starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-04-24 01:38:28 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: use mainGateway for idols-ai, rename defaultGateway to proxyGateway

Browse Source
This commit is contained in:
Ryan Yin
2025-08-11 00:31:55 +08:00
parent 01448b6e0e
commit 3c409bd83a
7 changed files with 85 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/idols-ai/default.nix
View File

@@ -1,4 +1,4 @@
{ myvars, ... }: {myvars, ...}:
############################################################# #############################################################
# #
# Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use. # Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
@@ -7,12 +7,11 @@
let let
hostName = "ai"; # Define your hostname. hostName = "ai"; # Define your hostname.
inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; inherit (myvars.networking) mainGateway mainGateway6 nameservers;
inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4 ipv6; inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4 ipv6;
ipv4WithMask = "${ipv4}/24"; ipv4WithMask = "${ipv4}/24";
ipv6WithMask = "${ipv6}/64"; ipv6WithMask = "${ipv6}/64";
in in {
{
imports = [ imports = [
./netdev-mount.nix ./netdev-mount.nix
# Include the results of the hardware scan. # Include the results of the hardware scan.
@@ -36,7 +35,7 @@ in
systemd.network.enable = true; systemd.network.enable = true;
systemd.network.networks."10-${iface}" = { systemd.network.networks."10-${iface}" = {
matchConfig.Name = [ iface ]; matchConfig.Name = [iface];
networkConfig = { networkConfig = {
Address = [ Address = [
ipv4WithMask ipv4WithMask
@@ -50,11 +49,11 @@ in
routes = [ routes = [
{ {
Destination = "0.0.0.0/0"; Destination = "0.0.0.0/0";
Gateway = defaultGateway; Gateway = mainGateway;
} }
{ {
Destination = "::/0"; Destination = "::/0";
Gateway = defaultGateway6; Gateway = mainGateway6;
GatewayOnLink = true; # it's a gateway on local link. GatewayOnLink = true; # it's a gateway on local link.
} }
]; ];

23
hosts/idols-aquamarine/default.nix
View File

@@ -14,14 +14,15 @@
let let
hostName = "aquamarine"; # Define your hostname. hostName = "aquamarine"; # Define your hostname.
inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; inherit (myvars.networking) proxyGateway proxyGateway6 nameservers;
inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4; inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4;
ipv4WithMask = "${ipv4}/24"; ipv4WithMask = "${ipv4}/24";
in in {
{ imports =
imports = (mylib.scanPaths ./.) ++ [ (mylib.scanPaths ./.)
disko.nixosModules.default ++ [
]; disko.nixosModules.default
];
# supported file systems, so we can mount any removable disks with these filesystems # supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [ boot.supportedFilesystems = [
@@ -41,7 +42,7 @@ in
zramSwap.memoryPercent = lib.mkForce 100; zramSwap.memoryPercent = lib.mkForce 100;
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
networking = { networking = {
@@ -56,9 +57,9 @@ in
systemd.network.enable = true; systemd.network.enable = true;
systemd.network.networks."10-${iface}" = { systemd.network.networks."10-${iface}" = {
matchConfig.Name = [ iface ]; matchConfig.Name = [iface];
networkConfig = { networkConfig = {
Address = [ ipv4WithMask ]; Address = [ipv4WithMask];
DNS = nameservers; DNS = nameservers;
DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
@@ -67,11 +68,11 @@ in
routes = [ routes = [
{ {
Destination = "0.0.0.0/0"; Destination = "0.0.0.0/0";
Gateway = defaultGateway; Gateway = proxyGateway;
} }
{ {
Destination = "::/0"; Destination = "::/0";
Gateway = defaultGateway6; Gateway = proxyGateway6;
GatewayOnLink = true; # it's a gateway on local link. GatewayOnLink = true; # it's a gateway on local link.
} }
]; ];

15
hosts/idols-kana/default.nix
View File

@@ -11,11 +11,10 @@
let let
hostName = "kana"; # Define your hostname. hostName = "kana"; # Define your hostname.
inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; inherit (myvars.networking) proxyGateway proxyGateway6 nameservers;
inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4; inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4;
ipv4WithMask = "${ipv4}/24"; ipv4WithMask = "${ipv4}/24";
in in {
{
imports = mylib.scanPaths ./.; imports = mylib.scanPaths ./.;
# supported file systems, so we can mount any removable disks with these filesystems # supported file systems, so we can mount any removable disks with these filesystems
@@ -30,7 +29,7 @@ in
"exfat" "exfat"
]; ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
networking = { networking = {
@@ -45,9 +44,9 @@ in
systemd.network.enable = true; systemd.network.enable = true;
systemd.network.networks."10-${iface}" = { systemd.network.networks."10-${iface}" = {
matchConfig.Name = [ iface ]; matchConfig.Name = [iface];
networkConfig = { networkConfig = {
Address = [ ipv4WithMask ]; Address = [ipv4WithMask];
DNS = nameservers; DNS = nameservers;
DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
@@ -56,11 +55,11 @@ in
routes = [ routes = [
{ {
Destination = "0.0.0.0/0"; Destination = "0.0.0.0/0";
Gateway = defaultGateway; Gateway = proxyGateway;
} }
{ {
Destination = "::/0"; Destination = "::/0";
Gateway = defaultGateway6; Gateway = proxyGateway6;
GatewayOnLink = true; # it's a gateway on local link. GatewayOnLink = true; # it's a gateway on local link.
} }
]; ];

15
hosts/idols-ruby/default.nix
View File

@@ -11,11 +11,10 @@
let let
hostName = "ruby"; # Define your hostname. hostName = "ruby"; # Define your hostname.
inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; inherit (myvars.networking) proxyGateway proxyGateway6 nameservers;
inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4; inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4;
ipv4WithMask = "${ipv4}/24"; ipv4WithMask = "${ipv4}/24";
in in {
{
imports = mylib.scanPaths ./.; imports = mylib.scanPaths ./.;
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation. # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
@@ -35,7 +34,7 @@ in
"exfat" "exfat"
]; ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
networking = { networking = {
@@ -50,9 +49,9 @@ in
systemd.network.enable = true; systemd.network.enable = true;
systemd.network.networks."10-${iface}" = { systemd.network.networks."10-${iface}" = {
matchConfig.Name = [ iface ]; matchConfig.Name = [iface];
networkConfig = { networkConfig = {
Address = [ ipv4WithMask ]; Address = [ipv4WithMask];
DNS = nameservers; DNS = nameservers;
DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
@@ -61,11 +60,11 @@ in
routes = [ routes = [
{ {
Destination = "0.0.0.0/0"; Destination = "0.0.0.0/0";
Gateway = defaultGateway; Gateway = proxyGateway;
} }
{ {
Destination = "::/0"; Destination = "::/0";
Gateway = defaultGateway6; Gateway = proxyGateway6;
GatewayOnLink = true; # it's a gateway on local link. GatewayOnLink = true; # it's a gateway on local link.
} }
]; ];

16
lib/genKubeVirtGuestModule.nix
View File

@@ -3,13 +3,11 @@
hostName, hostName,
networking, networking,
... ...
}: }: let
let inherit (networking) proxyGateway proxyGateway6 nameservers;
inherit (networking) defaultGateway defaultGateway6 nameservers;
inherit (networking.hostsAddr.${hostName}) iface ipv4; inherit (networking.hostsAddr.${hostName}) iface ipv4;
ipv4WithMask = "${ipv4}/24"; ipv4WithMask = "${ipv4}/24";
in in {
{
# supported file systems, so we can mount any removable disks with these filesystems # supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [ boot.supportedFilesystems = [
"ext4" "ext4"
@@ -31,9 +29,9 @@ in
systemd.network.enable = true; systemd.network.enable = true;
systemd.network.networks."10-${iface}" = { systemd.network.networks."10-${iface}" = {
matchConfig.Name = [ iface ]; matchConfig.Name = [iface];
networkConfig = { networkConfig = {
Address = [ ipv4WithMask ]; Address = [ipv4WithMask];
DNS = nameservers; DNS = nameservers;
DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
@@ -42,11 +40,11 @@ in
routes = [ routes = [
{ {
Destination = "0.0.0.0/0"; Destination = "0.0.0.0/0";
Gateway = defaultGateway; Gateway = proxyGateway;
} }
{ {
Destination = "::/0"; Destination = "::/0";
Gateway = defaultGateway6; Gateway = proxyGateway6;
GatewayOnLink = true; # it's a gateway on local link. GatewayOnLink = true; # it's a gateway on local link.
} }
]; ];

20
lib/genKubeVirtHostModule.nix
View File

@@ -3,13 +3,11 @@
hostName, hostName,
networking, networking,
... ...
}: }: let
let inherit (networking) proxyGateway proxyGateway6 nameservers;
inherit (networking) defaultGateway defaultGateway6 nameservers;
inherit (networking.hostsAddr.${hostName}) iface ipv4; inherit (networking.hostsAddr.${hostName}) iface ipv4;
ipv4WithMask = "${ipv4}/24"; ipv4WithMask = "${ipv4}/24";
in in {
{
# supported file systems, so we can mount any removable disks with these filesystems # supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [ boot.supportedFilesystems = [
"ext4" "ext4"
@@ -98,7 +96,7 @@ in
ovsbr1 = { ovsbr1 = {
# Attach the interfaces to OVS bridge # Attach the interfaces to OVS bridge
# This interface should not used by the host itself! # This interface should not used by the host itself!
interfaces.${iface} = { }; interfaces.${iface} = {};
}; };
}; };
@@ -107,9 +105,9 @@ in
# Set the host's address on the OVS bridge interface instead of the physical interface! # Set the host's address on the OVS bridge interface instead of the physical interface!
systemd.network.networks = { systemd.network.networks = {
"10-ovsbr1" = { "10-ovsbr1" = {
matchConfig.Name = [ "ovsbr1" ]; matchConfig.Name = ["ovsbr1"];
networkConfig = { networkConfig = {
Address = [ ipv4WithMask ]; Address = [ipv4WithMask];
DNS = nameservers; DNS = nameservers;
DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA.
IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC)
@@ -118,18 +116,18 @@ in
routes = [ routes = [
{ {
Destination = "0.0.0.0/0"; Destination = "0.0.0.0/0";
Gateway = defaultGateway; Gateway = proxyGateway;
} }
{ {
Destination = "::/0"; Destination = "::/0";
Gateway = defaultGateway6; Gateway = proxyGateway6;
GatewayOnLink = true; # it's a gateway on local link. GatewayOnLink = true; # it's a gateway on local link.
} }
]; ];
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
}; };
"20-${iface}" = { "20-${iface}" = {
matchConfig.Name = [ iface ]; matchConfig.Name = [iface];
networkConfig.LinkLocalAddressing = "no"; networkConfig.LinkLocalAddressing = "no";
# tell networkd ignore this interface. # tell networkd ignore this interface.
# it's managed by openvswitch # it's managed by openvswitch

73
vars/networking.nix
View File

@@ -1,11 +1,10 @@
{ lib }: {lib}: rec {
rec {
mainGateway = "192.168.5.1"; # main router mainGateway = "192.168.5.1"; # main router
mainGateway6 = "fe80::5"; # main router's link-local address mainGateway6 = "fe80::5"; # main router's link-local address
# use suzi as the default gateway # use suzi as the default gateway
# it's a subrouter with a transparent proxy # it's a subrouter with a transparent proxy
defaultGateway = "192.168.5.178"; proxyGateway = "192.168.5.178";
defaultGateway6 = "fe80::8"; proxyGateway6 = "fe80::8";
nameservers = [ nameservers = [
# IPv4 # IPv4
"119.29.29.29" # DNSPod "119.29.29.29" # DNSPod
@@ -152,17 +151,19 @@ rec {
}; };
}; };
hostsInterface = lib.attrsets.mapAttrs (key: val: { hostsInterface =
interfaces."${val.iface}" = { lib.attrsets.mapAttrs (key: val: {
useDHCP = false; interfaces."${val.iface}" = {
ipv4.addresses = [ useDHCP = false;
{ ipv4.addresses = [
inherit prefixLength; {
address = val.ipv4; inherit prefixLength;
} address = val.ipv4;
]; }
}; ];
}) hostsAddr; };
})
hostsAddr;
ssh = { ssh = {
# define the host alias for remote builders # define the host alias for remote builders
@@ -177,13 +178,14 @@ rec {
extraConfig = ( extraConfig = (
lib.attrsets.foldlAttrs ( lib.attrsets.foldlAttrs (
acc: host: val: acc: host: val:
acc acc
+ '' + ''
Host ${host} Host ${host}
HostName ${val.ipv4} HostName ${val.ipv4}
Port 22 Port 22
'' ''
) "" hostsAddr ) ""
hostsAddr
); );
# this config will be written to /etc/ssh/ssh_known_hosts # this config will be written to /etc/ssh/ssh_known_hosts
@@ -195,22 +197,21 @@ rec {
# { x = "a"; y = "b"; } # { x = "a"; y = "b"; }
# => { x = "bar-a"; y = "bar-b"; } # => { x = "bar-a"; y = "bar-b"; }
lib.attrsets.mapAttrs lib.attrsets.mapAttrs
(host: value: { (host: value: {
hostNames = [ host ] ++ (lib.optional (hostsAddr ? host) hostsAddr.${host}.ipv4); hostNames = [host] ++ (lib.optional (hostsAddr ? host) hostsAddr.${host}.ipv4);
publicKey = value.publicKey; publicKey = value.publicKey;
}) })
{ {
# Define the root user's host key for remote builders, so that nix can verify all the remote builders # Define the root user's host key for remote builders, so that nix can verify all the remote builders
aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOXFhFu9Duzp6ZBE288gDZ6VLrNaeWL4kDrFUh9Neic root@aquamarine"; aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOXFhFu9Duzp6ZBE288gDZ6VLrNaeWL4kDrFUh9Neic root@aquamarine";
# ruby.publicKey = ""; # ruby.publicKey = "";
# kana.publicKey = ""; # kana.publicKey = "";
# ==================================== Other SSH Service's Public Key ======================================= # ==================================== Other SSH Service's Public Key =======================================
# https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints # https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
"github.com".publicKey = "github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; };
};
}; };
} }