From d750f5299fc8a75e7180d67026fbd580f59aafd4 Mon Sep 17 00:00:00 2001 From: netali Date: Thu, 19 Jun 2025 03:27:05 +0200 Subject: [PATCH] update + improvements --- flake.lock | 34 +++++++++---------- flake.nix | 15 +++++--- .../netali-configure-net-ruby/default.nix | 21 +++++++++--- .../config-template.txt | 17 +++++----- .../netali-default-config-ruby/default.nix | 26 +++++++++++--- .../netali-default-config-ruby/static.nix | 20 +++++++++++ 6 files changed, 92 insertions(+), 41 deletions(-) create mode 100644 packages/netali-default-config-ruby/static.nix diff --git a/flake.lock b/flake.lock index e337e29..33936ed 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -54,15 +54,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1729298361, - "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", - "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "lastModified": 1746827285, + "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", + "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" } }, "lix-module": { @@ -75,29 +75,29 @@ ] }, "locked": { - "lastModified": 1732605668, - "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", - "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe", + "lastModified": 1746838955, + "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", + "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" } }, "nixpkgs": { "locked": { - "lastModified": 1737569578, - "narHash": "sha256-6qY0pk2QmUtBT9Mywdvif0i/CLVgpCjMUn6g9vB+f3M=", + "lastModified": 1750133334, + "narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47addd76727f42d351590c905d9d1905ca895b82", + "rev": "36ab78dab7da2e4e27911007033713bab534187b", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 14518cc..3c65d9d 100644 --- a/flake.nix +++ b/flake.nix @@ -1,9 +1,9 @@ { description = "NixOS ISO of netali"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; flake-utils.url = "github:numtide/flake-utils"; - lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; + lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; lix-module.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { self, nixpkgs, flake-utils, lix-module, ... }@inputs: { @@ -21,11 +21,16 @@ overlays.default = (import ./packages); } // flake-utils.lib.eachDefaultSystem (system: let - pkgs = nixpkgs.legacyPackages.${system}; + lixpkgs = import nixpkgs { + inherit system; + overlays = [ + lix-module.overlays.default + ]; + }; in { packages = { - netali-configure-net-ruby = pkgs.callPackage ./packages/netali-configure-net-ruby {}; - netali-default-config-ruby = pkgs.callPackage ./packages/netali-default-config-ruby {}; + netali-configure-net-ruby = lixpkgs.callPackage ./packages/netali-configure-net-ruby {}; + netali-default-config-ruby = lixpkgs.callPackage ./packages/netali-default-config-ruby {}; }; }); } diff --git a/packages/netali-configure-net-ruby/default.nix b/packages/netali-configure-net-ruby/default.nix index ae3334b..13f56ab 100644 --- a/packages/netali-configure-net-ruby/default.nix +++ b/packages/netali-configure-net-ruby/default.nix @@ -1,20 +1,31 @@ { writeShellScriptBin, iproute2 }: writeShellScriptBin "netali-configure-net-ruby" '' - if [[ $# -ne 2 ]]; then - echo "Usage: netali-configure-net-ruby [interface] [last-ip-block]" + if [[ $# -ne 3 ]]; then + echo "Usage: netali-configure-net-ruby [interface] [last-ip-block] [mode]" echo "" echo "interface: name of the network interface to configure" echo "last-ip-block: last block of the IPv6 address of this host" + echo "mode: 'public' or 'internal' (affects IP subnet)" exit 1 fi INTERFACE=$1 LAST_IP_BLOCK=$2 + MODE=$3 + + if [[ $MODE == "public" ]]; then + PREFIX="2a00:fe0:1:21f::" + GATEWAY="2a00:fe0:1:21f::1" + else + PREFIX="2a00:fe0:3f5:1000::" + GATEWAY="2a00:fe0:3f5:1000::1" + fi ${iproute2}/bin/ip link set up $INTERFACE - ${iproute2}/bin/ip a a 2001:67c:a6c:a::$LAST_IP_BLOCK/64 dev $INTERFACE - ${iproute2}/bin/ip r a default via fe80::1 dev $INTERFACE + ${iproute2}/bin/ip a a $PREFIX$LAST_IP_BLOCK/64 dev $INTERFACE + ${iproute2}/bin/ip r a default via $GATEWAY dev $INTERFACE - echo "nameserver 2606:4700:4700::1111" > /etc/resolv.conf + echo "nameserver 2a00:fe0:0:2::300" > /etc/resolv.conf + echo "nameserver 2a00:fe0:0:3::300" >> /etc/resolv.conf '' diff --git a/packages/netali-default-config-ruby/config-template.txt b/packages/netali-default-config-ruby/config-template.txt index acafe4d..34a7232 100644 --- a/packages/netali-default-config-ruby/config-template.txt +++ b/packages/netali-default-config-ruby/config-template.txt @@ -8,8 +8,7 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - - boot.tmp.useTmpfs = true; + boot.tmp.cleanOnBoot = true; networking.nftables.enable = true; @@ -18,7 +17,7 @@ users.users.netali = { isNormalUser = true; extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOV4f3/OcNQIHqomvH0nGLDmXDlrO/u7JKE9Fgq2Vuqs me@netali.de" ]; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqnMKa8BZmbRM2Oc4E8N9h9N26ABPLgPTketLNSK7l7 me@netali.de" ]; }; time.timeZone = "Europe/Berlin"; @@ -31,7 +30,7 @@ services.qemuGuest.enable = true; - system.stateVersion = "24.11"; + system.stateVersion = "$STATE_VERSION"; networking.hostName = "$TARGET_HOSTNAME"; @@ -42,7 +41,7 @@ networking.useDHCP = false; networking.dhcpcd.enable = false; - networking.nameservers = [ "2606:4700:4700::1111" "2606:4700:4700::1001" ]; + networking.nameservers = [ "2a00:fe0:0:2::300" "2a00:fe0:0:3::300" ]; nix = { settings = { @@ -64,16 +63,16 @@ systemd.network = { enable = true; networks = { - "40-ens18" = { - name = "ens18"; + "40-$INTERFACE" = { + name = "$INTERFACE"; networkConfig = { IPv6AcceptRA = false; }; address = [ - "2001:67c:a6c:a::$LAST_IP_BLOCK/64" + "$PREFIX$LAST_IP_BLOCK/64" ]; gateway = [ - "2001:67c:a6c:a::1" + "$GATEWAY" ]; }; }; diff --git a/packages/netali-default-config-ruby/default.nix b/packages/netali-default-config-ruby/default.nix index 7fa4884..85092d6 100644 --- a/packages/netali-default-config-ruby/default.nix +++ b/packages/netali-default-config-ruby/default.nix @@ -1,18 +1,34 @@ { writeShellScriptBin, envsubst }: writeShellScriptBin "netali-default-config-ruby" '' - if [[ $# -ne 3 ]]; then - echo "Usage: netali-default-config-ruby [out-path] [hostname] [last-ip-block]" + if [[ $# -ne 6 ]]; then + echo "Usage: netali-default-config-ruby [out-path] [hostname] [interface] [last-ip-block] [mode] [state-version]" echo "" echo "out-path: path to which the configuration will be written" - echo "hostname: path to which the configuration will be written" + echo "hostname: hostname of the new host" + echo "interface: name of the network interface to configure" echo "last-ip-block: last block of the IPv6 address of this host" + echo "mode: 'public' or 'internal' (affects IP subnet)" + echo "state-version: NixOS State Version" exit 1 fi OUT_PATH=$1 export TARGET_HOSTNAME="$2" - export LAST_IP_BLOCK="$3" + export INTERFACE=$3 + export LAST_IP_BLOCK=$4 + MODE=$5 + export STATE_VERSION=$6 - ${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH + if [[ $MODE == "public" ]]; then + export PREFIX="2a00:fe0:1:21f::" + export GATEWAY="2a00:fe0:1:21f::1" + else + export PREFIX="2a00:fe0:3f5:1000::" + export GATEWAY="2a00:fe0:3f5:1000::1" + fi + + cp ${./static.nix} $OUT_PATH/static.nix + chmod 644 $OUT_PATH/static.nix + ${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH/configuration.nix '' diff --git a/packages/netali-default-config-ruby/static.nix b/packages/netali-default-config-ruby/static.nix new file mode 100644 index 0000000..f559482 --- /dev/null +++ b/packages/netali-default-config-ruby/static.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +{ + # Pin current nixpkgs channel and flake registry to the nixpkgs version + # the host got build with + nix.nixPath = lib.mkForce [ "nixpkgs=\\${lib.cleanSource pkgs.path}" ]; + nix.registry = lib.mkForce { + "nixpkgs" = { + from = { + type = "indirect"; + id = "nixpkgs"; + }; + to = { + type = "path"; + path = lib.cleanSource pkgs.path; + }; + exact = true; + }; + }; +}