WIP: nixos-topology #45

Draft
danio wants to merge 1 commits from nix-topology into main
3 changed files with 332 additions and 1 deletions

196
flake.lock generated
View File

@ -1,5 +1,27 @@
{ {
"nodes": { "nodes": {
"devshell": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nix-topology",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -42,6 +64,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
@ -59,6 +97,64 @@
"type": "indirect" "type": "indirect"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nix-topology",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"grzegorz": { "grzegorz": {
"inputs": { "inputs": {
"fix-python": "fix-python", "fix-python": "fix-python",
@ -141,6 +237,29 @@
"url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git" "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"
} }
}, },
"nix-topology": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1721160643,
"narHash": "sha256-ZkjJnwgDUkjzgySZv9GjKnDsDmNJVkU2u2pLD4a1QKA=",
"owner": "oddlama",
"repo": "nix-topology",
"rev": "fe9ace7f40a63e3eb9b39a20a1032834e090d806",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "nix-topology",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1719520878, "lastModified": 1719520878,
@ -157,6 +276,22 @@
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1714858427, "lastModified": 1714858427,
"narHash": "sha256-tCxeDP4C1pWe2rYY3IIhdA40Ujz32Ufd4tcrHPSKx2M=", "narHash": "sha256-tCxeDP4C1pWe2rYY3IIhdA40Ujz32Ufd4tcrHPSKx2M=",
@ -187,6 +322,34 @@
"type": "indirect" "type": "indirect"
} }
}, },
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"nix-topology",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"nix-topology",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1714478972,
"narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "2849da033884f54822af194400f8dff435ada242",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pvv-calendar-bot": { "pvv-calendar-bot": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -234,6 +397,7 @@
"grzegorz-clients": "grzegorz-clients", "grzegorz-clients": "grzegorz-clients",
"matrix-next": "matrix-next", "matrix-next": "matrix-next",
"nix-gitea-themes": "nix-gitea-themes", "nix-gitea-themes": "nix-gitea-themes",
"nix-topology": "nix-topology",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"pvv-calendar-bot": "pvv-calendar-bot", "pvv-calendar-bot": "pvv-calendar-bot",
@ -246,7 +410,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1715244550, "lastModified": 1715244550,
@ -276,6 +440,36 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View File

@ -11,6 +11,9 @@
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
nix-topology.url = "github:oddlama/nix-topology";
nix-topology.inputs.nixpkgs.follows = "nixpkgs";
pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git"; pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git";
pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs"; pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs";
@ -60,6 +63,7 @@
modules = [ modules = [
./hosts/${name}/configuration.nix ./hosts/${name}/configuration.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
inputs.nix-topology.nixosModules.default
Review

Could we move this module out of the machine configs, and only add them for the topology outputs?

Could we move this module out of the machine configs, and only add them for the topology outputs?
] ++ config.modules or []; ] ++ config.modules or [];
pkgs = import nixpkgs { pkgs = import nixpkgs {
@ -149,5 +153,18 @@
// nixlib.genAttrs allMachines // nixlib.genAttrs allMachines
(machine: self.nixosConfigurations.${machine}.config.system.build.toplevel); (machine: self.nixosConfigurations.${machine}.config.system.build.toplevel);
}; };
topology.x86_64-linux = import inputs.nix-topology {
pkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [inputs.nix-topology.overlays.default];
}; # Only this package set must include nix-topology.overlays.default
modules = [
# Your own file to define global topology. Works in principle like a nixos module but uses different options.
./topology.nix
# Inline module to inform topology of your existing NixOS hosts.
{ nixosConfigurations = self.nixosConfigurations; }
];
};
}; };
} }

120
topology.nix Normal file
View File

@ -0,0 +1,120 @@
{ config, ... }:
let
inherit
(config.lib.topology)
mkInternet
mkRouter
mkSwitch
mkDevice
mkConnection
mkConnectionRev;
values = import ./values.nix;
in {
### Networks
networks.pvv = {
name = "PVV Network";
cidrv4 = values.ipv4-space;
cidrv6 = values.ipv6-space;
};
networks.site-vpn = {
name = "OpenVPN Site to Site";
style = {
primaryColor = "#9dd68d";
secondaryColor = null;
pattern = "dashed";
};
};
networks.ntnu = {
name = "NTNU";
};
nodes.internet = mkInternet {
connections = mkConnection "ntnu" "wan1";
};
nodes.ntnu = mkRouter "NTNU" {
interfaceGroups = [ ["wan1"] ["eth1" "eth2" "eth3"] ];
connections.eth1 = mkConnection "ntnu-pvv-router" "wan1";
connections.eth2 = mkConnection "ntnu-veggen" "wan1";
connections.eth3 = mkConnection "stackit" "*";
interfaces.eth1.network = "ntnu";
};
### Brus
nodes.ntnu-pvv-router = mkRouter "NTNU PVV Gateway" {
interfaceGroups = [ ["wan1"] ["eth1"] ];
connections.eth1 = mkConnection "brus-switch" "eth1";
interfaces.eth1.network = "pvv";
};
nodes.brus-switch = mkSwitch "Brus Switch" {
interfaceGroups = [ ["eth1" "eth2" "eth3" "eth4" "eth5" "eth6" "eth7"] ];
connections.eth2 = mkConnection "bekkalokk" "enp2s0";
connections.eth3 = mkConnection "bicep" "enp6s0f0";
connections.eth4 = mkConnection "buskerud" "enp3s0f0";
connections.eth5 = mkConnection "knutsen" "eth1";
connections.eth7 = mkConnection "joshua" "eth1";
};
nodes.knutsen = mkRouter "knutsen" {
interfaceGroups = [ ["eth1"] ["eth2"] ["vpn1"] ];
connections.eth2 = mkConnectionRev "brus-switch" "eth6";
# connections.vpn1 = mkConnection "ludvigsen" "vpn1";
interfaces.vpn1.network = "site-vpn";
interfaces.vpn1.virtual = true;
};
nodes.joshua = mkDevice "joshua" {
interfaceGroups = [ ["eth1"] ];
};
nodes.shark = {
guestType = "proxmox";
parent = config.nodes.joshua.id;
};
### PVV
nodes.ntnu-veggen = mkRouter "NTNU-Veggen" {
interfaceGroups = [ ["wan1"] ["eth1"] ];
connections.eth1 = mkConnection "ludvigsen" "eth1";
};
nodes.ludvigsen = mkRouter "ludvigsen" {
interfaceGroups = [ ["eth1"] ["eth2"] ["vpn1"] ];
connections.eth2 = mkConnection "pvv-switch" "eth1";
interfaces.vpn1.network = "site-vpn";
interfaces.vpn1.virtual = true;
interfaces.eth1.network = "ntnu";
interfaces.eth2.network = "pvv";
};
nodes.pvv-switch = mkSwitch "PVV Switch (Terminalrommet)" {
interfaceGroups = [ ["eth1" "eth2" "eth3"] ];
connections.eth2 = mkConnection "brzeczyszczykiewicz" "eno1";
connections.eth3 = mkConnection "georg" "eno1";
};
### Openstack
nodes.stackit = mkDevice "stackit" {
interfaceGroups = [ ["*"] ];
};
nodes.ildkule = {
guestType = "openstack";
parent = config.nodes.stackit.id;
};
nodes.bob = {
guestType = "openstack";
parent = config.nodes.stackit.id;
};
}