From 3c409bd83ade41e607db863268095cce20f2ad8a Mon Sep 17 00:00:00 2001 From: Ryan Yin Date: Mon, 11 Aug 2025 00:31:55 +0800 Subject: [PATCH] feat: use mainGateway for idols-ai, rename defaultGateway to proxyGateway --- hosts/idols-ai/default.nix | 13 +++--- hosts/idols-aquamarine/default.nix | 23 +++++----- hosts/idols-kana/default.nix | 15 +++--- hosts/idols-ruby/default.nix | 15 +++--- lib/genKubeVirtGuestModule.nix | 16 +++---- lib/genKubeVirtHostModule.nix | 20 ++++---- vars/networking.nix | 73 +++++++++++++++--------------- 7 files changed, 85 insertions(+), 90 deletions(-) diff --git a/hosts/idols-ai/default.nix b/hosts/idols-ai/default.nix index 70e0c347..0caefb5f 100644 --- a/hosts/idols-ai/default.nix +++ b/hosts/idols-ai/default.nix @@ -1,4 +1,4 @@ -{ myvars, ... }: +{myvars, ...}: ############################################################# # # Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use. @@ -7,12 +7,11 @@ let hostName = "ai"; # Define your hostname. - inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; + inherit (myvars.networking) mainGateway mainGateway6 nameservers; inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4 ipv6; ipv4WithMask = "${ipv4}/24"; ipv6WithMask = "${ipv6}/64"; -in -{ +in { imports = [ ./netdev-mount.nix # Include the results of the hardware scan. @@ -36,7 +35,7 @@ in systemd.network.enable = true; systemd.network.networks."10-${iface}" = { - matchConfig.Name = [ iface ]; + matchConfig.Name = [iface]; networkConfig = { Address = [ ipv4WithMask @@ -50,11 +49,11 @@ in routes = [ { Destination = "0.0.0.0/0"; - Gateway = defaultGateway; + Gateway = mainGateway; } { Destination = "::/0"; - Gateway = defaultGateway6; + Gateway = mainGateway6; GatewayOnLink = true; # it's a gateway on local link. } ]; diff --git a/hosts/idols-aquamarine/default.nix b/hosts/idols-aquamarine/default.nix index 70c289d7..38defbd4 100644 --- a/hosts/idols-aquamarine/default.nix +++ b/hosts/idols-aquamarine/default.nix @@ -14,14 +14,15 @@ let hostName = "aquamarine"; # Define your hostname. - inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; + inherit (myvars.networking) proxyGateway proxyGateway6 nameservers; inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4; ipv4WithMask = "${ipv4}/24"; -in -{ - imports = (mylib.scanPaths ./.) ++ [ - disko.nixosModules.default - ]; +in { + imports = + (mylib.scanPaths ./.) + ++ [ + disko.nixosModules.default + ]; # supported file systems, so we can mount any removable disks with these filesystems boot.supportedFilesystems = [ @@ -41,7 +42,7 @@ in zramSwap.memoryPercent = lib.mkForce 100; boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = ["kvm-amd"]; boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu networking = { @@ -56,9 +57,9 @@ in systemd.network.enable = true; systemd.network.networks."10-${iface}" = { - matchConfig.Name = [ iface ]; + matchConfig.Name = [iface]; networkConfig = { - Address = [ ipv4WithMask ]; + Address = [ipv4WithMask]; DNS = nameservers; DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) @@ -67,11 +68,11 @@ in routes = [ { Destination = "0.0.0.0/0"; - Gateway = defaultGateway; + Gateway = proxyGateway; } { Destination = "::/0"; - Gateway = defaultGateway6; + Gateway = proxyGateway6; GatewayOnLink = true; # it's a gateway on local link. } ]; diff --git a/hosts/idols-kana/default.nix b/hosts/idols-kana/default.nix index d5a81a65..179b8855 100644 --- a/hosts/idols-kana/default.nix +++ b/hosts/idols-kana/default.nix @@ -11,11 +11,10 @@ let hostName = "kana"; # Define your hostname. - inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; + inherit (myvars.networking) proxyGateway proxyGateway6 nameservers; inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4; ipv4WithMask = "${ipv4}/24"; -in -{ +in { imports = mylib.scanPaths ./.; # supported file systems, so we can mount any removable disks with these filesystems @@ -30,7 +29,7 @@ in "exfat" ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = ["kvm-amd"]; boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu networking = { @@ -45,9 +44,9 @@ in systemd.network.enable = true; systemd.network.networks."10-${iface}" = { - matchConfig.Name = [ iface ]; + matchConfig.Name = [iface]; networkConfig = { - Address = [ ipv4WithMask ]; + Address = [ipv4WithMask]; DNS = nameservers; DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) @@ -56,11 +55,11 @@ in routes = [ { Destination = "0.0.0.0/0"; - Gateway = defaultGateway; + Gateway = proxyGateway; } { Destination = "::/0"; - Gateway = defaultGateway6; + Gateway = proxyGateway6; GatewayOnLink = true; # it's a gateway on local link. } ]; diff --git a/hosts/idols-ruby/default.nix b/hosts/idols-ruby/default.nix index 0d98fb7e..17ada8a6 100644 --- a/hosts/idols-ruby/default.nix +++ b/hosts/idols-ruby/default.nix @@ -11,11 +11,10 @@ let hostName = "ruby"; # Define your hostname. - inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; + inherit (myvars.networking) proxyGateway proxyGateway6 nameservers; inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4; ipv4WithMask = "${ipv4}/24"; -in -{ +in { imports = mylib.scanPaths ./.; # Enable binfmt emulation of aarch64-linux, this is required for cross compilation. @@ -35,7 +34,7 @@ in "exfat" ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = ["kvm-amd"]; boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu networking = { @@ -50,9 +49,9 @@ in systemd.network.enable = true; systemd.network.networks."10-${iface}" = { - matchConfig.Name = [ iface ]; + matchConfig.Name = [iface]; networkConfig = { - Address = [ ipv4WithMask ]; + Address = [ipv4WithMask]; DNS = nameservers; DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) @@ -61,11 +60,11 @@ in routes = [ { Destination = "0.0.0.0/0"; - Gateway = defaultGateway; + Gateway = proxyGateway; } { Destination = "::/0"; - Gateway = defaultGateway6; + Gateway = proxyGateway6; GatewayOnLink = true; # it's a gateway on local link. } ]; diff --git a/lib/genKubeVirtGuestModule.nix b/lib/genKubeVirtGuestModule.nix index 7189e616..513d704e 100644 --- a/lib/genKubeVirtGuestModule.nix +++ b/lib/genKubeVirtGuestModule.nix @@ -3,13 +3,11 @@ hostName, networking, ... -}: -let - inherit (networking) defaultGateway defaultGateway6 nameservers; +}: let + inherit (networking) proxyGateway proxyGateway6 nameservers; inherit (networking.hostsAddr.${hostName}) iface ipv4; ipv4WithMask = "${ipv4}/24"; -in -{ +in { # supported file systems, so we can mount any removable disks with these filesystems boot.supportedFilesystems = [ "ext4" @@ -31,9 +29,9 @@ in systemd.network.enable = true; systemd.network.networks."10-${iface}" = { - matchConfig.Name = [ iface ]; + matchConfig.Name = [iface]; networkConfig = { - Address = [ ipv4WithMask ]; + Address = [ipv4WithMask]; DNS = nameservers; DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) @@ -42,11 +40,11 @@ in routes = [ { Destination = "0.0.0.0/0"; - Gateway = defaultGateway; + Gateway = proxyGateway; } { Destination = "::/0"; - Gateway = defaultGateway6; + Gateway = proxyGateway6; GatewayOnLink = true; # it's a gateway on local link. } ]; diff --git a/lib/genKubeVirtHostModule.nix b/lib/genKubeVirtHostModule.nix index f17a3e2f..12d622b2 100644 --- a/lib/genKubeVirtHostModule.nix +++ b/lib/genKubeVirtHostModule.nix @@ -3,13 +3,11 @@ hostName, networking, ... -}: -let - inherit (networking) defaultGateway defaultGateway6 nameservers; +}: let + inherit (networking) proxyGateway proxyGateway6 nameservers; inherit (networking.hostsAddr.${hostName}) iface ipv4; ipv4WithMask = "${ipv4}/24"; -in -{ +in { # supported file systems, so we can mount any removable disks with these filesystems boot.supportedFilesystems = [ "ext4" @@ -98,7 +96,7 @@ in ovsbr1 = { # Attach the interfaces to OVS bridge # This interface should not used by the host itself! - interfaces.${iface} = { }; + interfaces.${iface} = {}; }; }; @@ -107,9 +105,9 @@ in # Set the host's address on the OVS bridge interface instead of the physical interface! systemd.network.networks = { "10-ovsbr1" = { - matchConfig.Name = [ "ovsbr1" ]; + matchConfig.Name = ["ovsbr1"]; networkConfig = { - Address = [ ipv4WithMask ]; + Address = [ipv4WithMask]; DNS = nameservers; DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) @@ -118,18 +116,18 @@ in routes = [ { Destination = "0.0.0.0/0"; - Gateway = defaultGateway; + Gateway = proxyGateway; } { Destination = "::/0"; - Gateway = defaultGateway6; + Gateway = proxyGateway6; GatewayOnLink = true; # it's a gateway on local link. } ]; linkConfig.RequiredForOnline = "routable"; }; "20-${iface}" = { - matchConfig.Name = [ iface ]; + matchConfig.Name = [iface]; networkConfig.LinkLocalAddressing = "no"; # tell networkd ignore this interface. # it's managed by openvswitch diff --git a/vars/networking.nix b/vars/networking.nix index f737a204..022fa79f 100644 --- a/vars/networking.nix +++ b/vars/networking.nix @@ -1,11 +1,10 @@ -{ lib }: -rec { +{lib}: rec { mainGateway = "192.168.5.1"; # main router mainGateway6 = "fe80::5"; # main router's link-local address # use suzi as the default gateway # it's a subrouter with a transparent proxy - defaultGateway = "192.168.5.178"; - defaultGateway6 = "fe80::8"; + proxyGateway = "192.168.5.178"; + proxyGateway6 = "fe80::8"; nameservers = [ # IPv4 "119.29.29.29" # DNSPod @@ -152,17 +151,19 @@ rec { }; }; - hostsInterface = lib.attrsets.mapAttrs (key: val: { - interfaces."${val.iface}" = { - useDHCP = false; - ipv4.addresses = [ - { - inherit prefixLength; - address = val.ipv4; - } - ]; - }; - }) hostsAddr; + hostsInterface = + lib.attrsets.mapAttrs (key: val: { + interfaces."${val.iface}" = { + useDHCP = false; + ipv4.addresses = [ + { + inherit prefixLength; + address = val.ipv4; + } + ]; + }; + }) + hostsAddr; ssh = { # define the host alias for remote builders @@ -177,13 +178,14 @@ rec { extraConfig = ( lib.attrsets.foldlAttrs ( acc: host: val: - acc - + '' - Host ${host} - HostName ${val.ipv4} - Port 22 - '' - ) "" hostsAddr + acc + + '' + Host ${host} + HostName ${val.ipv4} + Port 22 + '' + ) "" + hostsAddr ); # this config will be written to /etc/ssh/ssh_known_hosts @@ -195,22 +197,21 @@ rec { # { x = "a"; y = "b"; } # => { x = "bar-a"; y = "bar-b"; } lib.attrsets.mapAttrs - (host: value: { - hostNames = [ host ] ++ (lib.optional (hostsAddr ? host) hostsAddr.${host}.ipv4); - publicKey = value.publicKey; - }) - { - # Define the root user's host key for remote builders, so that nix can verify all the remote builders + (host: value: { + hostNames = [host] ++ (lib.optional (hostsAddr ? host) hostsAddr.${host}.ipv4); + publicKey = value.publicKey; + }) + { + # Define the root user's host key for remote builders, so that nix can verify all the remote builders - aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOXFhFu9Duzp6ZBE288gDZ6VLrNaeWL4kDrFUh9Neic root@aquamarine"; - # ruby.publicKey = ""; - # kana.publicKey = ""; + aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOXFhFu9Duzp6ZBE288gDZ6VLrNaeWL4kDrFUh9Neic root@aquamarine"; + # ruby.publicKey = ""; + # kana.publicKey = ""; - # ==================================== Other SSH Service's Public Key ======================================= + # ==================================== Other SSH Service's Public Key ======================================= - # https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints - "github.com".publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; - }; + # https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints + "github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; + }; }; }