lasuite-federez/nix
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move modules from nodes.nix to mapping.nix

Browse source
This commit is contained in:
asyncnomi 2025-07-24 21:22:14 +02:00
parent 4df3c2678d
commit 5103243bfd
5 changed files with 32 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

14
flake.nix
View file

@ -36,6 +36,18 @@
getNixpkgs = ver: if ver == "25.05" then nixpkgs-25-05 else nixpkgs-unstable; getNixpkgs = ver: if ver == "25.05" then nixpkgs-25-05 else nixpkgs-unstable;
nodes = import ./nodes.nix; nodes = import ./nodes.nix;
mapping = import ./mapping.nix;
findRolesForHost = hostName: builtins.filter
(roleName: builtins.elem hostName mapping.${roleName}.hosts)
(builtins.attrNames mapping);
getModulesForHost = hostName: let
roles = findRolesForHost hostName;
modulesList = builtins.map
(role: mapping.${role}._inherit or [])
roles;
in builtins.concatLists modulesList;
defaultModules = [ defaultModules = [
agenix.nixosModules.default agenix.nixosModules.default
@ -47,7 +59,7 @@
nixosConfigurations = builtins.mapAttrs (name: config: nixosConfigurations = builtins.mapAttrs (name: config:
(getNixpkgs config.ver).lib.nixosSystem { (getNixpkgs config.ver).lib.nixosSystem {
system = config.system; system = config.system;
modules = config.modules ++ defaultModules ++ [{ hostName = "${name}"; }]; modules = getModulesForHost "${name}" ++ defaultModules ++ [{ hostName = "${name}"; }];
} }
) nodes; ) nodes;

13
mapping.nix
View file

@ -3,18 +3,27 @@
# If some "hostvars" are needed they should # If some "hostvars" are needed they should
# be declared here # be declared here
{ {
bastion = [ bastion = {
hosts = [
"bastion-mtz-lasuite-federez" "bastion-mtz-lasuite-federez"
"bastion-ren-lasuite-federez" "bastion-ren-lasuite-federez"
"bastion-aur-lasuite-federez" "bastion-aur-lasuite-federez"
]; ];
_inherit = [
./shared/bastion.nix
];
};
# For instance: # For instance:
# psql = { # psql = rec {
# master = "some-node-1"; # master = "some-node-1";
# slaves = [ # slaves = [
# "some-node-2" # "some-node-2"
# "some-node-3" # "some-node-3"
# ]; # ];
# hosts = [ master ] ++ slaves;
# _inherit = [
# "./shared/psql.nix"
# ];
# }; # };
} }

81
nodes.nix
View file

@ -8,9 +8,6 @@
id = 1; id = 1;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
./shared/bastion.nix
];
ip4 = "193.48.225.150/24"; ip4 = "193.48.225.150/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -31,9 +28,6 @@
id = 2; id = 2;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.48.225.151/24"; ip4 = "193.48.225.151/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -54,9 +48,6 @@
id = 3; id = 3;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.48.225.152/24"; ip4 = "193.48.225.152/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -77,9 +68,6 @@
id = 4; id = 4;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.48.225.153/24"; ip4 = "193.48.225.153/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -100,9 +88,6 @@
id = 5; id = 5;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.48.225.154/24"; ip4 = "193.48.225.154/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -123,9 +108,6 @@
id = 6; id = 6;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.48.225.155/24"; ip4 = "193.48.225.155/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -146,9 +128,6 @@
id = 7; id = 7;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.48.225.156/24"; ip4 = "193.48.225.156/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -169,9 +148,6 @@
id = 8; id = 8;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.48.225.157/24"; ip4 = "193.48.225.157/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -192,9 +168,6 @@
id = 9; id = 9;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.48.225.158/24"; ip4 = "193.48.225.158/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -215,9 +188,6 @@
id = 10; id = 10;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.48.225.159/24"; ip4 = "193.48.225.159/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -238,9 +208,6 @@
id = 11; id = 11;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.48.225.160/24"; ip4 = "193.48.225.160/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -261,9 +228,6 @@
id = 12; id = 12;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.48.225.161/24"; ip4 = "193.48.225.161/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -284,9 +248,6 @@
id = 13; id = 13;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.48.225.162/24"; ip4 = "193.48.225.162/24";
gIp4 = "193.48.225.254"; gIp4 = "193.48.225.254";
@ -311,9 +272,6 @@
id = 1; id = 1;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
./shared/bastion.nix
];
ip4 = "193.54.193.176/24"; ip4 = "193.54.193.176/24";
gIp4 = "193.54.193.254"; gIp4 = "193.54.193.254";
@ -334,9 +292,6 @@
id = 2; id = 2;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.54.193.177/24"; ip4 = "193.54.193.177/24";
gIp4 = "193.54.193.254"; gIp4 = "193.54.193.254";
@ -357,9 +312,6 @@
id = 3; id = 3;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.54.193.178/24"; ip4 = "193.54.193.178/24";
gIp4 = "193.54.193.254"; gIp4 = "193.54.193.254";
@ -380,9 +332,6 @@
id = 4; id = 4;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.54.193.179/24"; ip4 = "193.54.193.179/24";
gIp4 = "193.54.193.254"; gIp4 = "193.54.193.254";
@ -403,9 +352,6 @@
id = 5; id = 5;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.54.193.180/24"; ip4 = "193.54.193.180/24";
gIp4 = "193.54.193.254"; gIp4 = "193.54.193.254";
@ -426,9 +372,6 @@
id = 6; id = 6;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.54.193.181/24"; ip4 = "193.54.193.181/24";
gIp4 = "193.54.193.254"; gIp4 = "193.54.193.254";
@ -449,9 +392,6 @@
id = 7; id = 7;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.54.193.182/24"; ip4 = "193.54.193.182/24";
gIp4 = "193.54.193.254"; gIp4 = "193.54.193.254";
@ -472,9 +412,6 @@
id = 8; id = 8;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.54.193.183/24"; ip4 = "193.54.193.183/24";
gIp4 = "193.54.193.254"; gIp4 = "193.54.193.254";
@ -495,9 +432,6 @@
id = 9; id = 9;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.54.193.184/24"; ip4 = "193.54.193.184/24";
gIp4 = "193.54.193.254"; gIp4 = "193.54.193.254";
@ -518,9 +452,6 @@
id = 10; id = 10;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.54.193.185/24"; ip4 = "193.54.193.185/24";
gIp4 = "193.54.193.254"; gIp4 = "193.54.193.254";
@ -541,9 +472,6 @@
id = 11; id = 11;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.54.193.186/24"; ip4 = "193.54.193.186/24";
gIp4 = "193.54.193.254"; gIp4 = "193.54.193.254";
@ -564,9 +492,6 @@
id = 12; id = 12;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "193.54.193.187/24"; ip4 = "193.54.193.187/24";
gIp4 = "193.54.193.254"; gIp4 = "193.54.193.254";
@ -591,9 +516,6 @@
id = 1; id = 1;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
./shared/bastion.nix
];
ip4 = "45.66.111.188/24"; ip4 = "45.66.111.188/24";
gIp4 = "45.66.111.254"; gIp4 = "45.66.111.254";
@ -618,9 +540,6 @@
id = 2; id = 2;
system = "x86_64-linux"; system = "x86_64-linux";
ver = "25.05"; ver = "25.05";
modules = [
# TODO
];
ip4 = "45.66.111.189/24"; ip4 = "45.66.111.189/24";
gIp4 = "45.66.111.254"; gIp4 = "45.66.111.254";

4
shared/commons/mesh.nix
View file

@ -28,7 +28,7 @@ let
AllowedIPs = [ AllowedIPs = [
"172.19.${toString peerConfig.zone}.${toString peerConfig.id}/32" "172.19.${toString peerConfig.zone}.${toString peerConfig.id}/32"
"fc00::${toString peerConfig.zone}:${toString peerConfig.id}/128" "fc00::${toString peerConfig.zone}:${toString peerConfig.id}/128"
] ++ lib.optionals (lib.elem peerName mapping.bastion) [ ] ++ lib.optionals (lib.elem peerName mapping.bastion.hosts) [
"172.19.${toString (peerConfig.zone + 127)}.0/24" "172.19.${toString (peerConfig.zone + 127)}.0/24"
"fc00:f::${toString (peerConfig.zone + 127)}:0/112" "fc00:f::${toString (peerConfig.zone + 127)}:0/112"
]; ];
@ -42,7 +42,7 @@ let
}; };
# Return route for mgmt traffic # Return route for mgmt traffic
bastionConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.bastion) peerConfigs; bastionConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.bastion.hosts) peerConfigs;
rtwg4 = map (node: { rtwg4 = map (node: {
Gateway = "172.19.${toString node.zone}.${toString node.id}"; Gateway = "172.19.${toString node.zone}.${toString node.id}";

4
shared/commons/nftables.nix
View file

@ -48,7 +48,7 @@ in
# Mesh # Mesh
udp dport 51820 accept udp dport 51820 accept
${if lib.elem myName mapping.bastion then '' ${if lib.elem myName mapping.bastion.hosts then ''
# Mgmt # Mgmt
udp dport 51920 accept udp dport 51920 accept
'' else ""} '' else ""}
@ -64,7 +64,7 @@ in
ct state related,established accept ct state related,established accept
ct state invalid counter drop ct state invalid counter drop
${if lib.elem myName mapping.bastion then '' ${if lib.elem myName mapping.bastion.hosts then ''
iifname mgmt oifname mesh* accept iifname mgmt oifname mesh* accept
'' else ""} '' else ""}