update + improvements

2025-06-19 03:27:05 +02:00 · 2025-06-19 03:27:05 +02:00 · d750f5299f
commit d750f5299f
parent 0a331c214a
6 changed files with 92 additions and 41 deletions
--- a/flake.lock
+++ b/flake.lock
@ -23,11 +23,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@ -54,15 +54,15 @@
    "lix": {
      "flake": false,
      "locked": {
-        "lastModified": 1729298361,
-        "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
-        "rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
+        "lastModified": 1746827285,
+        "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=",
+        "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a",
        "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a"
      },
      "original": {
        "type": "tarball",
-        "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
+        "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz"
      }
    },
    "lix-module": {
@ -75,29 +75,29 @@
        ]
      },
      "locked": {
-        "lastModified": 1732605668,
-        "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=",
-        "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe",
+        "lastModified": 1746838955,
+        "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=",
+        "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc",
        "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe"
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc"
      },
      "original": {
        "type": "tarball",
-        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"
+        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1737569578,
-        "narHash": "sha256-6qY0pk2QmUtBT9Mywdvif0i/CLVgpCjMUn6g9vB+f3M=",
+        "lastModified": 1750133334,
+        "narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "47addd76727f42d351590c905d9d1905ca895b82",
+        "rev": "36ab78dab7da2e4e27911007033713bab534187b",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-24.11",
+        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -1,9 +1,9 @@
 {
  description = "NixOS ISO of netali";
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
    flake-utils.url = "github:numtide/flake-utils";
-    lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz";
+    lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz";
    lix-module.inputs.nixpkgs.follows = "nixpkgs";
  };
  outputs = { self, nixpkgs, flake-utils, lix-module, ... }@inputs: {
@ -21,11 +21,16 @@

    overlays.default = (import ./packages);
  } // flake-utils.lib.eachDefaultSystem (system: let
-    pkgs = nixpkgs.legacyPackages.${system};
+    lixpkgs = import nixpkgs {
+      inherit system;
+      overlays = [
+        lix-module.overlays.default
+      ];
+    };
  in {
    packages = {
-      netali-configure-net-ruby = pkgs.callPackage ./packages/netali-configure-net-ruby {};
-      netali-default-config-ruby = pkgs.callPackage ./packages/netali-default-config-ruby {};
+      netali-configure-net-ruby = lixpkgs.callPackage ./packages/netali-configure-net-ruby {};
+      netali-default-config-ruby = lixpkgs.callPackage ./packages/netali-default-config-ruby {};
    };
  });
 }
--- a/packages/netali-configure-net-ruby/default.nix
+++ b/packages/netali-configure-net-ruby/default.nix
@ -1,20 +1,31 @@
 { writeShellScriptBin, iproute2 }:

 writeShellScriptBin "netali-configure-net-ruby" ''
-  if [[ $# -ne 2 ]]; then
-    echo "Usage: netali-configure-net-ruby [interface] [last-ip-block]"
+  if [[ $# -ne 3 ]]; then
+    echo "Usage: netali-configure-net-ruby [interface] [last-ip-block] [mode]"
    echo ""
    echo "interface:       name of the network interface to configure"
    echo "last-ip-block:   last block of the IPv6 address of this host"
+    echo "mode:            'public' or 'internal' (affects IP subnet)"
    exit 1
  fi

  INTERFACE=$1
  LAST_IP_BLOCK=$2
+  MODE=$3
+
+  if [[ $MODE == "public" ]]; then
+    PREFIX="2a00:fe0:1:21f::"
+    GATEWAY="2a00:fe0:1:21f::1"
+  else
+    PREFIX="2a00:fe0:3f5:1000::"
+    GATEWAY="2a00:fe0:3f5:1000::1"
+  fi

  ${iproute2}/bin/ip link set up $INTERFACE
-  ${iproute2}/bin/ip a a 2001:67c:a6c:a::$LAST_IP_BLOCK/64 dev $INTERFACE
-  ${iproute2}/bin/ip r a default via fe80::1 dev $INTERFACE
+  ${iproute2}/bin/ip a a $PREFIX$LAST_IP_BLOCK/64 dev $INTERFACE
+  ${iproute2}/bin/ip r a default via $GATEWAY dev $INTERFACE

-  echo "nameserver 2606:4700:4700::1111" > /etc/resolv.conf
+  echo "nameserver 2a00:fe0:0:2::300" > /etc/resolv.conf
+  echo "nameserver 2a00:fe0:0:3::300" >> /etc/resolv.conf
 ''
--- a/packages/netali-default-config-ruby/config-template.txt
+++ b/packages/netali-default-config-ruby/config-template.txt
@ -8,8 +8,7 @@

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
-
-  boot.tmp.useTmpfs = true;
+  boot.tmp.cleanOnBoot = true;

  networking.nftables.enable = true;

@ -18,7 +17,7 @@
  users.users.netali = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOV4f3/OcNQIHqomvH0nGLDmXDlrO/u7JKE9Fgq2Vuqs me@netali.de" ];
+    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqnMKa8BZmbRM2Oc4E8N9h9N26ABPLgPTketLNSK7l7 me@netali.de" ];
  };

  time.timeZone = "Europe/Berlin";
@ -31,7 +30,7 @@

  services.qemuGuest.enable = true;

-  system.stateVersion = "24.11";
+  system.stateVersion = "$STATE_VERSION";

  networking.hostName = "$TARGET_HOSTNAME";

@ -42,7 +41,7 @@
  networking.useDHCP = false;
  networking.dhcpcd.enable = false;

-  networking.nameservers = [ "2606:4700:4700::1111" "2606:4700:4700::1001" ];
+  networking.nameservers = [ "2a00:fe0:0:2::300" "2a00:fe0:0:3::300" ];

  nix = {
    settings = {
@ -64,16 +63,16 @@
  systemd.network = {
    enable = true;
    networks = {
-      "40-ens18" = {
-        name = "ens18";
+      "40-$INTERFACE" = {
+        name = "$INTERFACE";
        networkConfig = {
          IPv6AcceptRA = false;
        };
        address = [
-          "2001:67c:a6c:a::$LAST_IP_BLOCK/64"
+          "$PREFIX$LAST_IP_BLOCK/64"
        ];
        gateway = [
-          "2001:67c:a6c:a::1"
+          "$GATEWAY"
        ];
      };
    };
--- a/packages/netali-default-config-ruby/default.nix
+++ b/packages/netali-default-config-ruby/default.nix
@ -1,18 +1,34 @@
 { writeShellScriptBin, envsubst }:

 writeShellScriptBin "netali-default-config-ruby" ''
-  if [[ $# -ne 3 ]]; then
-    echo "Usage: netali-default-config-ruby [out-path] [hostname] [last-ip-block]"
+  if [[ $# -ne 6 ]]; then
+    echo "Usage: netali-default-config-ruby [out-path] [hostname] [interface] [last-ip-block] [mode] [state-version]"
    echo ""
    echo "out-path:        path to which the configuration will be written"
-    echo "hostname:        path to which the configuration will be written"
+    echo "hostname:        hostname of the new host"
+    echo "interface:       name of the network interface to configure"
    echo "last-ip-block:   last block of the IPv6 address of this host"
+    echo "mode:            'public' or 'internal' (affects IP subnet)"
+    echo "state-version:   NixOS State Version"
    exit 1
  fi
  
  OUT_PATH=$1
  export TARGET_HOSTNAME="$2"
-  export LAST_IP_BLOCK="$3"
+  export INTERFACE=$3
+  export LAST_IP_BLOCK=$4
+  MODE=$5
+  export STATE_VERSION=$6

-  ${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH
+  if [[ $MODE == "public" ]]; then
+    export PREFIX="2a00:fe0:1:21f::"
+    export GATEWAY="2a00:fe0:1:21f::1"
+  else
+    export PREFIX="2a00:fe0:3f5:1000::"
+    export GATEWAY="2a00:fe0:3f5:1000::1"
+  fi
+
+  cp ${./static.nix} $OUT_PATH/static.nix
+  chmod 644 $OUT_PATH/static.nix
+  ${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH/configuration.nix
 ''
--- a/packages/netali-default-config-ruby/static.nix
+++ b/packages/netali-default-config-ruby/static.nix
@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Pin current nixpkgs channel and flake registry to the nixpkgs version
+  # the host got build with
+  nix.nixPath = lib.mkForce [ "nixpkgs=\\${lib.cleanSource pkgs.path}" ];
+  nix.registry = lib.mkForce {
+    "nixpkgs" = {
+      from = {
+        type = "indirect";
+        id = "nixpkgs";
+      };
+      to = {
+        type = "path";
+        path = lib.cleanSource pkgs.path;
+      };
+      exact = true;
+    };
+  };
+}