gribse/nix-cluster
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clean files + add IP to hosts

Browse source
This commit is contained in:
zuma 2025-11-06 22:21:20 +01:00
parent ca436c49a3
commit b6d31e25b9
6 changed files with 140 additions and 110 deletions
Download patch file Download diff file Expand all files Collapse all files

31
cluster.nix
View file

@ -1,6 +1,11 @@
{ config, pkgs, lib, ...} @ args: {
with builtins; config,
with lib; pkgs,
lib,
...
}@args:
with builtins;
with lib;
{ {
options.filouterie = with types; { options.filouterie = with types; {
hostName = mkOption { hostName = mkOption {
@ -17,21 +22,21 @@
description = "Nodes that are part of this cluster"; description = "Nodes that are part of this cluster";
type = attrsOf (submodule { type = attrsOf (submodule {
options = { options = {
address = mkOption { address = mkOption {
type = str; type = str;
description = "IP Address in the Wireguard network"; description = "IP Address in the Wireguard network";
}; };
pubkey = mkOption { pubkey = mkOption {
type = str; type = str;
description = "Wireguard public key"; description = "Wireguard public key";
}; };
endpoint = mkOption { endpoint = mkOption {
type = str; type = str;
description = "Wireguard endpoint on the public internet"; description = "Wireguard endpoint on the public internet";
}; };
}; };
}); });
}; };
}; };

43
cluster/nodes/fifi.nix
View file

@ -1,25 +1,30 @@
{ config, lib, pkgs, ...}: {
config,
lib,
pkgs,
...
}:
{ {
config.filouterie.hostName = "fifi"; config.filouterie.hostName = "fifi";
# Setting up wifi networking and static ip (out of DHCP range 50-200) # Setting up wifi networking and static ip (out of DHCP range 50-200)
config.networking.wireless.enable = true; config.networking.wireless.enable = true;
config.networking.wireless.networks = { config.networking.wireless.networks = {
"Atalante_5G" = { "Atalante_5G" = {
pskRaw = "1bd70fc8bb0c9834dab5f10a1f2f3b84a6444e6605c5e11419b95e81f4e8fac8"; pskRaw = "1bd70fc8bb0c9834dab5f10a1f2f3b84a6444e6605c5e11419b95e81f4e8fac8";
}; };
}; };
config.networking.interfaces.wlp3s0.ipv4.addresses = [ config.networking.interfaces.wlp3s0.ipv4.addresses = [
{ {
address = "192.168.1.222"; address = "192.168.1.222";
prefixLength = 24; prefixLength = 24;
} }
]; ];
config.networking.defaultGateway = "192.168.1.1"; config.networking.defaultGateway = "192.168.1.1";
# Setting up bootloader in UEFI mode # Setting up bootloader in UEFI mode
config.boot.loader.grub.devices = [ "nodev"]; config.boot.loader.grub.devices = [ "nodev" ];
} }

7
cluster/nodes/loulou.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ...}: {
config,
lib,
pkgs,
...
}:
{ {
config.filouterie.hostName = "loulou"; config.filouterie.hostName = "loulou";

7
cluster/nodes/riri.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ...}: {
config,
lib,
pkgs,
...
}:
{ {
config.filouterie.hostName = "riri"; config.filouterie.hostName = "riri";

17
configuration.nix
View file

@ -43,18 +43,7 @@ with pkgs.lib;
useXkbConfig = true; # use xkb.options in tty. useXkbConfig = true; # use xkb.options in tty.
}; };
# Define a user account. Don't forget to set a password with passwd.
users.users = { users.users = {
nixos = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxRk3bAqq9sRuZD2rBecM9e2XXHnaUQVCkqNjkHrugv zuma@shenanigans.cc"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgXUerUE+Q3nRP1NHfNYSFoKeNauYBxYXAQ9+CJy4ZBWbxnQ0lp9GEF/KM2Ww0jdpW0hRUh3UJsnTauseWgSG+wxa0+j+bRj64d44G+f7QEGJ6SxcXpJljxuEoIAkhs73bZ4oAdXDMrtcaNij/YAXy6llu1vQFTGu6OytktTsEOLzTDP0tWTdyVSToD4+lk7UR5yMbSDz8gXn8/J3C3kf3mefPDTCDzMXBCixEEctY8VXM32RjlCPdxrxLKr/v5CrY2YA4WjuRhillaLwYVabkm7s98kHUvYTN48fbB5DHfgkGK6WhbfEPfta4DorQf/2D4cXpMkBt+sG1f5r9xThsv649xQB5uTg9pGeOtYn5zH3mk5wJN/2/mdveEJeCWXsXrq0GNhq+f6SE4reUvL+7MBtdpzt06D5u59JKNfXH2dQCOiqnyl0+Ahv0LoYDetJCB1dxombrUqRZvNsyD5T6lIF0tyEoK/0CXSRjr4J3nldzjPpk1uTo7kuW/clNi3KuzpQo7V8dk6I3H+jlut2lL6h8Q/P1L3p9e7T8pVi5XxbRunJYcDsWdiAb/S0y0fb0vQfGsUbi7sqvZl4fBvxYoE2NkXkWsLCN7FiFRkaTxGDh6YIo3UNllvmOxpX7tiiCV3cNLVMhcsWpNcv/U/rlBbNihODQpy1de+U2f7H8Qw== maël@Laptop-Maël"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC870BBey886dVmSb8AoK3uMs1t1dsHW7Wy1MVbpsraAYY0U6QXzhCKvO1geRIuwf4Q8mj8i2iuDwI7p1KoN8NIAmvGBs5YdIM0b4OGlLgF/7qBT9Rj54TDi4uCt4RLzorfVIzO66uGghOJPfUGXBw2gPCEJDE091fShcV9RK6ByQUvSLDJMz0fTKC5Z+ejxgzT+ZPBRusC54SPMiXlpROh/ZQ+VyfH2DjDwrXtt2wYigEMTI3/KtCKypUwbZ2JMeG4qVLIjdHXCHppq7EZWKj8HYywLlmWC3FIhHccCPrwTU5tfs35s1uExz3/ffqBpmhQmsgVeVf9Yz8uIccUZlF9UbhtKj9IJ88X2Doy+YWjXZAKWba48bSblWDH9I7R1f/t1o5lPml5UnTNsaMAmXL1oX7je+pveTJ7VB349AW8tv5PoRxYKuHuSu/J9hq43u8RQVAveaYoFpLvwBYMBmc6K02Oj3cLIPPQhQQSZ26z8NazHpIgVyQxgWhrckCb/vAi5yxl5htTcJqONTLJBWdKOj2huG16kF7m6NsJ4m8mReoYDOAcaIR1UPVJKALHw82mKdgSlBP/YrN7rTU9woBXt/QoWnWMabNM4YYr1UssiR+NS6fs4yuNZ58MaYsJi1Zlv1Vjwm9bj+rNCmYoXTbpVesn+rXbWZxIAeMqNCsHRQ== achille.toupin@gadz.org"
];
};
zuma = { zuma = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
@ -63,7 +52,6 @@ with pkgs.lib;
]; ];
hashedPassword = "$y$j9T$Qc23q8HQZMELvYyubvEoF/$jauiBKEGb65K03/va632gKIuGSR2Cro/CQ1yq5mOjxB"; hashedPassword = "$y$j9T$Qc23q8HQZMELvYyubvEoF/$jauiBKEGb65K03/va632gKIuGSR2Cro/CQ1yq5mOjxB";
}; };
mayel = { mayel = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
@ -183,6 +171,11 @@ with pkgs.lib;
fi fi
''; '';
# Sets /etc/hosts to link all hostnames to wireguard IP
networking.extraHosts = concatStringsSep "\n" (
attrValues (mapAttrs (hostname: { address, ... }: "${address} ${hostname}") cfg.clusterNodes)
);
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall = { networking.firewall = {
enable = true; enable = true;

145
wgautomesh.nix
View file

@ -1,87 +1,104 @@
{ config, lib, pkgs, ...}: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.filouterie.services.wgautomesh; cfg = config.filouterie.services.wgautomesh;
in in
with builtins; with builtins;
{ {
options.filouterie.services.wgautomesh = { options.filouterie.services.wgautomesh = {
enable = mkEnableOption "wgautomesh"; enable = mkEnableOption "wgautomesh";
logLevel = mkOption { logLevel = mkOption {
type = types.enum [ "trace" "debug" "info" "warn" "error" ]; type = types.enum [
default = "info"; "trace"
description = "wgautomesh log level (trace/debug/info/warn/error)"; "debug"
}; "info"
interface = mkOption { "warn"
type = types.str; "error"
description = "Wireguard interface to manage"; ];
}; default = "info";
gossipPort = mkOption { description = "wgautomesh log level (trace/debug/info/warn/error)";
type = types.port; };
description = "wgautomesh gossip port"; interface = mkOption {
}; type = types.str;
peers = mkOption { description = "Wireguard interface to manage";
type = types.listOf (types.submodule { };
gossipPort = mkOption {
type = types.port;
description = "wgautomesh gossip port";
};
peers = mkOption {
type = types.listOf (
types.submodule {
options = { options = {
pubkey = mkOption { pubkey = mkOption {
type = types.str; type = types.str;
description = "Wireguard public key"; description = "Wireguard public key";
}; };
address = mkOption { address = mkOption {
type = types.str; type = types.str;
description = "Wireguard peer address"; description = "Wireguard peer address";
}; };
endpoint = mkOption { endpoint = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
description = "bootstrap endpoint"; description = "bootstrap endpoint";
}; };
}; };
}); }
description = "wgautomesh peer list"; );
}; description = "wgautomesh peer list";
}; };
};
config = mkIf cfg.enable ( config = mkIf cfg.enable (
let let
peerDefs = map (peer: peerDefs = map (
let endpointDef = if peer.endpoint == null then "" peer:
else ''endpoint = "${peer.endpoint}"''; let
in endpointDef = if peer.endpoint == null then "" else ''endpoint = "${peer.endpoint}"'';
'' in
[[peers]] ''
pubkey = "${peer.pubkey}" [[peers]]
address = "${peer.address}" pubkey = "${peer.pubkey}"
${endpointDef} address = "${peer.address}"
'') cfg.peers; ${endpointDef}
''
) cfg.peers;
configFile = pkgs.writeText "wgautomesh.toml" '' configFile = pkgs.writeText "wgautomesh.toml" ''
interface = "${cfg.interface}" interface = "${cfg.interface}"
gossip_port = ${toString cfg.gossipPort} gossip_port = ${toString cfg.gossipPort}
${concatStringsSep "\n" peerDefs} ${concatStringsSep "\n" peerDefs}
''; '';
in { in
{
systemd.services.wgautomesh = { systemd.services.wgautomesh = {
enable = true; enable = true;
path = [ pkgs.wireguard-tools ]; path = [ pkgs.wireguard-tools ];
environment = { environment = {
RUST_LOG = "wgautomesh=${cfg.logLevel}"; RUST_LOG = "wgautomesh=${cfg.logLevel}";
}; };
description = "wgautomesh"; description = "wgautomesh";
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.wgautomesh}/bin/wgautomesh ${configFile}"; ExecStart = "${pkgs.wgautomesh}/bin/wgautomesh ${configFile}";
Restart = "always"; Restart = "always";
RestartSec = "30"; RestartSec = "30";
DynamicUser = true; DynamicUser = true;
User = "wgautomesh"; User = "wgautomesh";
StateDirectory = "wgautomesh"; StateDirectory = "wgautomesh";
StateDirectoryMode = "0700"; StateDirectoryMode = "0700";
AmbientCapabilities = "CAP_NET_ADMIN"; AmbientCapabilities = "CAP_NET_ADMIN";
CapabilityBoundingSets = "CAP_NET_ADMIN"; CapabilityBoundingSets = "CAP_NET_ADMIN";
}; };
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
}); }
} );
}