magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-22 08:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Delete microvm-extras*

Browse source 
Signed-off-by: magic_rb <magic_rb@redalder.org>
This commit is contained in:
magic_rb 2024-08-14 17:40:47 +02:00
parent 4c4ff44081
commit d4e2c4f658
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
5 changed files with 16 additions and 603 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
README.md
View file

@ -1,38 +1,38 @@
# Table of Contents # Table of Contents
1. [magic<sub>rb</sub>'s dotfiles](#org1e3b033) 1. [magic<sub>rb</sub>'s dotfiles](#org15340a2)
1. [License](#orgc9fb2b8) 1. [License](#orga7bf945)
1. [Exceptions](#org33761d0) 1. [Exceptions](#orgd199743)
2. [NixOS](#org3217573) 2. [NixOS](#org316f612)
1. [Modules](#org38c27fd) 1. [Modules](#org9ef0afa)
<a id="org1e3b033"></a> <a id="org15340a2"></a>
# magic<sub>rb</sub>'s dotfiles # magic<sub>rb</sub>'s dotfiles
<a id="orgc9fb2b8"></a> <a id="orga7bf945"></a>
## License ## License
All files unless otherwise stated are licensed under the LGPL-v3.0 license. Please refer to [COPYING](COPYING) and [COPYING.LESSER](COPYING.LESSER) for more information. All files unless otherwise stated are licensed under the LGPL-v3.0 license. Please refer to [COPYING](COPYING) and [COPYING.LESSER](COPYING.LESSER) for more information.
<a id="org33761d0"></a> <a id="orgd199743"></a>
### Exceptions ### Exceptions
The LGPL-v3.0 does not apply to you copying out a insignificant part of the source code, general rule of thumb is "If it's less than 32 lines and/or doesn't constitute a big self contained part, it's licensed under the MIT license." If you need clarification please contact `@magic_rb:matrix.redalder.org` on matrix. The LGPL-v3.0 does not apply to you copying out a insignificant part of the source code, general rule of thumb is "If it's less than 32 lines and/or doesn't constitute a big self contained part, it's licensed under the MIT license." If you need clarification please contact `@magic_rb:matrix.redalder.org` on matrix.
<a id="org3217573"></a> <a id="org316f612"></a>
## NixOS ## NixOS
<a id="org38c27fd"></a> <a id="org9ef0afa"></a>
### Modules ### Modules
@ -72,37 +72,31 @@ The LGPL-v3.0 does not apply to you copying out a insignificant part of the sour
This module is **deprecated** and **will** be removed soon. It was originally created when I thought I would be switching away from Terraform completely. Now I know I will be switching to OpenTofu. This module is **deprecated** and **will** be removed soon. It was originally created when I thought I would be switching away from Terraform completely. Now I know I will be switching to OpenTofu.
6. `microvm-extras-host` and `microvm-extras` 6. `netboot-xyz`
- source code: <nixos/modules/microvm-extras-host.nix>, <nixos/modules/microvm-extras.nix>
Intended to somewhat simulate a service mesh using `microvm.nix` and clever `nftable` rules. Turned out to be too much work and both will be **removed**.
7. `netboot-xyz`
- source code: <nixos/modules/netboot-xyz.nix> - source code: <nixos/modules/netboot-xyz.nix>
Adds `netboot.xyz` to GRUB, supports both EFI and BIOS. Used on my server in case of catastrophic root pool failure. Adds `netboot.xyz` to GRUB, supports both EFI and BIOS. Used on my server in case of catastrophic root pool failure.
8. `notify-login` 7. `notify-login`
- source code: <nixos/modules/notify-login.nix> - source code: <nixos/modules/notify-login.nix>
Send notifications over Matrix, when an SSH session is opened/closed. Send notifications over Matrix, when an SSH session is opened/closed.
9. `notnft` 8. `notnft`
- source code: <nixos/modules/notnft.nix> - source code: <nixos/modules/notnft.nix>
Alternative implementation of upstream [notnft](https://github.com/chayleaf/notnft) module, which is part of the much larger [nixos-router](https://github.com/chayleaf/nixos-router) repository. Alternative implementation of upstream [notnft](https://github.com/chayleaf/notnft) module, which is part of the much larger [nixos-router](https://github.com/chayleaf/nixos-router) repository.
10. `notnft-ns` 9. `notnft-ns`
- source code: <nixos/modules/notnft-ns.nix> - source code: <nixos/modules/notnft-ns.nix>
Newer implementation of the [notnft](#org788f38d) module, this one supports network namespaces. Newer implementation of the [notnft](#orgdda3bc4) module, this one supports network namespaces.
11. `telegraf` 10. `telegraf`
- source code: <nixos/modules/telegraf.nix> - source code: <nixos/modules/telegraf.nix>

5
README.org
View file

@ -43,11 +43,6 @@ Crudely provisions InfluxDB.
This module is *deprecated* and *will* be removed soon. It was originally created when I thought I would be switching away from Terraform completely. Now I know I will be switching to OpenTofu. This module is *deprecated* and *will* be removed soon. It was originally created when I thought I would be switching away from Terraform completely. Now I know I will be switching to OpenTofu.
**** ~microvm-extras-host~ and ~microvm-extras~
- source code: [[file:nixos/modules/microvm-extras-host.nix]], [[file:nixos/modules/microvm-extras.nix]]
Intended to somewhat simulate a service mesh using ~microvm.nix~ and clever ~nftable~ rules. Turned out to be too much work and both will be *removed*.
**** ~netboot-xyz~ **** ~netboot-xyz~
- source code: [[file:nixos/modules/netboot-xyz.nix]] - source code: [[file:nixos/modules/netboot-xyz.nix]]

2
flake.nix
View file

@ -281,8 +281,6 @@
telegraf = nixos/modules/telegraf.nix; telegraf = nixos/modules/telegraf.nix;
grafana = nixos/modules/grafana.nix; grafana = nixos/modules/grafana.nix;
influx-provisioning = nixos/modules/influx-provisioning.nix; influx-provisioning = nixos/modules/influx-provisioning.nix;
microvm-extras = nixos/modules/microvm-extras.nix;
microvm-extras-host = nixos/modules/microvm-extras-host.nix;
notnft = nixos/modules/notnft.nix; notnft = nixos/modules/notnft.nix;
notnft-ns = nixos/modules/notnft-ns.nix; notnft-ns = nixos/modules/notnft-ns.nix;
ucontainers = nixos/modules/ucontainers.nix; ucontainers = nixos/modules/ucontainers.nix;

217
nixos/modules/microvm-extras-host.nix
View file

@ -1,217 +0,0 @@
{
config,
lib,
notnft,
...
}: let
inherit
(lib)
mapAttrsToList
mkOption
hasAttr
types
traceVal
flip
mapAttrs'
mapAttrs
nameValuePair
;
# a = [
# [ (is.eq ip.protocol (f: with f; set [ tcp ])) (is.eq ip.daddr "10.80.1.2") (is.eq th.dport "22") accept ]
# ];
cfg = config.microvm;
protocolEnumToNft = f: proto:
f.${proto};
tcpUdpServiceOptions.options = {
hostName = mkOption {
type = types.str;
};
port = mkOption {
type = types.port;
};
protocol = mkOption {
type = types.listOf (types.enum ["tcp" "udp"]);
};
};
httpServiceOptions.options = {
hostName = mkOption {
type = types.str;
};
port = mkOption {
type = types.port;
};
};
icmpServiceOptions.options = {
hostName = mkOption {
type = types.str;
};
};
tcpUdpConnectionOptions.options = {
target = mkOption {
type = types.str;
};
};
icmpConnectionOptions.options = {
target = mkOption {
type = types.str;
};
};
httpConnectionOptions.options = {
target = mkOption {
type = types.str;
};
};
lookupService = name: type: context:
if hasAttr name cfg.services.${type}
then cfg.services.${type}.${name}
else throw "Unknown ${type} service ${name} at ${context}";
lookupIds = hostName: context:
if hasAttr hostName subConfigurations
then {
inherit
(subConfigurations.${hostName}.config.config.microvm)
groupId
taskId
;
}
else throw "Unknown hostName ${hostName} at ${context}";
subConfigurations = cfg.vms;
in {
options.microvm = {
services = {
tcpUdp = mkOption {
type = with types; types.attrsOf (submodule tcpUdpServiceOptions);
default = {};
};
icmp = mkOption {
type = with types; types.attrsOf (submodule icmpServiceOptions);
default = {};
};
http = mkOption {
type = with types; types.attrsOf (submodule httpServiceOptions);
default = {};
};
};
connections = {
tcpUdp = mkOption {
type = with types;
listOf (submodule tcpUdpConnectionOptions);
default = [];
};
icmp = mkOption {
type = with types;
listOf (submodule icmpConnectionOptions);
default = [];
};
http = mkOption {
type = with types;
listOf (submodule httpConnectionOptions);
default = [];
};
};
};
config.microvm.services.tcpUdp =
flip mapAttrs' cfg.services.http
(
n: v:
nameValuePair
(n + "@http")
{
inherit
(v)
hostName
port
;
protocol = ["tcp"];
}
);
config.microvm.connections.tcpUdp =
flip map cfg.connections.http
(
v: {
target = v.target + "@http";
}
);
config.networking.notnft.rules = with notnft.dsl;
with payload;
ruleset {
bridge-t = add table {family = f: f.bridge;} {
output-body = lib.foldl (acc: x: acc x) (add chain) ((flip mapAttrsToList subConfigurations
(
n: v: let
microvmConfig = v.config.config.microvm;
tcpUdpRules = flip map microvmConfig.connections.tcpUdp (connection: let
service = lookupService connection.target "tcpUdp" n;
ids = lookupIds service.hostName n;
in [
(is.eq meta.oifname "mvm-${microvmConfig.hostName}")
(is.eq ip.protocol (f: with f; set (map (protocolEnumToNft f) service.protocol)))
(is.eq ip.saddr "10.80.${toString microvmConfig.groupId}.${toString microvmConfig.taskId}")
(is.eq ip.daddr "10.80.${toString ids.groupId}.${toString ids.taskId}")
(is.eq th.dport service.port)
accept
]);
icmpRules = flip map microvmConfig.connections.icmp (connection: let
service = lookupService connection.target "icmp" n;
ids = lookupIds service.hostName n;
in [
(is.eq meta.oifname "mvm-${microvmConfig.hostName}")
(is.eq ip.protocol (f: with f; icmp))
(is.eq ip.saddr "10.80.${toString microvmConfig.groupId}.${toString microvmConfig.taskId}")
(is.eq ip.daddr "10.80.${toString ids.groupId}.${toString ids.taskId}")
accept
]);
in
tcpUdpRules ++ icmpRules
))
++ (flip map cfg.connections.icmp (
connection: let
service = lookupService connection.target "icmp" "host";
ids = lookupIds service.hostName "host";
in [
(is.eq meta.oifname "mvm-${service.hostName}")
(is.eq ip.protocol (f: with f; icmp))
(is.eq ip.saddr "10.80.${toString ids.groupId}.1")
(is.eq ip.daddr "10.80.${toString ids.groupId}.${toString ids.taskId}")
accept
]
))
++ (flip map cfg.connections.tcpUdp (
connection: let
service = lookupService connection.target "tcpUdp" "host";
ids = lookupIds service.hostName "host";
in [
(is.eq meta.oifname "mvm-${service.hostName}")
(is.eq ip.protocol (f: with f; set (map (protocolEnumToNft f) service.protocol)))
(is.eq ip.saddr "10.80.${toString ids.groupId}.1")
(is.eq ip.daddr "10.80.${toString ids.groupId}.${toString ids.taskId}")
(is.eq th.dport service.port)
accept
]
)));
};
};
}

357
nixos/modules/microvm-extras.nix
View file

@ -1,357 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkOption
mkEnableOption
types
;
cfg = config.microvm;
intToHex = int:
{
"0" = "00";
"1" = "01";
"2" = "02";
"3" = "03";
"4" = "04";
"5" = "05";
"6" = "06";
"7" = "07";
"8" = "08";
"9" = "09";
"10" = "0a";
"11" = "0b";
"12" = "0c";
"13" = "0d";
"14" = "0e";
"15" = "0f";
"16" = "10";
"17" = "11";
"18" = "12";
"19" = "13";
"20" = "14";
"21" = "15";
"22" = "16";
"23" = "17";
"24" = "18";
"25" = "19";
"26" = "1a";
"27" = "1b";
"28" = "1c";
"29" = "1d";
"30" = "1e";
"31" = "1f";
"32" = "20";
"33" = "21";
"34" = "22";
"35" = "23";
"36" = "24";
"37" = "25";
"38" = "26";
"39" = "27";
"40" = "28";
"41" = "29";
"42" = "2a";
"43" = "2b";
"44" = "2c";
"45" = "2d";
"46" = "2e";
"47" = "2f";
"48" = "30";
"49" = "31";
"50" = "32";
"51" = "33";
"52" = "34";
"53" = "35";
"54" = "36";
"55" = "37";
"56" = "38";
"57" = "39";
"58" = "3a";
"59" = "3b";
"60" = "3c";
"61" = "3d";
"62" = "3e";
"63" = "3f";
"64" = "40";
"65" = "41";
"66" = "42";
"67" = "43";
"68" = "44";
"69" = "45";
"70" = "46";
"71" = "47";
"72" = "48";
"73" = "49";
"74" = "4a";
"75" = "4b";
"76" = "4c";
"77" = "4d";
"78" = "4e";
"79" = "4f";
"80" = "50";
"81" = "51";
"82" = "52";
"83" = "53";
"84" = "54";
"85" = "55";
"86" = "56";
"87" = "57";
"88" = "58";
"89" = "59";
"90" = "5a";
"91" = "5b";
"92" = "5c";
"93" = "5d";
"94" = "5e";
"95" = "5f";
"96" = "60";
"97" = "61";
"98" = "62";
"99" = "63";
"100" = "64";
"101" = "65";
"102" = "66";
"103" = "67";
"104" = "68";
"105" = "69";
"106" = "6a";
"107" = "6b";
"108" = "6c";
"109" = "6d";
"110" = "6e";
"111" = "6f";
"112" = "70";
"113" = "71";
"114" = "72";
"115" = "73";
"116" = "74";
"117" = "75";
"118" = "76";
"119" = "77";
"120" = "78";
"121" = "79";
"122" = "7a";
"123" = "7b";
"124" = "7c";
"125" = "7d";
"126" = "7e";
"127" = "7f";
"128" = "80";
"129" = "81";
"130" = "82";
"131" = "83";
"132" = "84";
"133" = "85";
"134" = "86";
"135" = "87";
"136" = "88";
"137" = "89";
"138" = "8a";
"139" = "8b";
"140" = "8c";
"141" = "8d";
"142" = "8e";
"143" = "8f";
"144" = "90";
"145" = "91";
"146" = "92";
"147" = "93";
"148" = "94";
"149" = "95";
"150" = "96";
"151" = "97";
"152" = "98";
"153" = "99";
"154" = "9a";
"155" = "9b";
"156" = "9c";
"157" = "9d";
"158" = "9e";
"159" = "9f";
"160" = "a0";
"161" = "a1";
"162" = "a2";
"163" = "a3";
"164" = "a4";
"165" = "a5";
"166" = "a6";
"167" = "a7";
"168" = "a8";
"169" = "a9";
"170" = "aa";
"171" = "ab";
"172" = "ac";
"173" = "ad";
"174" = "ae";
"175" = "af";
"176" = "b0";
"177" = "b1";
"178" = "b2";
"179" = "b3";
"180" = "b4";
"181" = "b5";
"182" = "b6";
"183" = "b7";
"184" = "b8";
"185" = "b9";
"186" = "ba";
"187" = "bb";
"188" = "bc";
"189" = "bd";
"190" = "be";
"191" = "bf";
"192" = "c0";
"193" = "c1";
"194" = "c2";
"195" = "c3";
"196" = "c4";
"197" = "c5";
"198" = "c6";
"199" = "c7";
"200" = "c8";
"201" = "c9";
"202" = "ca";
"203" = "cb";
"204" = "cc";
"205" = "cd";
"206" = "ce";
"207" = "cf";
"208" = "d0";
"209" = "d1";
"210" = "d2";
"211" = "d3";
"212" = "d4";
"213" = "d5";
"214" = "d6";
"215" = "d7";
"216" = "d8";
"217" = "d9";
"218" = "da";
"219" = "db";
"220" = "dc";
"221" = "dd";
"222" = "de";
"223" = "df";
"224" = "e0";
"225" = "e1";
"226" = "e2";
"227" = "e3";
"228" = "e4";
"229" = "e5";
"230" = "e6";
"231" = "e7";
"232" = "e8";
"233" = "e9";
"234" = "ea";
"235" = "eb";
"236" = "ec";
"237" = "ed";
"238" = "ee";
"239" = "ef";
"240" = "f0";
"241" = "f1";
"242" = "f2";
"243" = "f3";
"244" = "f4";
"245" = "f5";
"246" = "f6";
"247" = "f7";
"248" = "f8";
"249" = "f9";
"250" = "fa";
"251" = "fb";
"252" = "fc";
"253" = "fd";
"254" = "fe";
"255" = "ff";
}
.${toString int};
groupIdOption = mkOption {
type = types.int;
default = config.microvm.groupId;
};
taskIdOption = mkOption {
type = types.int;
};
tcpUdpConnectionOptions.options = {
target = mkOption {
type = types.str;
};
};
icmpConnectionOptions.options = {
target = mkOption {
type = types.str;
};
};
in {
options.microvm = {
enableExtras = mkEnableOption "Extras";
groupId = mkOption {
type = types.int;
};
taskId = mkOption {
type = types.int;
};
hostsHostName = mkOption {
type = types.str;
};
hostName = mkOption {
type = types.str;
};
connections = {
tcpUdp = mkOption {
type = with types;
listOf (submodule tcpUdpConnectionOptions);
default = [];
};
icmp = mkOption {
type = with types;
listOf (submodule icmpConnectionOptions);
default = [];
};
};
};
config = {
networking.hostName = "${cfg.hostName}-${cfg.hostsHostName}";
microvm.interfaces = [
{
type = "tap";
# interface name on the host
id = "mvm-${cfg.hostName}";
# Ethernet address of the MicroVM's interface, not the host's
#
# Locally administered have one of 2/6/A/E in the second nibble.
mac = "02:00:00:00:${intToHex cfg.groupId}:${intToHex cfg.taskId}";
}
];
services.udev.extraRules = ''
ATTR{address}=="02:00:00:00:${intToHex cfg.groupId}:${intToHex cfg.taskId}", NAME="eth0"
'';
networking.interfaces."eth0" = {
ipv4.addresses = [
{
address = "10.80.${toString cfg.groupId}.${toString cfg.taskId}";
prefixLength = 24;
}
];
};
};
}