starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-06-12 09:24:24 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

refactor: centrally manage the network configuration of all hosts in homelab

Browse Source 
feat: new host - tailscalw-gw
This commit is contained in:
Ryan Yin
2024-01-28 13:39:06 +08:00
parent 3eec2a1837
commit ad861dcc59
23 changed files with 295 additions and 243 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hosts/12kingdoms_shoukei/default.nix
+8 -21
View File
@@ -1,15 +1,14 @@
{
pkgs,
nixos-hardware,
...
} @ args:
{nixos-hardware, ...}:
#############################################################
#
# Shoukei - NixOS running on Macbook Pro 2020 I5 16G
# https://github.com/NixOS/nixos-hardware/tree/master/apple/t2
#
#############################################################
{
let
hostName = "shoukei"; # Define your hostname.
vars = import ../vars.nix;
in {
imports = [
nixos-hardware.nixosModules.apple-t2
./apple-set-os-loader.nix
@@ -23,23 +22,11 @@
boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
networking = {
hostName = "shoukei"; # Define your hostname.
inherit hostName;
inherit (vars.networking) defaultGateway nameservers;
# configures the network interface(include wireless) via `nmcli` & `nmtui`
networkmanager.enable = true;
# Configure network proxy if necessary
# proxy.default = "http://user:password@proxy:port/";
# proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Configure network proxy if necessary
# proxy.default = "http://user:password@proxy:port/";
# proxy.noProxy = "127.0.0.1,localhost,internal.domain";
defaultGateway = "192.168.5.201";
nameservers = [
"119.29.29.29" # DNSPod
"223.5.5.5" # AliDNS
];
};
# This value determines the NixOS release from which the default
hosts/12kingdoms_shoukei/hardware-configuration.nix
+1 -1
View File
@@ -29,7 +29,7 @@
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
# supported fil systems, so we can mount any removable disks with these filesystems
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = lib.mkForce [
"ext4"
"btrfs"
hosts/12kingdoms_suzu/default.nix
+10 -20
View File
@@ -1,38 +1,28 @@
{nixos-rk3588, ...}:
#############################################################
#
# Aquamarine - A NixOS VM running on Proxmox
# Suzu - Orange Pi 5, RK3588s
#
#############################################################
{
let
hostName = "suzu"; # Define your hostname.
vars = import ../vars.nix;
hostAddress = vars.networking.hostAddress.${hostName};
in {
imports = [
# import the rk3588 module, which contains the configuration for bootloader/kernel/firmware
nixos-rk3588.nixosModules.orangepi5
];
networking = {
hostName = "suzu"; # Define your hostname.
wireless.enable = false; # Enables wireless support via wpa_supplicant.
inherit hostName;
inherit (vars.networking) defaultGateway nameservers;
networkmanager.enable = false;
# Configure network proxy if necessary
# proxy.default = "http://user:password@proxy:port/";
# proxy.noProxy = "127.0.0.1,localhost,internal.domain";
interfaces.end1 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.5.107";
prefixLength = 24;
}
];
ipv4.addresses = [hostAddress];
};
defaultGateway = "192.168.5.201";
nameservers = [
"119.29.29.29" # DNSPod
"223.5.5.5" # AliDNS
];
};
# This value determines the NixOS release from which the default
hosts/README.md
+3 -2
View File
@@ -1,6 +1,6 @@
# Hosts
1. macOS(darwin)
1. `darwin`(macOS)
1. `fern`: MacBook Pro 2022 13-inch M2 16G, mainly for business.
1. `harmonica`: MacBook Pro 2020 13-inch i5 16G, for personal use.
2. `idols`
@@ -15,7 +15,8 @@
4. `12kingdoms`:
1. `shoukei`: NixOS on Macbook Pro 2022 Intel i5, 13.3-inch, 16G RAM + 512G SSD.
1. `suzu`: Orange Pi 5, RK3588s(4xA76 + 4xA55), GPU(4Cores, Mail-G610), NPU(6Tops@int8), 8G RAM + 256G SSD.
5. Homelab:
1. `tailscale-gw`: A tailscale subnet router(gateway) for accessing my homelab remotely. NixOS VM running on Proxmox.
# idols - Oshi no Ko
hosts/homelab_tailscale_gw/default.nix
+43
View File
@@ -0,0 +1,43 @@
#############################################################
#
# Tailscale Gateway(homelab subnet router) - a NixOS VM running on Proxmox
#
#############################################################
let
hostName = "tailscale-gw"; # Define your hostname.
vars = import ../vars.nix;
hostAddress = vars.networking.hostAddress.${hostName};
in {
imports = [
./tailscale.nix
];
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
"ext4"
"btrfs"
"xfs"
"fat"
"vfat"
"exfat"
];
networking = {
inherit hostName;
inherit (vars.networking) defaultGateway nameservers;
networkmanager.enable = false;
interfaces.ens18 = {
useDHCP = false;
ipv4.addresses = [hostAddress];
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}
hosts/homelab_tailscale_gw/tailscale.nix
+46
View File
@@ -0,0 +1,46 @@
{
config,
pkgs,
...
}:
# =============================================================
#
# Tailscale - your own private network(VPN) that uses WireGuard
#
# It's open souce and free for personal use,
# and it's really easy to setup and use.
# Tailscale has great client coverage for Linux, windows, Mac, android, and iOS.
# Tailscale is more mature and stable compared to other alternatives such as netbird/netmaker.
# Maybe I'll give netbird/netmaker a try when they are more mature, but for now, I'm sticking with Tailscale.
#
# How to use:
# 1. Create a Tailscale account at https://login.tailscale.com
# 2. Login via `tailscale login`
# 3. join into your Tailscale network via `tailscale up --advertise-routes 192.168.5.0/24`
# 4. If you prefer automatic connection to Tailscale, use the `authKeyFile` option` in the config below.
#
# Status Data:
# `journalctl -u tailscaled` shows tailscaled's logs
# logs indicate that tailscale store its data in /var/lib/tailscale
# which is already persistent across reboots(via impermanence.nix)
#
# References:
# https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/networking/tailscale.nix
#
# =============================================================
{
# make the tailscale command usable to users
environment.systemPackages = [pkgs.tailscale];
# enable the tailscale service
services.tailscale = {
enable = true;
port = 41641;
interfaceName = "tailscale0";
# allow the Tailscale UDP port through the firewall
openFirewall = true;
useRoutingFeatures = "server";
extraUpFlags = "--advertise-routes 192.168.5.0/24";
# authKeyFile = "/var/lib/tailscale/authkey";
};
}
hosts/idols_ai/default.nix
+11 -21
View File
@@ -3,7 +3,11 @@
# Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
#
#############################################################
{
let
hostName = "ai"; # Define your hostname.
vars = import ../vars.nix;
hostAddress = vars.networking.hostAddress.${hostName};
in {
imports = [
./cifs-mount.nix
# Include the results of the hardware scan.
@@ -14,30 +18,16 @@
];
networking = {
hostName = "ai";
inherit hostName;
inherit (vars.networking) defaultGateway nameservers;
wireless.enable = false; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# proxy.default = "http://user:password@proxy:port/";
# proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networkmanager.enable = true;
enableIPv6 = false; # disable ipv6
# configures the network interface(include wireless) via `nmcli` & `nmtui`
networkmanager.enable = false;
interfaces.enp5s0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.5.100";
prefixLength = 24;
}
];
ipv4.addresses = [hostAddress];
};
defaultGateway = "192.168.5.201";
nameservers = [
"119.29.29.29" # DNSPod
"223.5.5.5" # AliDNS
];
};
# conflict with feature: containerd-snapshotter
hosts/idols_ai/hardware-configuration.nix
+1 -1
View File
@@ -32,7 +32,7 @@
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
# supported fil systems, so we can mount any removable disks with these filesystems
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
"ext4"
"btrfs"
hosts/idols_aquamarine/default.nix
+10 -20
View File
@@ -3,10 +3,14 @@
# Aquamarine - A NixOS VM running on Proxmox
#
#############################################################
{
let
hostName = "aquamarine"; # Define your hostname.
vars = import ../vars.nix;
hostAddress = vars.networking.hostAddress.${hostName};
in {
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
# supported fil systems, so we can mount any removable disks with these filesystems
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
"ext4"
"btrfs"
@@ -23,28 +27,14 @@
boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
networking = {
hostName = "aquamarine"; # Define your hostname.
wireless.enable = false; # Enables wireless support via wpa_supplicant.
inherit hostName;
inherit (vars.networking) defaultGateway nameservers;
# Configure network proxy if necessary
# proxy.default = "http://user:password@proxy:port/";
# proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networkmanager.enable = true;
networkmanager.enable = false;
interfaces.ens18 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.5.101";
prefixLength = 24;
}
];
ipv4.addresses = [hostAddress];
};
defaultGateway = "192.168.5.201";
nameservers = [
"119.29.29.29" # DNSPod
"223.5.5.5" # AliDNS
];
};
# This value determines the NixOS release from which the default
hosts/idols_kana/default.nix
+10 -20
View File
@@ -3,10 +3,14 @@
# Kana - a NixOS VM running on Proxmox
#
#############################################################
{
let
hostName = "kana"; # Define your hostname.
vars = import ../vars.nix;
hostAddress = vars.networking.hostAddress.${hostName};
in {
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
# supported fil systems, so we can mount any removable disks with these filesystems
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
"ext4"
"btrfs"
@@ -23,28 +27,14 @@
boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
networking = {
hostName = "kana"; # Define your hostname.
wireless.enable = false; # Enables wireless support via wpa_supplicant.
inherit hostName;
inherit (vars.networking) defaultGateway nameservers;
# Configure network proxy if necessary
# proxy.default = "http://user:password@proxy:port/";
# proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networkmanager.enable = true;
networkmanager.enable = false;
interfaces.ens18 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.5.103";
prefixLength = 24;
}
];
ipv4.addresses = [hostAddress];
};
defaultGateway = "192.168.5.201";
nameservers = [
"119.29.29.29" # DNSPod
"223.5.5.5" # AliDNS
];
};
# This value determines the NixOS release from which the default
hosts/idols_ruby/default.nix
+10 -20
View File
@@ -3,10 +3,14 @@
# Ruby - a NixOS VM running on Proxmox
#
#############################################################
{
let
hostName = "ruby"; # Define your hostname.
vars = import ../vars.nix;
hostAddress = vars.networking.hostAddress.${hostName};
in {
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
# supported fil systems, so we can mount any removable disks with these filesystems
# supported file systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
"ext4"
"btrfs"
@@ -23,28 +27,14 @@
boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
networking = {
hostName = "ruby"; # Define your hostname.
wireless.enable = false; # Enables wireless support via wpa_supplicant.
inherit hostName;
inherit (vars.networking) defaultGateway nameservers;
# Configure network proxy if necessary
# proxy.default = "http://user:password@proxy:port/";
# proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networkmanager.enable = true;
networkmanager.enable = false;
interfaces.ens18 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.5.102";
prefixLength = 24;
}
];
ipv4.addresses = [hostAddress];
};
defaultGateway = "192.168.5.201";
nameservers = [
"119.29.29.29" # DNSPod
"223.5.5.5" # AliDNS
];
};
# This value determines the NixOS release from which the default
hosts/rolling_girls_chiaya/default.nix
+9 -20
View File
@@ -9,38 +9,27 @@
# WIP, not working yet.
#
#############################################################
{
let
hostName = "chiaya"; # Define your hostname.
vars = import ../vars.nix;
hostAddress = vars.networking.hostAddress.${hostName};
in {
imports = [
];
# Set static IP address / gateway / DNS servers.
networking = {
hostName = "chiaya"; # Define your hostname.
wireless.enable = false;
inherit hostName;
inherit (vars.networking) defaultGateway nameservers;
# Failed to enable firewall due to the following error:
# firewall-start[2300]: iptables: Failed to initialize nft: Protocol not supported
firewall.enable = false;
defaultGateway = "192.168.5.201";
nameservers = [
"119.29.29.29" # DNSPod
"223.5.5.5" # AliDNS
];
# Configure network proxy if necessary
# proxy.default = "http://user:password@proxy:port/";
# proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networkmanager.enable = false;
# milkv-mars RJ45 port
interfaces.end0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.5.106";
prefixLength = 24;
}
];
ipv4.addresses = [hostAddress];
};
};
hosts/rolling_girls_nozomi/default.nix
+9 -14
View File
@@ -4,7 +4,11 @@
# Nozomi - NixOS configuration for Lichee Pi 4A
#
#############################################################
{
let
hostName = "nozomi"; # Define your hostname.
vars = import ../vars.nix;
hostAddress = vars.networking.hostAddress.${hostName};
in {
imports = [
# import the licheepi4a module, which contains the configuration for bootloader/kernel/firmware
(nixos-licheepi4a + "/modules/licheepi4a.nix")
@@ -14,7 +18,9 @@
# Set static IP address / gateway / DNS servers.
networking = {
hostName = "nozomi"; # Define your hostname.
inherit hostName;
inherit (vars.networking) defaultGateway nameservers;
wireless = {
# https://wiki.archlinux.org/title/wpa_supplicant
enable = true;
@@ -33,12 +39,6 @@
# firewall-start[2300]: iptables: Failed to initialize nft: Protocol not supported
firewall.enable = false;
defaultGateway = "192.168.5.201";
nameservers = [
"119.29.29.29" # DNSPod
"223.5.5.5" # AliDNS
];
# Configure network proxy if necessary
# proxy.default = "http://user:password@proxy:port/";
# proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@@ -46,12 +46,7 @@
# LPI4A's wireless interface
interfaces.wlan0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.5.104";
prefixLength = 24;
}
];
ipv4.addresses = [hostAddress];
};
# LPI4A's first ethernet interface
# interfaces.end0 = {
hosts/rolling_girls_yukina/default.nix
+10 -15
View File
@@ -4,7 +4,11 @@
# Yukina - NixOS configuration for Lichee Pi 4A
#
#############################################################
{
let
hostName = "yukina"; # Define your hostname.
vars = import ../vars.nix;
hostAddress = vars.networking.hostAddress.${hostName};
in {
imports = [
# import the licheepi4a module, which contains the configuration for bootloader/kernel/firmware
(nixos-licheepi4a + "/modules/licheepi4a.nix")
@@ -14,7 +18,9 @@
# Set static IP address / gateway / DNS servers.
networking = {
hostName = "yukina"; # Define your hostname.
inherit hostName;
inherit (vars.networking) defaultGateway nameservers;
wireless = {
# https://wiki.archlinux.org/title/wpa_supplicant
enable = true;
@@ -33,12 +39,6 @@
# firewall-start[2300]: iptables: Failed to initialize nft: Protocol not supported
firewall.enable = false;
defaultGateway = "192.168.5.201";
nameservers = [
"119.29.29.29" # DNSPod
"223.5.5.5" # AliDNS
];
# Configure network proxy if necessary
# proxy.default = "http://user:password@proxy:port/";
# proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@@ -46,19 +46,14 @@
# LPI4A's wireless interface
interfaces.wlan0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.5.105";
prefixLength = 24;
}
];
ipv4.addresses = [hostAddress];
};
# LPI4A's first ethernet interface
# interfaces.end0 = {
# useDHCP = false;
# ipv4.addresses = [
# {
# address = "192.168.5.105";
# address = "192.168.5.104";
# prefixLength = 24;
# }
# ];
hosts/vars.nix
+49
View File
@@ -0,0 +1,49 @@
{
networking = rec {
defaultGateway = "192.168.5.201";
nameservers = [
"119.29.29.29" # DNSPod
"223.5.5.5" # AliDNS
];
prefixLength = 24;
hostAddress = {
"ai" = {
inherit prefixLength;
address = "192.168.5.100";
};
"aquamarine" = {
inherit prefixLength;
address = "192.168.5.101";
};
"ruby" = {
inherit prefixLength;
address = "192.168.5.102";
};
"kana" = {
inherit prefixLength;
address = "192.168.5.103";
};
"nozomi" = {
inherit prefixLength;
address = "192.168.5.104";
};
"yukina" = {
inherit prefixLength;
address = "192.168.5.105";
};
"chiaya" = {
inherit prefixLength;
address = "192.168.5.106";
};
"suzu" = {
inherit prefixLength;
address = "192.168.5.107";
};
"tailscale-gw" = {
inherit prefixLength;
address = "192.168.5.192";
};
};
};
}