zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Remove zerotier

Browse Source
This commit is contained in:
Zuckerberg 2023-03-18 20:41:09 -06:00
parent 53c0e7ba1f
commit c48b1995f8
14 changed files with 22 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -3,7 +3,7 @@
### Source Layout ### Source Layout
- `/common` - common configuration imported into all `/machines` - `/common` - common configuration imported into all `/machines`
- `/boot` - config related to bootloaders, cpu microcode, and unlocking LUKS root disks over tor - `/boot` - config related to bootloaders, cpu microcode, and unlocking LUKS root disks over tor
- `/network` - config for tailscale, zeroteir, and NixOS container with automatic vpn tunneling via PIA - `/network` - config for tailscale, and NixOS container with automatic vpn tunneling via PIA
- `/pc` - config that a graphical desktop computer should have. Use `de.enable = true;` to enable everthing. - `/pc` - config that a graphical desktop computer should have. Use `de.enable = true;` to enable everthing.
- `/server` - config that creates new nixos services or extends existing ones to meet my needs - `/server` - config that creates new nixos services or extends existing ones to meet my needs
- `/ssh.nix` - all ssh public host and user keys for all `/machines` - `/ssh.nix` - all ssh public host and user keys for all `/machines`

4
TODO.md
View File

@ -52,10 +52,6 @@
- https://ampache.org/ - https://ampache.org/
- replace nextcloud with seafile - replace nextcloud with seafile
### Networking
- tailscale for p2p connections
- remove all use of zerotier
### Archive ### Archive
- https://www.backblaze.com/b2/cloud-storage.html - https://www.backblaze.com/b2/cloud-storage.html
- email - email

1
common/network/default.nix
View File

@ -13,7 +13,6 @@ in
./ping.nix ./ping.nix
./tailscale.nix ./tailscale.nix
./vpn.nix ./vpn.nix
./zerotier.nix
]; ];
options.networking.ip_forward = mkEnableOption "Enable ip forwarding"; options.networking.ip_forward = mkEnableOption "Enable ip forwarding";

18
common/network/hosts.nix
View File

@ -22,22 +22,10 @@ let
ponyo = "cfamr6artx75qvt7ho3rrbsc7mkucmv5aawebwflsfuorusayacffryd.onion"; ponyo = "cfamr6artx75qvt7ho3rrbsc7mkucmv5aawebwflsfuorusayacffryd.onion";
s0 = "r3zvf7f2ppaeithzswigma46pajt3hqytmkg3rshgknbl3jbni455fqd.onion"; s0 = "r3zvf7f2ppaeithzswigma46pajt3hqytmkg3rshgknbl3jbni455fqd.onion";
}; };
zerotierHosts = {
"s0.zt.neet.dev" = "172.30.145.180";
"ponyo.zt.neet.dev" = "172.30.109.9";
"ray.zt.neet.dev" = "172.30.189.212";
};
in { in {
# some DNS providers filter local ip results from DNS request
networking.hosts = concatMapAttrs (host: ip: {ip = [host];}) zerotierHosts;
# TODO only add if zerotier is enabled
keepalive-ping.hosts = attrNames zerotierHosts;
programs.ssh.knownHosts = { programs.ssh.knownHosts = {
ponyo = { ponyo = {
hostNames = [ "ponyo" "ponyo.neet.dev" "ponyo.zt.neet.dev" "git.neet.dev" ]; hostNames = [ "ponyo" "ponyo.neet.dev" "git.neet.dev" ];
publicKey = system.ponyo; publicKey = system.ponyo;
}; };
ponyo-unlock = { ponyo-unlock = {
@ -53,11 +41,11 @@ in {
publicKey = system.router-unlock; publicKey = system.router-unlock;
}; };
ray = { ray = {
hostNames = [ "ray" "ray.zt.neet.dev" ]; hostNames = [ "ray" ];
publicKey = system.ray; publicKey = system.ray;
}; };
s0 = { s0 = {
hostNames = [ "s0" "s0.zt.neet.dev" ]; hostNames = [ "s0" ];
publicKey = system.s0; publicKey = system.s0;
}; };
s0-unlock = { s0-unlock = {

1
common/network/ping.nix
View File

@ -10,7 +10,6 @@ with builtins;
let let
cfg = config.keepalive-ping; cfg = config.keepalive-ping;
# keepalive-ping = {
serviceTemplate = host: serviceTemplate = host:
{ {
"keepalive-ping@${host}" = { "keepalive-ping@${host}" = {

6
common/network/tailscale.nix
View File

@ -8,7 +8,11 @@ in
{ {
options.services.tailscale.exitNode = mkEnableOption "Enable exit node support"; options.services.tailscale.exitNode = mkEnableOption "Enable exit node support";
config.services.tailscale.enable = !config.boot.isContainer; config.services.tailscale.enable = mkDefault (!config.boot.isContainer);
# MagicDNS
config.networking.nameservers = mkIf cfg.enable [ "1.1.1.1" "8.8.8.8" "100.100.100.100" ];
config.networking.search = mkIf cfg.enable [ "koi-bebop.ts.net" ];
# exit node # exit node
config.networking.firewall.checkReversePath = mkIf cfg.exitNode "loose"; config.networking.firewall.checkReversePath = mkIf cfg.exitNode "loose";

16
common/network/zerotier.nix
View File

@ -1,16 +0,0 @@
{ lib, config, ... }:
let
cfg = config.services.zerotierone;
in {
config = lib.mkIf cfg.enable {
keepalive-ping.enable = true;
services.zerotierone.joinNetworks = [
"565799d8f6d654c0"
];
networking.firewall.allowedUDPPorts = [
9993
];
};
}

8
common/pc/mount-samba.nix
View File

@ -1,4 +1,4 @@
# mounts the samba share on s0 over zeroteir # mounts the samba share on s0 over tailscale
{ config, lib, ... }: { config, lib, ... }:
@ -18,15 +18,15 @@ in {
enable = lib.mkEnableOption "enable mounting samba shares"; enable = lib.mkEnableOption "enable mounting samba shares";
}; };
config = lib.mkIf (cfg.enable && config.services.zerotierone.enable) { config = lib.mkIf (cfg.enable && config.services.tailscale.enable) {
fileSystems."/mnt/public" = { fileSystems."/mnt/public" = {
device = "//s0.zt.neet.dev/public"; device = "//s0.koi-bebop.ts.net/public";
fsType = "cifs"; fsType = "cifs";
options = [ opts ]; options = [ opts ];
}; };
fileSystems."/mnt/private" = { fileSystems."/mnt/private" = {
device = "//s0.zt.neet.dev/googlebot"; device = "//s0.koi-bebop.ts.net/googlebot";
fsType = "cifs"; fsType = "cifs";
options = [ opts ]; options = [ opts ];
}; };

4
common/server/mailserver.nix
View File

@ -17,6 +17,10 @@ let
]; ];
in { in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# kresd doesn't work with tailscale MagicDNS
mailserver.localDnsResolver = false;
services.resolved.enable = true;
mailserver = { mailserver = {
fqdn = "mail.neet.dev"; fqdn = "mail.neet.dev";
dkimKeyBits = 2048; dkimKeyBits = 2048;

2
machines/nat/configuration.nix
View File

@ -10,8 +10,6 @@
networking.hostName = "nat"; networking.hostName = "nat";
networking.interfaces.ens160.useDHCP = true; networking.interfaces.ens160.useDHCP = true;
services.zerotierone.enable = true;
de.enable = true; de.enable = true;
de.touchpad.enable = true; de.touchpad.enable = true;
} }

5
machines/ponyo/configuration.nix
View File

@ -11,7 +11,6 @@
# p2p mesh network # p2p mesh network
services.tailscale.exitNode = true; services.tailscale.exitNode = true;
services.zerotierone.enable = true;
# email server # email server
mailserver.enable = true; mailserver.enable = true;
@ -107,14 +106,14 @@
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://s0.zt.neet.dev"; proxyPass = "http://s0.koi-bebop.ts.net";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
services.nginx.virtualHosts."navidrome.neet.cloud" = { services.nginx.virtualHosts."navidrome.neet.cloud" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://s0.zt.neet.dev:4533"; locations."/".proxyPass = "http://s0.koi-bebop.ts.net:4533";
}; };
# TODO replace with a proper file hosting service # TODO replace with a proper file hosting service

2
machines/ray/configuration.nix
View File

@ -37,8 +37,6 @@
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
services.zerotierone.enable = true;
services.mount-samba.enable = true; services.mount-samba.enable = true;
de.enable = true; de.enable = true;

4
machines/router/configuration.nix
View File

@ -7,9 +7,9 @@
networking.hostName = "router"; networking.hostName = "router";
services.zerotierone.enable = true;
system.autoUpgrade.enable = true; system.autoUpgrade.enable = true;
services.tailscale.exitNode = true;
networking.useDHCP = lib.mkForce true; networking.useDHCP = lib.mkForce true;
} }

3
machines/storage/s0/configuration.nix
View File

@ -9,9 +9,8 @@
system.autoUpgrade.enable = true; system.autoUpgrade.enable = true;
# mesh networking # p2p mesh network
services.tailscale.exitNode = true; services.tailscale.exitNode = true;
services.zerotierone.enable = true;
# for education purposes only # for education purposes only
services.pykms.enable = true; services.pykms.enable = true;