malobeo/infrastructure
2
1
Fork 1
Code Issues 40 Pull Requests 4 Actions Projects 3 Releases Wiki Activity

Compare commits

base: malobeo:staging
Branches Tags
malobeo:master malobeo:nixpkgs_bump_20260319 malobeo:nixpkgs_bump_20260312 malobeo:nixpkgs_bump_20260305 malobeo:debug_mode malobeo:dns malobeo:vaultwarden malobeo:nextcloud_deck_derivation malobeo:staging malobeo:script malobeo:zineshop malobeo:nextcloud_upgrade_31 malobeo:printer-module malobeo:microvm-dirs malobeo:sanoid malobeo:issue77 malobeo:reproducible-deployments malobeo:reproducible-deployments-filestructure malobeo:issue31 malobeo:microvm-module malobeo:issue47 malobeo:hostbuilder malobeo:better-workflows malobeo:issue51 malobeo:local-testing-v2 malobeo:gitea malobeo:fileserver
..
compare: malobeo:0347fa68c7c8aca254fe18b902f608e54a54a502
Branches Tags
malobeo:nixpkgs_bump_20260319 malobeo:master malobeo:nixpkgs_bump_20260312 malobeo:nixpkgs_bump_20260305 malobeo:debug_mode malobeo:dns malobeo:vaultwarden malobeo:nextcloud_deck_derivation malobeo:staging malobeo:script malobeo:zineshop malobeo:nextcloud_upgrade_31 malobeo:printer-module malobeo:microvm-dirs malobeo:sanoid malobeo:issue77 malobeo:reproducible-deployments malobeo:reproducible-deployments-filestructure malobeo:issue31 malobeo:microvm-module malobeo:issue47 malobeo:hostbuilder malobeo:better-workflows malobeo:issue51 malobeo:local-testing-v2 malobeo:gitea malobeo:fileserver

8 Commits
staging ... 0347fa68c7

Author SHA1 Message Date
kalipso
0347fa68c7 [hosts] use hostId in offsite net
All checks were successful
Check flake syntax / flake-check (push) Successful in 5m29s
Details
2026-01-30 20:26:12 +01:00
kalipso
f0e1f07c3e [zones] set ns1 A record 2026-01-30 20:25:49 +01:00
kalipso
b4d199d00c [ns1] setup forwarding, open ports 2026-01-30 20:25:10 +01:00
kalipso
bec232a023 [run-vm] override network cfg for local testing 2026-01-30 20:24:43 +01:00
kalipso
62c92821b4 [microvm] put vms on local network
All checks were successful
Check flake syntax / flake-check (push) Successful in 5m27s
Details
2026-01-28 15:27:21 +01:00
kalipso
eb1ec22605 [hosts] dont configure network on offsite hosts
Some checks failed
Check flake syntax / flake-check (push) Failing after 1m44s
Details
2026-01-26 14:10:49 +01:00
kalipso
cb5e68ef16 [dns] init
Some checks failed
Check flake syntax / flake-check (push) Failing after 3m49s
Details
2026-01-26 14:05:12 +01:00
ahtlon
2fda92f712 Merge branch 'staging'
All checks were successful
Check flake syntax / flake-check (push) Successful in 22m9s
Details
2025-12-23 19:14:25 +01:00
7 changed files with 253 additions and 69 deletions
Expand all files Collapse all files

39
flake.lock generated
View File

@@ -21,6 +21,27 @@
"type": "github"
}
},
"dns": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1768143854,
"narHash": "sha256-E5/kyPz4zAZn/lZdvqlF83jMgCWNxmqYjjWuadngCbk=",
"owner": "kirelagin",
"repo": "dns.nix",
"rev": "a97cf4156e9f044fe4bed5be531061000dfabb07",
"type": "github"
},
"original": {
"owner": "kirelagin",
"repo": "dns.nix",
"type": "github"
}
},
"ep3-bs": {
"inputs": {
"nixpkgs": [
@@ -43,6 +64,21 @@
}
},
"flake-utils": {
"locked": {
"lastModified": 1614513358,
"narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5466c5bbece17adaab2d82fae80b46e807611bf3",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
@@ -102,7 +138,7 @@
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
@@ -225,6 +261,7 @@
"root": {
"inputs": {
"disko": "disko",
"dns": "dns",
"ep3-bs": "ep3-bs",
"home-manager": "home-manager",
"mfsync": "mfsync",

5
flake.nix
View File

@@ -13,6 +13,11 @@
disko.url = "github:nix-community/disko/latest";
disko.inputs.nixpkgs.follows = "nixpkgs";
dns = {
url = "github:kirelagin/dns.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
utils = {
url = "github:numtide/flake-utils";
};

100
machines/hosts.nix
View File

@@ -1,82 +1,102 @@
{ ... }:
let
createMaloNet = hostId: mac: {
local = true;
hostId = hostId;
address = "192.168.1.${hostId}";
gateway = "192.168.1.1";
nameservers = [ "192.168.1.17" "1.1.1.1" ]; #setting ns1 as nameserver
mac = mac;
};
createOffsiteNet = hostId: mac: {
local = false;
hostId = hostId;
address = "10.0.0.${hostId}";
gateway = "10.0.0.1";
nameservers = [ "1.1.1.1" ];
mac = mac;
};
in
{
#TODO: fix local 192.168.1.0/24 addresses they are just palceholders!
malobeo = {
hosts = {
louise = {
type = "host";
network = {
local = true;
hostId = "11";
address = "192.168.1.11";
};
};
bakunin = {
type = "host";
network = {
local = true;
hostId = "12";
address = "192.168.1.12";
};
};
fanny = {
type = "host";
network = {
local = true;
hostId = "13";
address = "192.168.1.13";
};
};
lucia = {
type = "rpi";
network = {
local = true;
hostId = "15";
address = "192.168.1.15";
};
};
durruti = {
type = "microvm";
network = {
address = "10.0.0.5";
mac = "52:DA:0D:F9:EF:F9";
};
network = createMaloNet "5" "52:DA:0D:F9:EF:F9";
};
vpn = {
type = "microvm";
network = {
address = "10.0.0.10";
mac = "D0:E5:CA:F0:D7:E6";
};
network = createOffsiteNet "10" "52:DA:0D:F9:EF:E6";
};
infradocs = {
type = "microvm";
network = {
address = "10.0.0.11";
mac = "D0:E5:CA:F0:D7:E7";
};
network = createMaloNet "11" "52:DA:0D:F9:EF:E7";
};
uptimekuma = {
type = "microvm";
network = {
address = "10.0.0.12";
mac = "D0:E5:CA:F0:D7:E8";
};
network = createOffsiteNet "12" "52:DA:0D:F9:EF:E8";
};
nextcloud = {
type = "microvm";
network = {
address = "10.0.0.13";
mac = "D0:E5:CA:F0:D7:E9";
};
network = createMaloNet "13" "52:DA:0D:F9:EF:E9";
};
overwatch = {
type = "microvm";
network = {
address = "10.0.0.14";
mac = "D0:E5:CA:F0:D7:E0";
};
network = createMaloNet "14" "52:DA:0D:F9:EF:E0";
};
zineshop = {
type = "microvm";
network = {
address = "10.0.0.15";
mac = "D0:E5:CA:F0:D7:F1";
};
network = createMaloNet "15" "52:DA:0D:F9:EF:F1";
};
testvm = {
type = "host";
ns1 = {
type = "microvm";
network = createMaloNet "17" "52:DA:0D:F9:EF:F3";
};
};
};

25
machines/modules/host_builder.nix
View File

@@ -43,7 +43,7 @@ rec {
];
defaultModules = baseModules;
makeMicroVM = hostName: ipv4Addr: macAddr: modules: [
makeMicroVM = hostName: network: modules: [
{
microvm = {
hypervisor = "cloud-hypervisor";
@@ -83,7 +83,7 @@ rec {
{
type = "tap";
id = "vm-${hostName}";
mac = "${macAddr}";
mac = "${network.mac}";
}
];
};
@@ -93,9 +93,9 @@ rec {
systemd.network.networks."20-lan" = {
matchConfig.Type = "ether";
networkConfig = {
Address = [ "${ipv4Addr}/24" ];
Gateway = "10.0.0.1";
DNS = ["1.1.1.1"];
Address = [ "${network.address}/24" ];
Gateway = "${network.gateway}";
DNS = network.nameservers;
DHCP = "no";
};
};
@@ -165,6 +165,16 @@ rec {
});
};
systemd.network.networks."20-lan" = pkgs.lib.mkForce {
matchConfig.Type = "ether";
networkConfig = {
Address = [ "10.0.0.${hosts.malobeo.hosts.${hostname}.network.hostId}/24" ];
Gateway = "10.0.0.1";
DNS = [ "1.1.1.1" ];
DHCP = "no";
};
};
boot.isContainer = pkgs.lib.mkForce false;
services.timesyncd.enable = false;
users.users.root.password = "";
@@ -210,8 +220,7 @@ rec {
specialArgs.self = self;
config = {
imports = (makeMicroVM "${name}"
"${hosts.malobeo.hosts.${name}.network.address}"
"${hosts.malobeo.hosts.${name}.network.mac}" [
hosts.malobeo.hosts.${name}.network [
../${name}/configuration.nix
(vmMicroVMOverwrites name {
withNetworking = true;
@@ -250,7 +259,7 @@ rec {
modules = (if (settings.type != "microvm") then
defaultModules ++ [ ../${host}/configuration.nix ]
else
makeMicroVM "${host}" "${settings.network.address}" "${settings.network.mac}" [
makeMicroVM "${host}" settings.network [
inputs.microvm.nixosModules.microvm
../${host}/configuration.nix
]);

60
machines/modules/malobeo/microvm_host.nix
View File

@@ -14,6 +14,26 @@ in
description = lib.mdDoc "Setup bridge device for microvms.";
};
interface = mkOption {
default = "eno1";
type = types.str;
};
gateway = mkOption {
default = "10.0.0.1";
type = types.str;
};
address = mkOption {
default = "10.0.0.1/24";
type = types.str;
};
dns = mkOption {
default = [ "1.1.1.1" ];
type = types.listOf types.str;
};
enableHostBridgeUnstable = mkOption {
default = false;
type = types.bool;
@@ -47,29 +67,29 @@ in
systemd.network = mkIf (cfg.enableHostBridge || cfg.enableHostBridgeUnstable) {
enable = true;
# create a bride device that all the microvms will be connected to
netdevs."10-microvm".netdevConfig = {
Kind = "bridge";
Name = "microvm";
};
networks."10-microvm" = {
matchConfig.Name = "microvm";
networks."10-lan" = {
matchConfig.Name = [ "${cfg.interface}" "vm-*"];
networkConfig = {
DHCPServer = true;
IPv6SendRA = true;
Bridge = "malobeo0";
};
addresses = if cfg.enableHostBridgeUnstable then [
{ Address = "10.0.0.1/24"; }
] else [
{ Address = "10.0.0.1/24"; }
];
};
# connect the vms to the bridge
networks."11-microvm" = {
matchConfig.Name = "vm-*";
networkConfig.Bridge = "microvm";
netdevs."malobeo0" = {
netdevConfig = {
Name = "malobeo0";
Kind = "bridge";
};
};
networks."10-lan-bridge" = {
matchConfig.Name = "malobeo0";
networkConfig = {
Address = [ "${cfg.address}" ];
Gateway = "${cfg.gateway}";
DNS = cfg.dns;
IPv6AcceptRA = true;
};
linkConfig.RequiredForOnline = "routable";
};
};

41
machines/modules/malobeo/zones.nix Normal file
View File

@@ -0,0 +1,41 @@
{ inputs }:
let
vpnNS = "vpn";
localNS = "hq";
peers = import ./peers.nix;
hosts = ((import ../../hosts.nix ) {}).malobeo.hosts;
in
{
SOA = {
nameServer = "ns1";
adminEmail = "admin@malobeo.org";
serial = 2019030801;
};
useOrigin = false;
NS = [
"ns1.malobeo.org."
];
subdomains = {
ns1 = {
A = [ hosts.ns1.network.address ];
};
${localNS} = {
A = [ hosts.fanny.network.address ];
subdomains = builtins.mapAttrs (name: value: if value.network.local == true then {
A = [ value.network.address ];
} else {}) hosts;
};
${vpnNS} = {
A = [ peers.vpn.address ];
subdomains = builtins.mapAttrs (name: value: if value.role != "server" then {
A = [ value.address ];
} else {}) peers;
};
};
}

52
machines/ns1/configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
{ config, self, lib, inputs, pkgs, ... }:
with lib;
with inputs;
let
dns = inputs.dns;
in
{
networking = {
hostName = mkDefault "ns1";
useDHCP = false;
};
imports = [
../modules/malobeo_user.nix
../modules/sshd.nix
../modules/minimal_tools.nix
../modules/autoupdate.nix
];
networking.firewall = {
enable = true;
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
services.bind = {
enable = true;
forwarders = [
"1.1.1.1"
"1.0.0.1"
];
cacheNetworks = [
"127.0.0.0/24"
"10.0.0.0/24"
"192.168.1.0/24"
"10.100.0.0/24"
];
zones = {
"malobeo.org" = {
master = true;
file = pkgs.writeText "zone-malobeo.org" (dns.lib.toString "malobeo.org" (import ../modules/malobeo/zones.nix { inherit inputs; }));
};
};
};
system.stateVersion = "22.11"; # Did you read the comment?
}