers;
DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
@@ -56,11 +55,11 @@ in
routes = [
{
Destination = "0.0.0.0/0";
Gateway = defaultGateway;
Gateway = proxyGateway;
}
{
Destination = "::/0";
Gateway = defaultGateway6;
Gateway = proxyGateway6;
GatewayOnLink = true; # it's a gateway on local link.
}
];

15
hosts/idols-ruby/default.nix
View File

@@ -11,11 +11,10 @@
let
hostName = "ruby"; # Define your hostname.
inherit (myvars.networking) defaultGateway defaultGateway6 nameservers;
inherit (myvars.networking) proxyGateway proxyGateway6 nameservers;
inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4;
ipv4WithMask = "${ipv4}/24";
in
{
in {
imports = mylib.scanPaths ./.;
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
@@ -35,7 +34,7 @@ in
"exfat"
];
boot.kernelModules = [ "kvm-amd" ];
boot.kernelModules = ["kvm-amd"];
boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
networking = {
@@ -50,9 +49,9 @@ in
systemd.network.enable = true;
systemd.network.networks."10-${iface}" = {
matchConfig.Name = [ iface ];
matchConfig.Name = [iface];
networkConfig = {
Address = [ ipv4WithMask ];
Address = [ipv4WithMask];
DNS = nameservers;
DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
@@ -61,11 +60,11 @@ in
routes = [
{
Destination = "0.0.0.0/0";
Gateway = defaultGateway;
Gateway = proxyGateway;
}
{
Destination = "::/0";
Gateway = defaultGateway6;
Gateway = proxyGateway6;
GatewayOnLink = true; # it's a gateway on local link.
}
];

16
lib/genKubeVirtGuestModule.nix
View File

@@ -3,13 +3,11 @@
hostName,
networking,
...
}:
let
inherit (networking) defaultGateway defaultGateway6 nameservers;
}: let
inherit (networking) proxyGateway proxyGateway6 nameservers;
inherit (networking.hostsAddr.${hostName}) iface ipv4;
ipv4WithMask = "${ipv4}/24";
in
{
in {
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
"ext4"
@@ -31,9 +29,9 @@ in
systemd.network.enable = true;
systemd.network.networks."10-${iface}" = {
matchConfig.Name = [ iface ];
matchConfig.Name = [iface];
networkConfig = {
Address = [ ipv4WithMask ];
Address = [ipv4WithMask];
DNS = nameservers;
DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
@@ -42,11 +40,11 @@ in
routes = [
{
Destination = "0.0.0.0/0";
Gateway = defaultGateway;
Gateway = proxyGateway;
}
{
Destination = "::/0";
Gateway = defaultGateway6;
Gateway = proxyGateway6;
GatewayOnLink = true; # it's a gateway on local link.
}
];

20
lib/genKubeVirtHostModule.nix
View File

@@ -3,13 +3,11 @@
hostName,
networking,
...
}:
let
inherit (networking) defaultGateway defaultGateway6 nameservers;
}: let
inherit (networking) proxyGateway proxyGateway6 nameservers;
inherit (networking.hostsAddr.${hostName}) iface ipv4;
ipv4WithMask = "${ipv4}/24";
in
{
in {
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
"ext4"
@@ -98,7 +96,7 @@ in
ovsbr1 = {
# Attach the interfaces to OVS bridge
# This interface should not used by the host itself!
interfaces.${iface} = { };
interfaces.${iface} = {};
};
};
@@ -107,9 +105,9 @@ in
# Set the host's address on the OVS bridge interface instead of the physical interface!
systemd.network.networks = {
"10-ovsbr1" = {
matchConfig.Name = [ "ovsbr1" ];
matchConfig.Name = ["ovsbr1"];
networkConfig = {
Address = [ ipv4WithMask ];
Address = [ipv4WithMask];
DNS = nameservers;
DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
@@ -118,18 +116,18 @@ in
routes = [
{
Destination = "0.0.0.0/0";
Gateway = defaultGateway;
Gateway = proxyGateway;
}
{
Destination = "::/0";
Gateway = defaultGateway6;
Gateway = proxyGateway6;
GatewayOnLink = true; # it's a gateway on local link.
}
];
linkConfig.RequiredForOnline = "routable";
};
"20-${iface}" = {
matchConfig.Name = [ iface ];
matchConfig.Name = [iface];
networkConfig.LinkLocalAddressing = "no";
# tell networkd ignore this interface.
# it's managed by openvswitch

73
vars/networking.nix
View File

@@ -1,11 +1,10 @@
{ lib }:
rec {
{lib}: rec {
mainGateway = "192.168.5.1"; # main router
mainGateway6 = "fe80::5"; # main router's link-local address
# use suzi as the default gateway
# it's a subrouter with a transparent proxy
defaultGateway = "192.168.5.178";
defaultGateway6 = "fe80::8";
proxyGateway = "192.168.5.178";
proxyGateway6 = "fe80::8";
nameservers = [
# IPv4
"119.29.29.29" # DNSPod
@@ -152,17 +151,19 @@ rec {
};
};
hostsInterface = lib.attrsets.mapAttrs (key: val: {
interfaces."${val.iface}" = {
useDHCP = false;
ipv4.addresses = [
{
inherit prefixLength;
address = val.ipv4;
}
];
};
}) hostsAddr;
hostsInterface =
lib.attrsets.mapAttrs (key: val: {
interfaces."${val.iface}" = {
useDHCP = false;
ipv4.addresses = [
{
inherit prefixLength;
address = val.ipv4;
}
];
};
})
hostsAddr;
ssh = {
# define the host alias for remote builders
@@ -177,13 +178,14 @@ rec {
extraConfig = (
lib.attrsets.foldlAttrs (
acc: host: val:
acc
+ ''
Host ${host}
HostName ${val.ipv4}
Port 22
''
) "" hostsAddr
acc
+ ''
Host ${host}
HostName ${val.ipv4}
Port 22
''
) ""
hostsAddr
);
# this config will be written to /etc/ssh/ssh_known_hosts
@@ -195,22 +197,21 @@ rec {
# { x = "a"; y = "b"; }
# => { x = "bar-a"; y = "bar-b"; }
lib.attrsets.mapAttrs
(host: value: {
hostNames = [ host ] ++ (lib.optional (hostsAddr ? host) hostsAddr.${host}.ipv4);
publicKey = value.publicKey;
})
{
# Define the root user's host key for remote builders, so that nix can verify all the remote builders
(host: value: {
hostNames = [host] ++ (lib.optional (hostsAddr ? host) hostsAddr.${host}.ipv4);
publicKey = value.publicKey;
})
{
# Define the root user's host key for remote builders, so that nix can verify all the remote builders
aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOXFhFu9Duzp6ZBE288gDZ6VLrNaeWL4kDrFUh9Neic root@aquamarine";
# ruby.publicKey = "";
# kana.publicKey = "";
aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOXFhFu9Duzp6ZBE288gDZ6VLrNaeWL4kDrFUh9Neic root@aquamarine";
# ruby.publicKey = "";
# kana.publicKey = "";
# ==================================== Other SSH Service's Public Key =======================================
# ==================================== Other SSH Service's Public Key =======================================
# https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
"github.com".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
};
# https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
"github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
};
};
}