diff --git a/README.md b/README.md
index b729321..4a934a4 100644
--- a/README.md
+++ b/README.md
@@ -1,38 +1,38 @@
# Table of Contents
-1. [magicrb's dotfiles](#org1e3b033)
- 1. [License](#orgc9fb2b8)
- 1. [Exceptions](#org33761d0)
- 2. [NixOS](#org3217573)
- 1. [Modules](#org38c27fd)
+1. [magicrb's dotfiles](#org15340a2)
+ 1. [License](#orga7bf945)
+ 1. [Exceptions](#orgd199743)
+ 2. [NixOS](#org316f612)
+ 1. [Modules](#org9ef0afa)
-
+
# magicrb's dotfiles
-
+
## License
All files unless otherwise stated are licensed under the LGPL-v3.0 license. Please refer to [COPYING](COPYING) and [COPYING.LESSER](COPYING.LESSER) for more information.
-
+
### Exceptions
The LGPL-v3.0 does not apply to you copying out a insignificant part of the source code, general rule of thumb is "If it's less than 32 lines and/or doesn't constitute a big self contained part, it's licensed under the MIT license." If you need clarification please contact `@magic_rb:matrix.redalder.org` on matrix.
-
+
## NixOS
-
+
### Modules
@@ -72,37 +72,31 @@ The LGPL-v3.0 does not apply to you copying out a insignificant part of the sour
This module is **deprecated** and **will** be removed soon. It was originally created when I thought I would be switching away from Terraform completely. Now I know I will be switching to OpenTofu.
-6. `microvm-extras-host` and `microvm-extras`
-
- - source code: ,
-
- Intended to somewhat simulate a service mesh using `microvm.nix` and clever `nftable` rules. Turned out to be too much work and both will be **removed**.
-
-7. `netboot-xyz`
+6. `netboot-xyz`
- source code:
Adds `netboot.xyz` to GRUB, supports both EFI and BIOS. Used on my server in case of catastrophic root pool failure.
-8. `notify-login`
+7. `notify-login`
- source code:
Send notifications over Matrix, when an SSH session is opened/closed.
-9. `notnft`
+8. `notnft`
- source code:
Alternative implementation of upstream [notnft](https://github.com/chayleaf/notnft) module, which is part of the much larger [nixos-router](https://github.com/chayleaf/nixos-router) repository.
-10. `notnft-ns`
+9. `notnft-ns`
- source code:
- Newer implementation of the [notnft](#org788f38d) module, this one supports network namespaces.
+ Newer implementation of the [notnft](#orgdda3bc4) module, this one supports network namespaces.
-11. `telegraf`
+10. `telegraf`
- source code:
diff --git a/README.org b/README.org
index 2751c5f..75c0e68 100644
--- a/README.org
+++ b/README.org
@@ -43,11 +43,6 @@ Crudely provisions InfluxDB.
This module is *deprecated* and *will* be removed soon. It was originally created when I thought I would be switching away from Terraform completely. Now I know I will be switching to OpenTofu.
-**** ~microvm-extras-host~ and ~microvm-extras~
-- source code: [[file:nixos/modules/microvm-extras-host.nix]], [[file:nixos/modules/microvm-extras.nix]]
-
-Intended to somewhat simulate a service mesh using ~microvm.nix~ and clever ~nftable~ rules. Turned out to be too much work and both will be *removed*.
-
**** ~netboot-xyz~
- source code: [[file:nixos/modules/netboot-xyz.nix]]
diff --git a/flake.nix b/flake.nix
index 59a5207..25f1375 100644
--- a/flake.nix
+++ b/flake.nix
@@ -281,8 +281,6 @@
telegraf = nixos/modules/telegraf.nix;
grafana = nixos/modules/grafana.nix;
influx-provisioning = nixos/modules/influx-provisioning.nix;
- microvm-extras = nixos/modules/microvm-extras.nix;
- microvm-extras-host = nixos/modules/microvm-extras-host.nix;
notnft = nixos/modules/notnft.nix;
notnft-ns = nixos/modules/notnft-ns.nix;
ucontainers = nixos/modules/ucontainers.nix;
diff --git a/nixos/modules/microvm-extras-host.nix b/nixos/modules/microvm-extras-host.nix
deleted file mode 100644
index 268e59a..0000000
--- a/nixos/modules/microvm-extras-host.nix
+++ /dev/null
@@ -1,217 +0,0 @@
-{
- config,
- lib,
- notnft,
- ...
-}: let
- inherit
- (lib)
- mapAttrsToList
- mkOption
- hasAttr
- types
- traceVal
- flip
- mapAttrs'
- mapAttrs
- nameValuePair
- ;
-
- # a = [
- # [ (is.eq ip.protocol (f: with f; set [ tcp ])) (is.eq ip.daddr "10.80.1.2") (is.eq th.dport "22") accept ]
- # ];
-
- cfg = config.microvm;
-
- protocolEnumToNft = f: proto:
- f.${proto};
-
- tcpUdpServiceOptions.options = {
- hostName = mkOption {
- type = types.str;
- };
-
- port = mkOption {
- type = types.port;
- };
-
- protocol = mkOption {
- type = types.listOf (types.enum ["tcp" "udp"]);
- };
- };
-
- httpServiceOptions.options = {
- hostName = mkOption {
- type = types.str;
- };
-
- port = mkOption {
- type = types.port;
- };
- };
-
- icmpServiceOptions.options = {
- hostName = mkOption {
- type = types.str;
- };
- };
-
- tcpUdpConnectionOptions.options = {
- target = mkOption {
- type = types.str;
- };
- };
-
- icmpConnectionOptions.options = {
- target = mkOption {
- type = types.str;
- };
- };
-
- httpConnectionOptions.options = {
- target = mkOption {
- type = types.str;
- };
- };
-
- lookupService = name: type: context:
- if hasAttr name cfg.services.${type}
- then cfg.services.${type}.${name}
- else throw "Unknown ${type} service ${name} at ${context}";
-
- lookupIds = hostName: context:
- if hasAttr hostName subConfigurations
- then {
- inherit
- (subConfigurations.${hostName}.config.config.microvm)
- groupId
- taskId
- ;
- }
- else throw "Unknown hostName ${hostName} at ${context}";
-
- subConfigurations = cfg.vms;
-in {
- options.microvm = {
- services = {
- tcpUdp = mkOption {
- type = with types; types.attrsOf (submodule tcpUdpServiceOptions);
- default = {};
- };
-
- icmp = mkOption {
- type = with types; types.attrsOf (submodule icmpServiceOptions);
- default = {};
- };
-
- http = mkOption {
- type = with types; types.attrsOf (submodule httpServiceOptions);
- default = {};
- };
- };
-
- connections = {
- tcpUdp = mkOption {
- type = with types;
- listOf (submodule tcpUdpConnectionOptions);
- default = [];
- };
-
- icmp = mkOption {
- type = with types;
- listOf (submodule icmpConnectionOptions);
- default = [];
- };
-
- http = mkOption {
- type = with types;
- listOf (submodule httpConnectionOptions);
- default = [];
- };
- };
- };
-
- config.microvm.services.tcpUdp =
- flip mapAttrs' cfg.services.http
- (
- n: v:
- nameValuePair
- (n + "@http")
- {
- inherit
- (v)
- hostName
- port
- ;
- protocol = ["tcp"];
- }
- );
-
- config.microvm.connections.tcpUdp =
- flip map cfg.connections.http
- (
- v: {
- target = v.target + "@http";
- }
- );
-
- config.networking.notnft.rules = with notnft.dsl;
- with payload;
- ruleset {
- bridge-t = add table {family = f: f.bridge;} {
- output-body = lib.foldl (acc: x: acc x) (add chain) ((flip mapAttrsToList subConfigurations
- (
- n: v: let
- microvmConfig = v.config.config.microvm;
- tcpUdpRules = flip map microvmConfig.connections.tcpUdp (connection: let
- service = lookupService connection.target "tcpUdp" n;
- ids = lookupIds service.hostName n;
- in [
- (is.eq meta.oifname "mvm-${microvmConfig.hostName}")
- (is.eq ip.protocol (f: with f; set (map (protocolEnumToNft f) service.protocol)))
- (is.eq ip.saddr "10.80.${toString microvmConfig.groupId}.${toString microvmConfig.taskId}")
- (is.eq ip.daddr "10.80.${toString ids.groupId}.${toString ids.taskId}")
- (is.eq th.dport service.port)
- accept
- ]);
- icmpRules = flip map microvmConfig.connections.icmp (connection: let
- service = lookupService connection.target "icmp" n;
- ids = lookupIds service.hostName n;
- in [
- (is.eq meta.oifname "mvm-${microvmConfig.hostName}")
- (is.eq ip.protocol (f: with f; icmp))
- (is.eq ip.saddr "10.80.${toString microvmConfig.groupId}.${toString microvmConfig.taskId}")
- (is.eq ip.daddr "10.80.${toString ids.groupId}.${toString ids.taskId}")
- accept
- ]);
- in
- tcpUdpRules ++ icmpRules
- ))
- ++ (flip map cfg.connections.icmp (
- connection: let
- service = lookupService connection.target "icmp" "host";
- ids = lookupIds service.hostName "host";
- in [
- (is.eq meta.oifname "mvm-${service.hostName}")
- (is.eq ip.protocol (f: with f; icmp))
- (is.eq ip.saddr "10.80.${toString ids.groupId}.1")
- (is.eq ip.daddr "10.80.${toString ids.groupId}.${toString ids.taskId}")
- accept
- ]
- ))
- ++ (flip map cfg.connections.tcpUdp (
- connection: let
- service = lookupService connection.target "tcpUdp" "host";
- ids = lookupIds service.hostName "host";
- in [
- (is.eq meta.oifname "mvm-${service.hostName}")
- (is.eq ip.protocol (f: with f; set (map (protocolEnumToNft f) service.protocol)))
- (is.eq ip.saddr "10.80.${toString ids.groupId}.1")
- (is.eq ip.daddr "10.80.${toString ids.groupId}.${toString ids.taskId}")
- (is.eq th.dport service.port)
- accept
- ]
- )));
- };
- };
-}
diff --git a/nixos/modules/microvm-extras.nix b/nixos/modules/microvm-extras.nix
deleted file mode 100644
index 1b5ccad..0000000
--- a/nixos/modules/microvm-extras.nix
+++ /dev/null
@@ -1,357 +0,0 @@
-{
- config,
- lib,
- ...
-}: let
- inherit
- (lib)
- mkOption
- mkEnableOption
- types
- ;
-
- cfg = config.microvm;
-
- intToHex = int:
- {
- "0" = "00";
- "1" = "01";
- "2" = "02";
- "3" = "03";
- "4" = "04";
- "5" = "05";
- "6" = "06";
- "7" = "07";
- "8" = "08";
- "9" = "09";
- "10" = "0a";
- "11" = "0b";
- "12" = "0c";
- "13" = "0d";
- "14" = "0e";
- "15" = "0f";
- "16" = "10";
- "17" = "11";
- "18" = "12";
- "19" = "13";
- "20" = "14";
- "21" = "15";
- "22" = "16";
- "23" = "17";
- "24" = "18";
- "25" = "19";
- "26" = "1a";
- "27" = "1b";
- "28" = "1c";
- "29" = "1d";
- "30" = "1e";
- "31" = "1f";
- "32" = "20";
- "33" = "21";
- "34" = "22";
- "35" = "23";
- "36" = "24";
- "37" = "25";
- "38" = "26";
- "39" = "27";
- "40" = "28";
- "41" = "29";
- "42" = "2a";
- "43" = "2b";
- "44" = "2c";
- "45" = "2d";
- "46" = "2e";
- "47" = "2f";
- "48" = "30";
- "49" = "31";
- "50" = "32";
- "51" = "33";
- "52" = "34";
- "53" = "35";
- "54" = "36";
- "55" = "37";
- "56" = "38";
- "57" = "39";
- "58" = "3a";
- "59" = "3b";
- "60" = "3c";
- "61" = "3d";
- "62" = "3e";
- "63" = "3f";
- "64" = "40";
- "65" = "41";
- "66" = "42";
- "67" = "43";
- "68" = "44";
- "69" = "45";
- "70" = "46";
- "71" = "47";
- "72" = "48";
- "73" = "49";
- "74" = "4a";
- "75" = "4b";
- "76" = "4c";
- "77" = "4d";
- "78" = "4e";
- "79" = "4f";
- "80" = "50";
- "81" = "51";
- "82" = "52";
- "83" = "53";
- "84" = "54";
- "85" = "55";
- "86" = "56";
- "87" = "57";
- "88" = "58";
- "89" = "59";
- "90" = "5a";
- "91" = "5b";
- "92" = "5c";
- "93" = "5d";
- "94" = "5e";
- "95" = "5f";
- "96" = "60";
- "97" = "61";
- "98" = "62";
- "99" = "63";
- "100" = "64";
- "101" = "65";
- "102" = "66";
- "103" = "67";
- "104" = "68";
- "105" = "69";
- "106" = "6a";
- "107" = "6b";
- "108" = "6c";
- "109" = "6d";
- "110" = "6e";
- "111" = "6f";
- "112" = "70";
- "113" = "71";
- "114" = "72";
- "115" = "73";
- "116" = "74";
- "117" = "75";
- "118" = "76";
- "119" = "77";
- "120" = "78";
- "121" = "79";
- "122" = "7a";
- "123" = "7b";
- "124" = "7c";
- "125" = "7d";
- "126" = "7e";
- "127" = "7f";
- "128" = "80";
- "129" = "81";
- "130" = "82";
- "131" = "83";
- "132" = "84";
- "133" = "85";
- "134" = "86";
- "135" = "87";
- "136" = "88";
- "137" = "89";
- "138" = "8a";
- "139" = "8b";
- "140" = "8c";
- "141" = "8d";
- "142" = "8e";
- "143" = "8f";
- "144" = "90";
- "145" = "91";
- "146" = "92";
- "147" = "93";
- "148" = "94";
- "149" = "95";
- "150" = "96";
- "151" = "97";
- "152" = "98";
- "153" = "99";
- "154" = "9a";
- "155" = "9b";
- "156" = "9c";
- "157" = "9d";
- "158" = "9e";
- "159" = "9f";
- "160" = "a0";
- "161" = "a1";
- "162" = "a2";
- "163" = "a3";
- "164" = "a4";
- "165" = "a5";
- "166" = "a6";
- "167" = "a7";
- "168" = "a8";
- "169" = "a9";
- "170" = "aa";
- "171" = "ab";
- "172" = "ac";
- "173" = "ad";
- "174" = "ae";
- "175" = "af";
- "176" = "b0";
- "177" = "b1";
- "178" = "b2";
- "179" = "b3";
- "180" = "b4";
- "181" = "b5";
- "182" = "b6";
- "183" = "b7";
- "184" = "b8";
- "185" = "b9";
- "186" = "ba";
- "187" = "bb";
- "188" = "bc";
- "189" = "bd";
- "190" = "be";
- "191" = "bf";
- "192" = "c0";
- "193" = "c1";
- "194" = "c2";
- "195" = "c3";
- "196" = "c4";
- "197" = "c5";
- "198" = "c6";
- "199" = "c7";
- "200" = "c8";
- "201" = "c9";
- "202" = "ca";
- "203" = "cb";
- "204" = "cc";
- "205" = "cd";
- "206" = "ce";
- "207" = "cf";
- "208" = "d0";
- "209" = "d1";
- "210" = "d2";
- "211" = "d3";
- "212" = "d4";
- "213" = "d5";
- "214" = "d6";
- "215" = "d7";
- "216" = "d8";
- "217" = "d9";
- "218" = "da";
- "219" = "db";
- "220" = "dc";
- "221" = "dd";
- "222" = "de";
- "223" = "df";
- "224" = "e0";
- "225" = "e1";
- "226" = "e2";
- "227" = "e3";
- "228" = "e4";
- "229" = "e5";
- "230" = "e6";
- "231" = "e7";
- "232" = "e8";
- "233" = "e9";
- "234" = "ea";
- "235" = "eb";
- "236" = "ec";
- "237" = "ed";
- "238" = "ee";
- "239" = "ef";
- "240" = "f0";
- "241" = "f1";
- "242" = "f2";
- "243" = "f3";
- "244" = "f4";
- "245" = "f5";
- "246" = "f6";
- "247" = "f7";
- "248" = "f8";
- "249" = "f9";
- "250" = "fa";
- "251" = "fb";
- "252" = "fc";
- "253" = "fd";
- "254" = "fe";
- "255" = "ff";
- }
- .${toString int};
-
- groupIdOption = mkOption {
- type = types.int;
- default = config.microvm.groupId;
- };
-
- taskIdOption = mkOption {
- type = types.int;
- };
-
- tcpUdpConnectionOptions.options = {
- target = mkOption {
- type = types.str;
- };
- };
-
- icmpConnectionOptions.options = {
- target = mkOption {
- type = types.str;
- };
- };
-in {
- options.microvm = {
- enableExtras = mkEnableOption "Extras";
- groupId = mkOption {
- type = types.int;
- };
- taskId = mkOption {
- type = types.int;
- };
- hostsHostName = mkOption {
- type = types.str;
- };
- hostName = mkOption {
- type = types.str;
- };
-
- connections = {
- tcpUdp = mkOption {
- type = with types;
- listOf (submodule tcpUdpConnectionOptions);
- default = [];
- };
-
- icmp = mkOption {
- type = with types;
- listOf (submodule icmpConnectionOptions);
- default = [];
- };
- };
- };
-
- config = {
- networking.hostName = "${cfg.hostName}-${cfg.hostsHostName}";
-
- microvm.interfaces = [
- {
- type = "tap";
-
- # interface name on the host
- id = "mvm-${cfg.hostName}";
-
- # Ethernet address of the MicroVM's interface, not the host's
- #
- # Locally administered have one of 2/6/A/E in the second nibble.
- mac = "02:00:00:00:${intToHex cfg.groupId}:${intToHex cfg.taskId}";
- }
- ];
-
- services.udev.extraRules = ''
- ATTR{address}=="02:00:00:00:${intToHex cfg.groupId}:${intToHex cfg.taskId}", NAME="eth0"
- '';
-
- networking.interfaces."eth0" = {
- ipv4.addresses = [
- {
- address = "10.80.${toString cfg.groupId}.${toString cfg.taskId}";
- prefixLength = 24;
- }
- ];
- };
- };
-}