diff --git a/flake.lock b/flake.lock index 9525357..5926008 100644 --- a/flake.lock +++ b/flake.lock @@ -78,6 +78,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1696426674, @@ -147,9 +163,32 @@ "type": "github" } }, - "nix-snapshotter": { + "kubenix": { "inputs": { "flake-compat": "flake-compat_2", + "nixpkgs": [ + "nixpkgs-unstable" + ], + "systems": "systems_3", + "treefmt": "treefmt" + }, + "locked": { + "lastModified": 1717788185, + "narHash": "sha256-Uc6QSQqJa2lyv/1W4StwoKrjtq7cFjlKNhdrtanToGo=", + "owner": "pizzapim", + "repo": "kubenix", + "rev": "a9590abe23a2f7577bc3271d90955e9ccc2923fe", + "type": "github" + }, + "original": { + "owner": "pizzapim", + "repo": "kubenix", + "type": "github" + } + }, + "nix-snapshotter": { + "inputs": { + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs-unstable" @@ -169,6 +208,27 @@ "type": "github" } }, + "nixng": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726571270, + "narHash": "sha256-LEug48WOL+mmFYtKM57e/oudgjBk2Km5zIP3p27hF8I=", + "owner": "pizzapim", + "repo": "NixNG", + "rev": "9538892da603608f0176d07d33b1265e038c0adf", + "type": "github" + }, + "original": { + "owner": "pizzapim", + "ref": "dnsmasq", + "repo": "NixNG", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1722332872, @@ -255,7 +315,9 @@ "disko": "disko", "dns": "dns", "flake-utils": "flake-utils_2", + "kubenix": "kubenix", "nix-snapshotter": "nix-snapshotter", + "nixng": "nixng", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", @@ -313,6 +375,41 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "treefmt": { + "inputs": { + "nixpkgs": [ + "kubenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688026376, + "narHash": "sha256-qJmkr9BWDpqblk4E9/rCsAEl39y2n4Ycw6KRopvpUcY=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "df3f32b0cc253dfc7009b7317e8f0e7ccd70b1cf", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems" diff --git a/flake.nix b/flake.nix index 1d4652a..6aa6909 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,16 @@ url = "github:pdtpartners/nix-snapshotter"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; + + nixng = { + url = "github:pizzapim/NixNG/dnsmasq"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + kubenix = { + url = "github:pizzapim/kubenix"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; }; outputs = diff --git a/modules/k3s/default.nix b/modules/k3s/default.nix index a5249a8..da524ff 100644 --- a/modules/k3s/default.nix +++ b/modules/k3s/default.nix @@ -1,4 +1,4 @@ -{ self, inputs, pkgs, lib, config, ... }: +{ self, inputs, pkgs, lib, config, globals, ... }: let cfg = config.lab.k3s; in @@ -165,6 +165,31 @@ in ''; }; + nixng = lib.mkIf (cfg.role == "server") + ( + let + dnsmasqStream = (import ./dnsmasq.nix { + inherit (inputs) nixpkgs nixng; + inherit (inputs.nixng) nglib; + inherit (self) globals; + }).config.system.build.ociImage.stream; + + dnsmasqImage = pkgs.stdenv.mkDerivation { + name = "dnsmasq.tar"; + src = dnsmasqStream; + dontUnpack = true; + buildPhase = '' + $src > $out + ''; + }; + in + { + text = '' + ln -sf ${dnsmasqImage} /root/dnsmasq.tar + ''; + } + ); + docker-images.text = let imageDefs = import "${self}/container-images.nix"; diff --git a/modules/k3s/dnsmasq.nix b/modules/k3s/dnsmasq.nix new file mode 100644 index 0000000..6fc8c4f --- /dev/null +++ b/modules/k3s/dnsmasq.nix @@ -0,0 +1,41 @@ +{ globals, nixpkgs, nglib, ... }: +nglib.makeSystem { + inherit nixpkgs; + system = "x86_64-linux"; + name = "nixng-dnsmasq"; + + config = { ... }: { + dumb-init = { + enable = true; + type.services = { }; + }; + + init.services.dnsmasq = { + shutdownOnExit = true; + }; + + services.dnsmasq = { + enable = true; + + settings = { + address = [ + "/kms.kun.is/${globals.kmsIPv4}" + "/ssh.git.kun.is/${globals.gitIPv4}" + ]; + + alias = "${globals.routerPublicIPv4},${globals.traefikIPv4}"; + expand-hosts = true; + local = "/dmz/"; + log-queries = true; + no-hosts = true; + no-resolv = true; + port = 53; + + server = [ + "192.168.30.1" + "/kun.is/${globals.bind9IPv4}" + ]; + }; + }; + }; +}