diff --git a/.gitignore b/.gitignore index f9a759c..c56a9cf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .direnv .pre-commit-config.yaml +result diff --git a/flake.lock b/flake.lock index 0bf506f..2f033f3 100644 --- a/flake.lock +++ b/flake.lock @@ -27,7 +27,7 @@ }, "deploy-rs": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "nixpkgs": "nixpkgs_3", "utils": "utils" }, @@ -144,11 +144,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -174,6 +174,22 @@ } }, "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1673956053, @@ -189,7 +205,7 @@ "type": "github" } }, - "flake-compat_6": { + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1696426674, @@ -206,6 +222,27 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nix-snapshotter", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "servers", @@ -353,7 +390,7 @@ }, "git-hooks_2": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "gitignore": "gitignore_2", "nixpkgs": [ "servers", @@ -418,6 +455,27 @@ "type": "github" } }, + "globset": { + "inputs": { + "nixpkgs-lib": [ + "nix-snapshotter", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729844927, + "narHash": "sha256-nBkQx23jgpGPk3aU2KcqJCoYvzjsKEjWBePmc2z8N3k=", + "owner": "pdtpartners", + "repo": "globset", + "rev": "eb9d9e64b7ab0a64c34ba4a5a990b66506401c35", + "type": "github" + }, + "original": { + "owner": "pdtpartners", + "repo": "globset", + "type": "github" + } + }, "haumea": { "inputs": { "nixpkgs": [ @@ -465,7 +523,7 @@ }, "kubenix_2": { "inputs": { - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_6", "nixpkgs": [ "servers", "nixpkgs-unstable" @@ -542,8 +600,31 @@ }, "nix-snapshotter": { "inputs": { - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts", + "globset": "globset", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734289443, + "narHash": "sha256-oU3AGvzByR7622kntPUPIHfAreOIktAsJav2ATHuc18=", + "owner": "pdtpartners", + "repo": "nix-snapshotter", + "rev": "387e220d369dfa0ad093035515e8757f83144be8", + "type": "github" + }, + "original": { + "owner": "pdtpartners", + "repo": "nix-snapshotter", + "type": "github" + } + }, + "nix-snapshotter_2": { + "inputs": { + "flake-compat": "flake-compat_7", + "flake-parts": "flake-parts_2", "nixpkgs": [ "servers", "nixpkgs-unstable" @@ -595,16 +676,16 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1734470616, - "narHash": "sha256-8pQ2ar2NVU3ehf1o9DHcn3rlsl440eOWcEv7bQfiOec=", + "lastModified": 1734627884, + "narHash": "sha256-C1Ih6EgmEmr2D3W0wfeR4/uTwqeyhtnPaWoT8baFmhw=", "owner": "pizzapim", "repo": "NixNG", - "rev": "fd29c877186dbb06d5593d734952baec199a5261", + "rev": "069d0fe8096fd2306e388e90d936cd3741896b80", "type": "github" }, "original": { "owner": "pizzapim", - "ref": "radicale", + "ref": "specialargs", "repo": "NixNG", "type": "github" } @@ -838,6 +919,7 @@ "flake-utils": "flake-utils_2", "git-hooks": "git-hooks", "kubenix": "kubenix", + "nix-snapshotter": "nix-snapshotter", "nixhelm": "nixhelm", "nixng": "nixng", "nixpkgs": "nixpkgs_2", @@ -853,7 +935,7 @@ "flake-utils": "flake-utils_6", "git-hooks": "git-hooks_2", "kubenix": "kubenix_2", - "nix-snapshotter": "nix-snapshotter", + "nix-snapshotter": "nix-snapshotter_2", "nixng": "nixng_2", "nixos-facter-modules": "nixos-facter-modules", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index ad58734..19b3ff4 100644 --- a/flake.nix +++ b/flake.nix @@ -41,7 +41,12 @@ }; nixng = { - url = "github:pizzapim/NixNG/radicale"; + url = "github:pizzapim/NixNG/specialargs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nix-snapshotter = { + url = "github:pdtpartners/nix-snapshotter"; inputs.nixpkgs.follows = "nixpkgs"; }; }; @@ -53,5 +58,6 @@ ./globals.nix ./formatter.nix ./shell.nix + ./nixng-configurations ]; } diff --git a/images/dnsmasq.nix b/images/dnsmasq.nix deleted file mode 100644 index 08189f9..0000000 --- a/images/dnsmasq.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - globals, - nixpkgs, - nglib, - ... -}: -nglib.makeSystem { - inherit nixpkgs; - system = "x86_64-linux"; - name = "nixng-dnsmasq"; - - config = {...}: { - dinit.enable = true; - init.services.dnsmasq.shutdownOnExit = true; - - services.dnsmasq = { - enable = true; - - settings = { - address = [ - "/kms.kun.is/${globals.kmsIPv4}" - "/ssh.git.kun.is/${globals.gitIPv4}" - ]; - - alias = "${globals.routerPublicIPv4},${globals.traefikIPv4}"; - expand-hosts = true; - local = "/dmz/"; - log-queries = true; - no-hosts = true; - no-resolv = true; - port = 53; - - server = [ - "192.168.30.1" - "/kun.is/${globals.bind9IPv4}" - ]; - }; - }; - }; -} diff --git a/kubenix.nix b/kubenix.nix index 393c37c..417d5a7 100644 --- a/kubenix.nix +++ b/kubenix.nix @@ -21,8 +21,8 @@ flake-utils.lib.eachDefaultSystem inherit (self) globals; utils = import ./utils.nix { - inherit pkgs; - inherit (inputs) nixpkgs nixng; + inherit pkgs self; + inherit (inputs) nixpkgs nixng nix-snapshotter; inherit (self) globals; }; }; diff --git a/modules/dnsmasq.nix b/modules/dnsmasq.nix index 5cc6b0a..8a66159 100644 --- a/modules/dnsmasq.nix +++ b/modules/dnsmasq.nix @@ -1,5 +1,4 @@ { - self, utils, globals, config, @@ -17,7 +16,7 @@ metadata.labels.app = "dnsmasq"; spec.containers.dnsmasq = { - image = utils.nixSnapshotterRef (utils.mkNixNGImage "dnsmasq" "${self}/images/dnsmasq.nix"); + image = utils.mkNixNGImage2 "dnsmasq"; imagePullPolicy = "Always"; ports.dns = { diff --git a/nixng-configurations/default.nix b/nixng-configurations/default.nix new file mode 100644 index 0000000..40af6ae --- /dev/null +++ b/nixng-configurations/default.nix @@ -0,0 +1,21 @@ +{ + self, + flake-utils, + nixng, + nixpkgs, + ... +}: +flake-utils.lib.eachDefaultSystem (system: let + images = { + dnsmasq = ./dnsmasq.nix; + }; +in { + nixngConfigurations = builtins.mapAttrs (name: configFile: + nixng.nglib.makeSystem { + inherit nixpkgs system; + name = "nixng-${name}"; + specialArgs = {inherit (self) globals;}; + config = import configFile; + }) + images; +}) diff --git a/nixng-configurations/dnsmasq.nix b/nixng-configurations/dnsmasq.nix new file mode 100644 index 0000000..e673ec1 --- /dev/null +++ b/nixng-configurations/dnsmasq.nix @@ -0,0 +1,28 @@ +{globals, ...}: { + dinit.enable = true; + init.services.dnsmasq.shutdownOnExit = true; + + services.dnsmasq = { + enable = true; + + settings = { + address = [ + "/kms.kun.is/${globals.kmsIPv4}" + "/ssh.git.kun.is/${globals.gitIPv4}" + ]; + + alias = "${globals.routerPublicIPv4},${globals.traefikIPv4}"; + expand-hosts = true; + local = "/dmz/"; + log-queries = true; + no-hosts = true; + no-resolv = true; + port = 53; + + server = [ + "192.168.30.1" + "/kun.is/${globals.bind9IPv4}" + ]; + }; + }; +} diff --git a/utils.nix b/utils.nix index 99201ad..8e75d68 100644 --- a/utils.nix +++ b/utils.nix @@ -1,8 +1,10 @@ { + self, pkgs, nixpkgs, nixng, globals, + nix-snapshotter, ... }: { mkNixNGImage = name: file: let @@ -27,4 +29,12 @@ }; nixSnapshotterRef = imagePath: "nix:0${imagePath}"; + + mkNixNGImage2 = name: + (nix-snapshotter.packages.${pkgs.stdenv.system}.nix-snapshotter.buildImage { + inherit name; + resolvedByNix = true; + config.entrypoint = ["${self.nixngConfigurations.${pkgs.stdenv.system}.${name}.config.system.build.toplevel}/init"]; + }) + .image; }