From b6d31e25b93a197af5b9bf39ecb20c51c4ae8815 Mon Sep 17 00:00:00 2001 From: zuma Date: Thu, 6 Nov 2025 22:21:20 +0100 Subject: [PATCH] Clean files + add IP to hosts --- cluster.nix | 31 +++++---- cluster/nodes/fifi.nix | 43 +++++++----- cluster/nodes/loulou.nix | 7 +- cluster/nodes/riri.nix | 7 +- configuration.nix | 17 ++--- wgautomesh.nix | 145 ++++++++++++++++++++++----------------- 6 files changed, 140 insertions(+), 110 deletions(-) diff --git a/cluster.nix b/cluster.nix index d8972a8..e21077c 100644 --- a/cluster.nix +++ b/cluster.nix @@ -1,6 +1,11 @@ -{ config, pkgs, lib, ...} @ args: - with builtins; - with lib; +{ + config, + pkgs, + lib, + ... +}@args: +with builtins; +with lib; { options.filouterie = with types; { hostName = mkOption { @@ -17,21 +22,21 @@ description = "Nodes that are part of this cluster"; type = attrsOf (submodule { options = { - address = mkOption { + address = mkOption { type = str; - description = "IP Address in the Wireguard network"; - }; + description = "IP Address in the Wireguard network"; + }; - pubkey = mkOption { + pubkey = mkOption { type = str; - description = "Wireguard public key"; - }; + description = "Wireguard public key"; + }; - endpoint = mkOption { + endpoint = mkOption { type = str; - description = "Wireguard endpoint on the public internet"; - }; - }; + description = "Wireguard endpoint on the public internet"; + }; + }; }); }; }; diff --git a/cluster/nodes/fifi.nix b/cluster/nodes/fifi.nix index 9e226b9..e1aef21 100755 --- a/cluster/nodes/fifi.nix +++ b/cluster/nodes/fifi.nix @@ -1,25 +1,30 @@ -{ config, lib, pkgs, ...}: +{ + config, + lib, + pkgs, + ... +}: -{ - config.filouterie.hostName = "fifi"; +{ + config.filouterie.hostName = "fifi"; - # Setting up wifi networking and static ip (out of DHCP range 50-200) - config.networking.wireless.enable = true; - config.networking.wireless.networks = { - "Atalante_5G" = { - pskRaw = "1bd70fc8bb0c9834dab5f10a1f2f3b84a6444e6605c5e11419b95e81f4e8fac8"; - }; - }; + # Setting up wifi networking and static ip (out of DHCP range 50-200) + config.networking.wireless.enable = true; + config.networking.wireless.networks = { + "Atalante_5G" = { + pskRaw = "1bd70fc8bb0c9834dab5f10a1f2f3b84a6444e6605c5e11419b95e81f4e8fac8"; + }; + }; - config.networking.interfaces.wlp3s0.ipv4.addresses = [ - { - address = "192.168.1.222"; - prefixLength = 24; - } - ]; + config.networking.interfaces.wlp3s0.ipv4.addresses = [ + { + address = "192.168.1.222"; + prefixLength = 24; + } + ]; - config.networking.defaultGateway = "192.168.1.1"; + config.networking.defaultGateway = "192.168.1.1"; - # Setting up bootloader in UEFI mode - config.boot.loader.grub.devices = [ "nodev"]; + # Setting up bootloader in UEFI mode + config.boot.loader.grub.devices = [ "nodev" ]; } diff --git a/cluster/nodes/loulou.nix b/cluster/nodes/loulou.nix index 95d939f..95b245e 100755 --- a/cluster/nodes/loulou.nix +++ b/cluster/nodes/loulou.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ...}: +{ + config, + lib, + pkgs, + ... +}: { config.filouterie.hostName = "loulou"; diff --git a/cluster/nodes/riri.nix b/cluster/nodes/riri.nix index ca74f6d..dff0b2b 100755 --- a/cluster/nodes/riri.nix +++ b/cluster/nodes/riri.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ...}: +{ + config, + lib, + pkgs, + ... +}: { config.filouterie.hostName = "riri"; diff --git a/configuration.nix b/configuration.nix index 367133c..4ac7d82 100755 --- a/configuration.nix +++ b/configuration.nix @@ -43,18 +43,7 @@ with pkgs.lib; useXkbConfig = true; # use xkb.options in tty. }; - # Define a user account. Don't forget to set a password with ‘passwd’. users.users = { - nixos = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxRk3bAqq9sRuZD2rBecM9e2XXHnaUQVCkqNjkHrugv zuma@shenanigans.cc" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgXUerUE+Q3nRP1NHfNYSFoKeNauYBxYXAQ9+CJy4ZBWbxnQ0lp9GEF/KM2Ww0jdpW0hRUh3UJsnTauseWgSG+wxa0+j+bRj64d44G+f7QEGJ6SxcXpJljxuEoIAkhs73bZ4oAdXDMrtcaNij/YAXy6llu1vQFTGu6OytktTsEOLzTDP0tWTdyVSToD4+lk7UR5yMbSDz8gXn8/J3C3kf3mefPDTCDzMXBCixEEctY8VXM32RjlCPdxrxLKr/v5CrY2YA4WjuRhillaLwYVabkm7s98kHUvYTN48fbB5DHfgkGK6WhbfEPfta4DorQf/2D4cXpMkBt+sG1f5r9xThsv649xQB5uTg9pGeOtYn5zH3mk5wJN/2/mdveEJeCWXsXrq0GNhq+f6SE4reUvL+7MBtdpzt06D5u59JKNfXH2dQCOiqnyl0+Ahv0LoYDetJCB1dxombrUqRZvNsyD5T6lIF0tyEoK/0CXSRjr4J3nldzjPpk1uTo7kuW/clNi3KuzpQo7V8dk6I3H+jlut2lL6h8Q/P1L3p9e7T8pVi5XxbRunJYcDsWdiAb/S0y0fb0vQfGsUbi7sqvZl4fBvxYoE2NkXkWsLCN7FiFRkaTxGDh6YIo3UNllvmOxpX7tiiCV3cNLVMhcsWpNcv/U/rlBbNihODQpy1de+U2f7H8Qw== maël@Laptop-Maël" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC870BBey886dVmSb8AoK3uMs1t1dsHW7Wy1MVbpsraAYY0U6QXzhCKvO1geRIuwf4Q8mj8i2iuDwI7p1KoN8NIAmvGBs5YdIM0b4OGlLgF/7qBT9Rj54TDi4uCt4RLzorfVIzO66uGghOJPfUGXBw2gPCEJDE091fShcV9RK6ByQUvSLDJMz0fTKC5Z+ejxgzT+ZPBRusC54SPMiXlpROh/ZQ+VyfH2DjDwrXtt2wYigEMTI3/KtCKypUwbZ2JMeG4qVLIjdHXCHppq7EZWKj8HYywLlmWC3FIhHccCPrwTU5tfs35s1uExz3/ffqBpmhQmsgVeVf9Yz8uIccUZlF9UbhtKj9IJ88X2Doy+YWjXZAKWba48bSblWDH9I7R1f/t1o5lPml5UnTNsaMAmXL1oX7je+pveTJ7VB349AW8tv5PoRxYKuHuSu/J9hq43u8RQVAveaYoFpLvwBYMBmc6K02Oj3cLIPPQhQQSZ26z8NazHpIgVyQxgWhrckCb/vAi5yxl5htTcJqONTLJBWdKOj2huG16kF7m6NsJ4m8mReoYDOAcaIR1UPVJKALHw82mKdgSlBP/YrN7rTU9woBXt/QoWnWMabNM4YYr1UssiR+NS6fs4yuNZ58MaYsJi1Zlv1Vjwm9bj+rNCmYoXTbpVesn+rXbWZxIAeMqNCsHRQ== achille.toupin@gadz.org" - ]; - }; - zuma = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. @@ -63,7 +52,6 @@ with pkgs.lib; ]; hashedPassword = "$y$j9T$Qc23q8HQZMELvYyubvEoF/$jauiBKEGb65K03/va632gKIuGSR2Cro/CQ1yq5mOjxB"; }; - mayel = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. @@ -183,6 +171,11 @@ with pkgs.lib; fi ''; + # Sets /etc/hosts to link all hostnames to wireguard IP + networking.extraHosts = concatStringsSep "\n" ( + attrValues (mapAttrs (hostname: { address, ... }: "${address} ${hostname}") cfg.clusterNodes) + ); + # Open ports in the firewall. networking.firewall = { enable = true; diff --git a/wgautomesh.nix b/wgautomesh.nix index d2f2485..adf7aa0 100644 --- a/wgautomesh.nix +++ b/wgautomesh.nix @@ -1,87 +1,104 @@ -{ config, lib, pkgs, ...}: +{ + config, + lib, + pkgs, + ... +}: with lib; let cfg = config.filouterie.services.wgautomesh; in - with builtins; - { - options.filouterie.services.wgautomesh = { - enable = mkEnableOption "wgautomesh"; - logLevel = mkOption { - type = types.enum [ "trace" "debug" "info" "warn" "error" ]; - default = "info"; - description = "wgautomesh log level (trace/debug/info/warn/error)"; - }; - interface = mkOption { - type = types.str; - description = "Wireguard interface to manage"; - }; - gossipPort = mkOption { - type = types.port; - description = "wgautomesh gossip port"; - }; - peers = mkOption { - type = types.listOf (types.submodule { +with builtins; +{ + options.filouterie.services.wgautomesh = { + enable = mkEnableOption "wgautomesh"; + logLevel = mkOption { + type = types.enum [ + "trace" + "debug" + "info" + "warn" + "error" + ]; + default = "info"; + description = "wgautomesh log level (trace/debug/info/warn/error)"; + }; + interface = mkOption { + type = types.str; + description = "Wireguard interface to manage"; + }; + gossipPort = mkOption { + type = types.port; + description = "wgautomesh gossip port"; + }; + peers = mkOption { + type = types.listOf ( + types.submodule { options = { pubkey = mkOption { type = types.str; - description = "Wireguard public key"; - }; - address = mkOption { + description = "Wireguard public key"; + }; + address = mkOption { type = types.str; description = "Wireguard peer address"; - }; - endpoint = mkOption { + }; + endpoint = mkOption { type = types.nullOr types.str; - description = "bootstrap endpoint"; - }; - }; - }); - description = "wgautomesh peer list"; - }; + description = "bootstrap endpoint"; + }; + }; + } + ); + description = "wgautomesh peer list"; }; + }; - config = mkIf cfg.enable ( + config = mkIf cfg.enable ( let - peerDefs = map (peer: - let endpointDef = if peer.endpoint == null then "" - else ''endpoint = "${peer.endpoint}"''; - in - '' - [[peers]] - pubkey = "${peer.pubkey}" - address = "${peer.address}" - ${endpointDef} - '') cfg.peers; + peerDefs = map ( + peer: + let + endpointDef = if peer.endpoint == null then "" else ''endpoint = "${peer.endpoint}"''; + in + '' + [[peers]] + pubkey = "${peer.pubkey}" + address = "${peer.address}" + ${endpointDef} + '' + ) cfg.peers; configFile = pkgs.writeText "wgautomesh.toml" '' - interface = "${cfg.interface}" - gossip_port = ${toString cfg.gossipPort} + interface = "${cfg.interface}" + gossip_port = ${toString cfg.gossipPort} - ${concatStringsSep "\n" peerDefs} - ''; - in { + ${concatStringsSep "\n" peerDefs} + ''; + in + { systemd.services.wgautomesh = { enable = true; - path = [ pkgs.wireguard-tools ]; - environment = { + path = [ pkgs.wireguard-tools ]; + environment = { RUST_LOG = "wgautomesh=${cfg.logLevel}"; - }; - description = "wgautomesh"; - serviceConfig = { + }; + description = "wgautomesh"; + serviceConfig = { Type = "simple"; - ExecStart = "${pkgs.wgautomesh}/bin/wgautomesh ${configFile}"; - Restart = "always"; - RestartSec = "30"; + ExecStart = "${pkgs.wgautomesh}/bin/wgautomesh ${configFile}"; + Restart = "always"; + RestartSec = "30"; - DynamicUser = true; - User = "wgautomesh"; - StateDirectory = "wgautomesh"; - StateDirectoryMode = "0700"; - AmbientCapabilities = "CAP_NET_ADMIN"; - CapabilityBoundingSets = "CAP_NET_ADMIN"; - }; + DynamicUser = true; + User = "wgautomesh"; + StateDirectory = "wgautomesh"; + StateDirectoryMode = "0700"; + AmbientCapabilities = "CAP_NET_ADMIN"; + CapabilityBoundingSets = "CAP_NET_ADMIN"; + }; wantedBy = [ "multi-user.target" ]; }; - }); - } + } + ); +}