From 24eb83266a8368b10719ed305e293a782744cb14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Krop=C3=A1=C4=8Dek?= <kropikuba@gmail.com>
Date: Thu, 19 Dec 2024 00:02:50 +0100
Subject: [PATCH] more things added
---
flake.nix | 2 +-
hosts/base.nix | 8 ++++--
hosts/gateway.nix | 1 -
hosts/tailscale-proxy.nix | 11 ++++++++
lib.nix | 14 +++++++---
nixosModules/default.nix | 4 ++-
nixosModules/networking/default.nix | 26 ++++++++++++++++++
nixosModules/services/default.nix | 7 +++++
nixosModules/services/ssh/default.nix | 22 +++++++++++++++
nixosModules/services/tailscale/default.nix | 30 +++++++++++++++++++++
10 files changed, 117 insertions(+), 8 deletions(-)
delete mode 100644 hosts/gateway.nix
create mode 100644 hosts/tailscale-proxy.nix
create mode 100644 nixosModules/networking/default.nix
create mode 100644 nixosModules/services/default.nix
create mode 100644 nixosModules/services/ssh/default.nix
create mode 100644 nixosModules/services/tailscale/default.nix
diff --git a/flake.nix b/flake.nix
index 33b30b8..ed2f36e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -20,7 +20,7 @@
in
{
nixosConfigurations = {
- gateway = kclib.mkHost "gateway" "x86_64-linux";
+ tailscale-proxy = kclib.mkHost "tailscale-proxy" "x86_64-linux";
entrypoint = kclib.mkHost "entrypoint" "x86_64-linux";
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
diff --git a/hosts/base.nix b/hosts/base.nix
index ba59127..f7ca25d 100644
--- a/hosts/base.nix
+++ b/hosts/base.nix
@@ -2,8 +2,7 @@
...
}:
{
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
+ nixpkgs.config.allowUnfree = true;
kropcloud = {
admin = {
@@ -13,6 +12,11 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUnlAjPnMwJYgZb7YuholdTxifOEFnAyXVqI+xFlHw6 krop@lenar"
];
};
+ services = {
+ ssh = {
+ enable = true;
+ };
+ };
};
system.stateVersion = "24.11";
diff --git a/hosts/gateway.nix b/hosts/gateway.nix
deleted file mode 100644
index b021e28..0000000
--- a/hosts/gateway.nix
+++ /dev/null
@@ -1 +0,0 @@
-{ }: { }
diff --git a/hosts/tailscale-proxy.nix b/hosts/tailscale-proxy.nix
new file mode 100644
index 0000000..aa0449c
--- /dev/null
+++ b/hosts/tailscale-proxy.nix
@@ -0,0 +1,11 @@
+{ ... }:
+{
+ kropcloud = {
+ services = {
+ tailscale = {
+ enable = true;
+ asRouter.enable = true;
+ };
+ };
+ };
+}
diff --git a/lib.nix b/lib.nix
index b763a87..f45f642 100644
--- a/lib.nix
+++ b/lib.nix
@@ -3,17 +3,25 @@
inputs,
}:
{
- mkHost = name: arch: {
- nixpkgs.lib.nixosSystem = {
+ mkHost =
+ name: arch:
+ nixpkgs.lib.nixosSystem {
system = arch;
modules = [
./hosts/base.nix
./hosts/${name}.nix
./nixosModules
+ (
+ { ... }:
+ {
+ config = {
+ networking.hostName = name;
+ };
+ }
+ )
];
specialArgs = {
inherit inputs;
};
};
- };
}
diff --git a/nixosModules/default.nix b/nixosModules/default.nix
index 7335a40..03cdb17 100644
--- a/nixosModules/default.nix
+++ b/nixosModules/default.nix
@@ -1,6 +1,8 @@
-{ }:
+{ ... }:
{
imports = [
+ ./services
+ ./networking
./users
./locale
];
diff --git a/nixosModules/networking/default.nix b/nixosModules/networking/default.nix
new file mode 100644
index 0000000..cf6ae06
--- /dev/null
+++ b/nixosModules/networking/default.nix
@@ -0,0 +1,26 @@
+{
+ config,
+ lib,
+ ...
+}:
+let
+ cfg = config.kropcloud.networking;
+in
+{
+ options.kropcloud.networking = {
+ enable = lib.mkOption {
+ type = lib.types.bool;
+ description = "Whence to configure networking";
+ default = true;
+ example = false;
+ };
+ };
+ config = lib.mkIf cfg.enable {
+ networking = {
+ nftables.enable = true;
+ firewall = {
+ checkReversePath = "loose";
+ };
+ };
+ };
+}
diff --git a/nixosModules/services/default.nix b/nixosModules/services/default.nix
new file mode 100644
index 0000000..76b5211
--- /dev/null
+++ b/nixosModules/services/default.nix
@@ -0,0 +1,7 @@
+{ ... }:
+{
+ imports = [
+ ./ssh
+ ./tailscale
+ ];
+}
diff --git a/nixosModules/services/ssh/default.nix b/nixosModules/services/ssh/default.nix
new file mode 100644
index 0000000..ed3cbee
--- /dev/null
+++ b/nixosModules/services/ssh/default.nix
@@ -0,0 +1,22 @@
+{
+ config,
+ lib,
+ ...
+}:
+let
+ cfg = config.kropcloud.services.ssh;
+in
+{
+ options.kropcloud.services.ssh = {
+ enable = lib.mkEnableOption "Whence to enable sshd service.";
+ };
+ config = lib.mkIf cfg.enable {
+ services.openssh = {
+ enable = true;
+ settings = {
+ PermitRootLogin = "no";
+ PasswordAuthentication = false;
+ };
+ };
+ };
+}
diff --git a/nixosModules/services/tailscale/default.nix b/nixosModules/services/tailscale/default.nix
new file mode 100644
index 0000000..e51b4f4
--- /dev/null
+++ b/nixosModules/services/tailscale/default.nix
@@ -0,0 +1,30 @@
+{
+ config,
+ lib,
+ ...
+}:
+let
+ cfg = config.kropcloud.services.tailscale;
+in
+{
+ options.kropcloud.services.tailscale = {
+ enable = lib.mkEnableOption "Whence to enable tailscale service.";
+ asRouter = {
+ enable = lib.mkEnableOption "Whence to configure tailscale as router.";
+ subnet = lib.mkOption {
+ type = lib.types.str;
+ default = "192.168.1.0/24";
+ example = "192.168.1.0/24";
+ description = "The subnet to expose";
+ };
+ };
+ };
+ config = lib.mkIf cfg.enable {
+ services.tailscale = {
+ enable = true;
+ openFirewall = true;
+ useRoutingFeatures = lib.mkIf cfg.asRouter.enable "server";
+ extraSetFlags = lib.mkIf cfg.asRouter.enable [ "--advertise-routes=${cfg.asRouter.subnet}" ];
+ };
+ };
+}