newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: newedge:b8dc4757ed43daba9927a3f6ea5f0d63310f6219
Branches Tags
newedge:main newedge:mob/fax-machine-relay newedge:fax-machine-relay newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/inventree-test newedge:inventree-test newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:b4l-vpn newedge:vega-ups newedge:mob/gitea newedge:gitea
..
compare: newedge:mob/vega-backup
Branches Tags
newedge:mob/fax-machine-relay newedge:fax-machine-relay newedge:main newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/inventree-test newedge:inventree-test newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:b4l-vpn newedge:vega-ups newedge:mob/gitea newedge:gitea

3 Commits
b8dc4757ed ... mob/vega-b

Author SHA1 Message Date
kurogeek
1d3487ab96 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/clan/zfs-snapshot-backup/default.nix
 2025-10-10 22:03:20 +07:00
kurogeek
2e999e41d9 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/clan/zfs-snapshot-backup/default.nix
 2025-10-10 17:01:14 +07:00
kurogeek
bd80062673 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:inventories/default.nix
 2025-10-10 16:48:19 +07:00
11 changed files with 33 additions and 250 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -2,4 +2,4 @@
# Ignore build outputs from performing a nix-build or `nix build` command # Ignore build outputs from performing a nix-build or `nix build` command
result result
result-* result-*
run-vm-*

19
flake.lock generated
View File

@@ -136,24 +136,6 @@
"type": "github" "type": "github"
} }
}, },
"liminix": {
"flake": false,
"locked": {
"lastModified": 1760426231,
"narHash": "sha256-r8c5PKtsxAvtQ/k17GH+WNvP47Lr+AbExLMPdLtvAKE=",
"ref": "refs/heads/fix-gl-ar750",
"rev": "3f1f7c08d440130cce9262a93ce78ed7969d93cd",
"revCount": 1574,
"type": "git",
"url": "https://git.b4l.co.th/newedge/liminix"
},
"original": {
"ref": "refs/heads/fix-gl-ar750",
"rev": "3f1f7c08d440130cce9262a93ce78ed7969d93cd",
"type": "git",
"url": "https://git.b4l.co.th/newedge/liminix"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -225,7 +207,6 @@
"devshell": "devshell", "devshell": "devshell",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"import-tree": "import-tree", "import-tree": "import-tree",
"liminix": "liminix",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
} }

5
flake.nix
View File

@@ -21,10 +21,6 @@
url = "github:numtide/treefmt-nix"; url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
liminix = {
url = "git+https://git.b4l.co.th/newedge/liminix?ref=refs/heads/fix-gl-ar750&rev=3f1f7c08d440130cce9262a93ce78ed7969d93cd";
flake = false;
};
}; };
outputs = outputs =
{ {
@@ -42,7 +38,6 @@
./shell.nix ./shell.nix
./machines ./machines
./routers
./inventories ./inventories
./modules/clan/flake-module.nix ./modules/clan/flake-module.nix
]; ];

20
inventories/default.nix
View File

@@ -5,8 +5,6 @@
tags = { tags = {
glom = [ "vega" ]; glom = [ "vega" ];
b4l = [ "rigel" ]; b4l = [ "rigel" ];
fax-bridge = [ "b4l" ];
}; };
instances = { instances = {
@@ -32,6 +30,16 @@
}; };
}; };
borgbackup = {
module = {
name = "borgbackup";
input = "clan-core";
};
roles.client.machines."vega".settings = {
};
};
glom-network = { glom-network = {
module = { module = {
name = "zerotier"; name = "zerotier";
@@ -50,14 +58,6 @@
roles.peer.tags.b4l = { }; roles.peer.tags.b4l = { };
}; };
yggdrasil = {
module = {
name = "yggdrasil";
input = "self";
};
roles.default.tags."fax-bridge" = { };
};
pocket-id = { pocket-id = {
module = { module = {
name = "pocket-id"; name = "pocket-id";

24
modules/clan/yggdrasil/default.nix
View File

@@ -1,24 +0,0 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "yggdrasil";
manifest.description = "An in scalable routing as an encrypted IPv6 overlay network";
manifest.categories = [ "System" ];
roles.default = {
perInstance.nixosModule =
{
lib,
config,
pkgs,
...
}:
{
clan.core.state.vikunja.folders = [
];
services.yggdrasil = {
enable = lib.mkDefault true;
};
};
};
}

39
modules/clan/yggdrasil/tests/vm/default.nix
View File

@@ -1,39 +0,0 @@
{
pkgs,
...
}:
{
name = "service-yggdrasil";
clan = {
directory = ./.;
inventory = {
machines.server = { };
instances = {
yggdrasil-test = {
module.name = "@clan/yggdrasil";
module.input = "self";
roles.default.machines."server".settings = { };
};
};
};
};
nodes = {
server = {
services.yggdrasil = {
};
};
};
testScript = ''
start_all()
server.wait_for_unit("yggdrasil")
# Check that garage is running
server.succeed("systemctl status yggdrasil")
'';
}

19
modules/clan/zfs-snapshot-backup/default.nix Normal file
View File

@@ -0,0 +1,19 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "zfs-snapshot-backup";
manifest.description = "Service to backup ZFS Snapshot on a remote machines";
manifest.categories = [ "System" ];
roles.default = {
perInstance.nixosModule =
{
lib,
config,
...
}:
{
};
};
}

6
modules/clan/yggdrasil/flake-module.nix → modules/clan/zfs-snapshot-backup/flake-module.nix
View File

@@ -4,15 +4,15 @@ let
in in
{ {
clan.modules = { clan.modules = {
yggdrasil = module; zfs-snapshot-backup = module;
}; };
perSystem = perSystem =
{ ... }: { ... }:
{ {
clan.nixosTests.yggdrasil = { clan.nixosTests.zfs-snapshot-backup = {
imports = [ ./tests/vm/default.nix ]; imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/yggdrasil" = module; clan.modules."@clan/zfs-snapshot-backup" = module;
}; };
}; };
} }

9
routers/default.nix
View File

@@ -1,9 +0,0 @@
{ inputs, ... }:
{
flake.legacyPackages = {
whitehouse-router = import "${inputs.liminix}/default.nix" {
device = (import "${inputs.liminix}/devices/gl-ar750");
liminix-config = import ./white-house/configuration.nix { inherit inputs; };
};
};
}

120
routers/white-house/configuration.nix
View File

@@ -1,120 +0,0 @@
{ inputs }:
{
config,
pkgs,
modulesPath,
lib,
...
}:
let
secrets = {
firewallRules = { };
}
// (import ./secrets.nix);
wirelessConfig = {
country_code = "TH";
inherit (secrets) wpa_passphrase;
wmm_enabled = 1;
};
svc = config.system.service;
in
{
imports = [
"${inputs.liminix}/modules/wlan.nix"
"${inputs.liminix}/modules/network"
"${inputs.liminix}/modules/vlan"
"${inputs.liminix}/modules/ssh"
"${inputs.liminix}/modules/bridge"
"${modulesPath}/profiles/gateway.nix"
];
hostname = "whitehouse";
boot = {
tftp = {
freeSpaceBytes = 3 * 1024 * 1024;
serverip = "${secrets.lan.prefix}.148";
ipaddr = "${secrets.lan.prefix}.251";
};
};
services.sshd = svc.ssh.build {
authorizedKeys.root = secrets.root.openssh.authorizedKeys.keys;
};
users.root = secrets.root;
services.resolvconf = lib.mkForce (
pkgs.liminix.services.oneshot rec {
name = "resolvconf";
up = ''
( in_outputs ${name}
echo "nameserver $(output ${config.services.wan} ns1)" > resolv.conf
echo "nameserver $(output ${config.services.wan} ns2)" >> resolv.conf
chmod 0444 resolv.conf
)
'';
}
);
profile.gateway = {
lan = {
interfaces = with config.hardware.networkInterfaces; [
wlan
wlan5
lan
];
inherit (secrets.lan) prefix;
address = {
family = "inet";
address = "${secrets.lan.prefix}.1";
prefixLength = 24;
};
dhcp = {
start = 10;
end = 240;
hosts = { };
localDomain = "lan";
};
};
wan = {
interface = svc.pppoe.build {
interface = config.hardware.networkInterfaces.wan;
username = secrets.l2tp.name;
password = secrets.l2tp.password;
};
dhcp6.enable = true;
};
firewall = {
enable = true;
rules = secrets.firewallRules;
};
wireless.networks = {
"${secrets.ssid}" = {
interface = config.hardware.networkInterfaces.wlan;
hw_mode = "g";
channel = "2";
ieee80211n = 1;
}
// wirelessConfig;
"${secrets.ssid}-5" = rec {
interface = config.hardware.networkInterfaces.wlan5;
hw_mode = "a";
channel = 36;
ht_capab = "[HT40+]";
vht_oper_chwidth = 1;
vht_oper_centr_freq_seg0_idx = channel + 6;
ieee80211n = 1;
ieee80211ac = 1;
}
// wirelessConfig;
};
};
defaultProfile.packages = with pkgs; [
busybox
iw
iptables
];
}

20
routers/white-house/secrets.nix
View File

@@ -1,20 +0,0 @@
{
wpa_passphrase = "";
ssid = "WhiteHouse";
l2tp = {
name = "";
password = "";
};
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcZ/p1Ofa9liwIzPWzNtONhJ7+FUWd2lCz33r81t8+w kurogeek@kurogeek"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAB/raxJR8gASmquP63weHelbi+da2WBJR1DgzHPNz/f"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuhpzDHBPvn8nv8RH1MRomDOaXyP4GziQm7r3MZ1Syk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmgyEGuY/r7SDlJgrzYmQqpcWS5W+fCzRi3OS59ne4W openpgp:0xFF687387"
];
};
lan = {
prefix = "192.168.1";
};
}