gribse/nix-cluster
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Modularize and fix wireguard

Browse source
This commit is contained in:
zuma 2025-11-06 22:08:45 +01:00
parent 127fc040a5
commit 7b6e8c49f1
6 changed files with 265 additions and 229 deletions
Download patch file Download diff file Expand all files Collapse all files

58
cluster.nix Normal file
View file

@ -0,0 +1,58 @@
{ config, pkgs, lib, ...} @ args:
with builtins;
with lib;
{
options.filouterie = with types; {
hostName = mkOption {
type = str;
description = "Node name";
};
clusterPrefix = mkOption {
type = str;
description = "Cluster IP prefix";
};
clusterNodes = mkOption {
description = "Nodes that are part of this cluster";
type = attrsOf (submodule {
options = {
address = mkOption {
type = str;
description = "IP Address in the Wireguard network";
};
pubkey = mkOption {
type = str;
description = "Wireguard public key";
};
endpoint = mkOption {
type = str;
description = "Wireguard endpoint on the public internet";
};
};
});
};
};
config.filouterie.clusterPrefix = "10.0.0.0/16";
config.filouterie.clusterNodes = {
"fifi" = {
pubkey = "/TJVF6aLEvqngjd8Gq3QkH5esEQSIL+ryz/uKdJaZEQ=";
address = "10.0.1.1";
endpoint = "92.179.73.254:19720";
};
"riri" = {
pubkey = "lUUTv85m7vtIKY7+s//AWL5r/epjXSBZNJCrgjRfQj0=";
address = "10.0.2.1";
endpoint = "176.159.248.209:19720";
};
"loulou" = {
pubkey = "J/liQaChv4ZBjwlLmobM0NA/Wwgl8nDcQEcGdsC5Exc=";
address = "10.0.3.1";
endpoint = "82.67.117.71:19720";
};
};
}

18
cluster/nodes/fifi.nix
View file

@ -1,20 +1,9 @@
{ config, lib, pkgs, ...}: { config, lib, pkgs, ...}:
{ {
# Defining hostname config.filouterie.hostName = "fifi";
networking.hostName = "fifi";
# Setting up environment variables
environment.sessionVariables = rec {
NODE = "fifi";
};
# Setting up wifi networking and static ip (out of DHCP range 50-200) # Setting up wifi networking and static ip (out of DHCP range 50-200)
networking.wireless.enable = true; networking.wireless.enable = true;
networking.wireless.networks = { networking.wireless.networks = {
"Atalante_5G" = { "Atalante_5G" = {
@ -33,8 +22,5 @@
# Setting up bootloader in UEFI mode # Setting up bootloader in UEFI mode
config.boot.loader.grub.devices = [ "nodev"];
boot.loader.grub.devices = [ "nodev"];
} }

10
cluster/nodes/loulou.nix
View file

@ -1,13 +1,5 @@
{ config, lib, pkgs, ...}: { config, lib, pkgs, ...}:
{ {
networking.hostName = "loulou"; config.filouterie.hostName = "loulou";
# Setting up environment variables
environment.sessionVariables = rec {
NODE = "loulou";
};
} }

15
cluster/nodes/riri.nix
View file

@ -1,16 +1,9 @@
{ config, lib, pkgs, ...}: { config, lib, pkgs, ...}:
{ {
config.filouterie.hostName = "riri";
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; config.boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; config.boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "riri";
# Setting up environment variables
environment.sessionVariables = rec {
NODE = "riri";
};
} }

58
configuration.nix
View file

@ -7,19 +7,34 @@
... ...
}: }:
let
cfg = config.filouterie;
in
with builtins;
with pkgs.lib;
{ {
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./cluster.nix
./node.nix ./node.nix
./wgautomesh.nix ./wgautomesh.nix
]; ];
programs.nix-ld.enable = true; # for vscode server config =
let
clusterNodeCfg = getAttr cfg.hostName cfg.clusterNodes;
clusterAddress = clusterNodeCfg.address;
in
{
networking.hostName = cfg.hostName;
environment.sessionVariables = rec {
NODE = cfg.hostName;
};
programs.nix-ld.enable = true; # for vscode server
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Paris"; time.timeZone = "Europe/Paris";
# Select internationalisation properties. # Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
console = { console = {
@ -28,9 +43,6 @@
useXkbConfig = true; # use xkb.options in tty. useXkbConfig = true; # use xkb.options in tty.
}; };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users = { users.users = {
nixos = { nixos = {
@ -115,7 +127,6 @@
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.PasswordAuthentication = false;
services.unbound = { services.unbound = {
enable = true; enable = true;
settings = { settings = {
@ -137,7 +148,7 @@
services.resolved.enable = false; services.resolved.enable = false;
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
ips = [ "10.0.0.0/16" ]; ips = [ "${clusterAddress}/16" ];
listenPort = 19720; listenPort = 19720;
privateKeyFile = "/var/lib/filouterie/wireguard-keys/private"; privateKeyFile = "/var/lib/filouterie/wireguard-keys/private";
mtu = 1420; mtu = 1420;
@ -147,26 +158,20 @@
enable = true; enable = true;
interface = "wg0"; interface = "wg0";
gossipPort = 1600; gossipPort = 1600;
peers = [ peers = attrValues (
# Fifi mapAttrs (
hostname:
{ {
address = "10.0.1.1"; pubkey,
endpoint = "92.179.73.254:19720"; endpoint,
pubkey = "/TJVF6aLEvqngjd8Gq3QkH5esEQSIL+ryz/uKdJaZEQ="; address,
} ...
# Riri }:
{ {
address = "10.0.2.1"; inherit pubkey address endpoint;
endpoint = "176.159.248.209:19720";
pubkey = "lUUTv85m7vtIKY7+s//AWL5r/epjXSBZNJCrgjRfQj0=";
} }
# Fifi ) cfg.clusterNodes
{ );
address = "10.0.3.1";
endpoint = "82.67.117.71:19720";
pubkey = "J/liQaChv4ZBjwlLmobM0NA/Wwgl8nDcQEcGdsC5Exc=";
}
];
}; };
system.activationScripts.generate_filouterie_wg_key = '' system.activationScripts.generate_filouterie_wg_key = ''
@ -190,11 +195,11 @@
extraCommands = '' extraCommands = ''
# Allow other nodes on VPN to access all ports # Allow other nodes on VPN to access all ports
iptables -A INPUT -s 10.0.0.0/16 -j ACCEPT iptables -A INPUT -s ${cfg.clusterPrefix} -j ACCEPT
''; '';
extraStopCommands = '' extraStopCommands = ''
iptables -D INPUT -s 10.0.0.0/16 -j ACCEPT iptables -D INPUT -s ${cfg.clusterPrefix} -j ACCEPT
''; '';
}; };
# Garbage collection to remove old NixOs iterations # Garbage collection to remove old NixOs iterations
@ -210,4 +215,5 @@
# system.copySystemConfiguration = true; # system.copySystemConfiguration = true;
system.stateVersion = "25.05"; # Never bloody change this value, got it lads ? system.stateVersion = "25.05"; # Never bloody change this value, got it lads ?
};
} }

1
deploy_nix.sh
View file

@ -9,4 +9,5 @@ fi
cp configuration.nix /etc/nixos/configuration.nix cp configuration.nix /etc/nixos/configuration.nix
cp cluster/nodes/$NODE.nix /etc/nixos/node.nix cp cluster/nodes/$NODE.nix /etc/nixos/node.nix
cp wgautomesh.nix /etc/nixos/wgautomesh.nix cp wgautomesh.nix /etc/nixos/wgautomesh.nix
cp cluster.nix /etc/nixos/cluster.nix
nixos-rebuild switch nixos-rebuild switch