diff --git a/flake.lock b/flake.lock index c2fe550..eda9185 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,27 @@ { "nodes": { + "devshell": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1713532798, + "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=", + "owner": "numtide", + "repo": "devshell", + "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -42,6 +64,22 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -59,6 +97,64 @@ "type": "indirect" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "grzegorz": { "inputs": { "fix-python": "fix-python", @@ -141,6 +237,29 @@ "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git" } }, + "nix-topology": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1721160643, + "narHash": "sha256-ZkjJnwgDUkjzgySZv9GjKnDsDmNJVkU2u2pLD4a1QKA=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "fe9ace7f40a63e3eb9b39a20a1032834e090d806", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1719520878, @@ -157,6 +276,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1714858427, "narHash": "sha256-tCxeDP4C1pWe2rYY3IIhdA40Ujz32Ufd4tcrHPSKx2M=", @@ -187,6 +322,34 @@ "type": "indirect" } }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": [ + "nix-topology", + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1714478972, + "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "2849da033884f54822af194400f8dff435ada242", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "pvv-calendar-bot": { "inputs": { "nixpkgs": [ @@ -234,6 +397,7 @@ "grzegorz-clients": "grzegorz-clients", "matrix-next": "matrix-next", "nix-gitea-themes": "nix-gitea-themes", + "nix-topology": "nix-topology", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "pvv-calendar-bot": "pvv-calendar-bot", @@ -246,7 +410,7 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1715244550, @@ -276,6 +440,36 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index d545533..4ef8e50 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,9 @@ disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; + nix-topology.url = "github:oddlama/nix-topology"; + nix-topology.inputs.nixpkgs.follows = "nixpkgs"; + pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git"; pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs"; @@ -60,6 +63,7 @@ modules = [ ./hosts/${name}/configuration.nix sops-nix.nixosModules.sops + inputs.nix-topology.nixosModules.default ] ++ config.modules or []; pkgs = import nixpkgs { @@ -149,5 +153,18 @@ // nixlib.genAttrs allMachines (machine: self.nixosConfigurations.${machine}.config.system.build.toplevel); }; + + topology.x86_64-linux = import inputs.nix-topology { + pkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = [inputs.nix-topology.overlays.default]; + }; # Only this package set must include nix-topology.overlays.default + modules = [ + # Your own file to define global topology. Works in principle like a nixos module but uses different options. + ./topology.nix + # Inline module to inform topology of your existing NixOS hosts. + { nixosConfigurations = self.nixosConfigurations; } + ]; + }; }; } diff --git a/topology.nix b/topology.nix new file mode 100644 index 0000000..a2833e0 --- /dev/null +++ b/topology.nix @@ -0,0 +1,120 @@ +{ config, ... }: +let + inherit + (config.lib.topology) + mkInternet + mkRouter + mkSwitch + mkDevice + mkConnection + mkConnectionRev; + values = import ./values.nix; +in { + +### Networks + + networks.pvv = { + name = "PVV Network"; + cidrv4 = values.ipv4-space; + cidrv6 = values.ipv6-space; + }; + + networks.site-vpn = { + name = "OpenVPN Site to Site"; + style = { + primaryColor = "#9dd68d"; + secondaryColor = null; + pattern = "dashed"; + }; + }; + + networks.ntnu = { + name = "NTNU"; + }; + + nodes.internet = mkInternet { + connections = mkConnection "ntnu" "wan1"; + }; + + nodes.ntnu = mkRouter "NTNU" { + interfaceGroups = [ ["wan1"] ["eth1" "eth2" "eth3"] ]; + connections.eth1 = mkConnection "ntnu-pvv-router" "wan1"; + connections.eth2 = mkConnection "ntnu-veggen" "wan1"; + connections.eth3 = mkConnection "stackit" "*"; + interfaces.eth1.network = "ntnu"; + }; + +### Brus + + nodes.ntnu-pvv-router = mkRouter "NTNU PVV Gateway" { + interfaceGroups = [ ["wan1"] ["eth1"] ]; + connections.eth1 = mkConnection "brus-switch" "eth1"; + interfaces.eth1.network = "pvv"; + }; + + nodes.brus-switch = mkSwitch "Brus Switch" { + interfaceGroups = [ ["eth1" "eth2" "eth3" "eth4" "eth5" "eth6" "eth7"] ]; + connections.eth2 = mkConnection "bekkalokk" "enp2s0"; + connections.eth3 = mkConnection "bicep" "enp6s0f0"; + connections.eth4 = mkConnection "buskerud" "enp3s0f0"; + connections.eth5 = mkConnection "knutsen" "eth1"; + connections.eth7 = mkConnection "joshua" "eth1"; + }; + + nodes.knutsen = mkRouter "knutsen" { + interfaceGroups = [ ["eth1"] ["eth2"] ["vpn1"] ]; + connections.eth2 = mkConnectionRev "brus-switch" "eth6"; + # connections.vpn1 = mkConnection "ludvigsen" "vpn1"; + interfaces.vpn1.network = "site-vpn"; + interfaces.vpn1.virtual = true; + }; + + nodes.joshua = mkDevice "joshua" { + interfaceGroups = [ ["eth1"] ]; + }; + + nodes.shark = { + guestType = "proxmox"; + parent = config.nodes.joshua.id; + }; + + +### PVV + + nodes.ntnu-veggen = mkRouter "NTNU-Veggen" { + interfaceGroups = [ ["wan1"] ["eth1"] ]; + connections.eth1 = mkConnection "ludvigsen" "eth1"; + }; + + nodes.ludvigsen = mkRouter "ludvigsen" { + interfaceGroups = [ ["eth1"] ["eth2"] ["vpn1"] ]; + connections.eth2 = mkConnection "pvv-switch" "eth1"; + interfaces.vpn1.network = "site-vpn"; + interfaces.vpn1.virtual = true; + interfaces.eth1.network = "ntnu"; + interfaces.eth2.network = "pvv"; + }; + + nodes.pvv-switch = mkSwitch "PVV Switch (Terminalrommet)" { + interfaceGroups = [ ["eth1" "eth2" "eth3"] ]; + connections.eth2 = mkConnection "brzeczyszczykiewicz" "eno1"; + connections.eth3 = mkConnection "georg" "eno1"; + }; + + +### Openstack + + nodes.stackit = mkDevice "stackit" { + interfaceGroups = [ ["*"] ]; + }; + + nodes.ildkule = { + guestType = "openstack"; + parent = config.nodes.stackit.id; + }; + nodes.bob = { + guestType = "openstack"; + parent = config.nodes.stackit.id; + }; + +}