From 97d1f68e9cddc41b09f749c4dddf807ecb550289 Mon Sep 17 00:00:00 2001 From: clerie Date: Wed, 28 Aug 2024 08:39:17 +0200 Subject: [PATCH 1/5] hosts/web-2: Reduce log verbosity of gitea daemon --- hosts/web-2/gitea.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/web-2/gitea.nix b/hosts/web-2/gitea.nix index 9d79426..7a08857 100644 --- a/hosts/web-2/gitea.nix +++ b/hosts/web-2/gitea.nix @@ -15,7 +15,7 @@ lfs.enable = true; settings = { log = { - LEVEL = "Info"; + LEVEL = "Warn"; }; database = { CHARSET = "utf8"; From 3fe7721847ade8e9e3b490ea4cc8e1fe5173b288 Mon Sep 17 00:00:00 2001 From: clerie Date: Wed, 28 Aug 2024 08:46:57 +0200 Subject: [PATCH 2/5] hosts/web-2: Bind Gitea to IPv6 --- hosts/web-2/gitea.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/web-2/gitea.nix b/hosts/web-2/gitea.nix index 7a08857..49e23b8 100644 --- a/hosts/web-2/gitea.nix +++ b/hosts/web-2/gitea.nix @@ -28,7 +28,7 @@ server = { ROOT_URL = "https://git.clerie.de/"; DOMAIN = "git.clerie.de"; - HTTP_ADDRESS = "127.0.0.1"; + HTTP_ADDRESS = "::1"; HTTP_PORT = 3000; OFFLINE_MODE = true; LANDING_PAGE = "explore"; @@ -80,7 +80,7 @@ forceSSL = true; locations = { "/" = { - proxyPass = "http://localhost:3000"; + proxyPass = "http://[::1]:3000"; }; }; extraConfig = '' From 954c033e06233f06cb1748702cad62bb0fe12ac0 Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 5 Sep 2024 05:53:54 +0200 Subject: [PATCH 3/5] configuration/desktop: Fix renamed gnome packages --- configuration/desktop/gnome.nix | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/configuration/desktop/gnome.nix b/configuration/desktop/gnome.nix index ee4fdac..33c55a5 100644 --- a/configuration/desktop/gnome.nix +++ b/configuration/desktop/gnome.nix @@ -6,23 +6,23 @@ tracker.enable = false; }; - environment.gnome.excludePackages = with pkgs.gnome; [ - pkgs.baobab - pkgs.epiphany - pkgs.gnome-calendar + environment.gnome.excludePackages = with pkgs; [ + baobab + epiphany + gnome-calendar gnome-clocks - pkgs.gnome-console + gnome-console gnome-contacts gnome-logs gnome-maps gnome-music - pkgs.gnome-tour - pkgs.gnome-photos + gnome-tour + gnome-photos gnome-weather - pkgs.gnome-connections - pkgs.simple-scan - pkgs.yelp - pkgs.geary + gnome-connections + simple-scan + yelp + geary ]; environment.systemPackages = with pkgs; [ From e96d95dd0a5c02ef22d7afaa3654847e8efbd403 Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 5 Sep 2024 12:46:09 +0200 Subject: [PATCH 4/5] modules/dhcpcd-prefixdelegation: Add dhcpcd module specifically for prefixdelegation --- hosts/carbon/ppp.nix | 29 ++-- modules/default.nix | 1 + modules/dhcpcd-prefixdelegation/default.nix | 144 ++++++++++++++++++++ 3 files changed, 158 insertions(+), 16 deletions(-) create mode 100644 modules/dhcpcd-prefixdelegation/default.nix diff --git a/hosts/carbon/ppp.nix b/hosts/carbon/ppp.nix index 1de2f19..77e6270 100644 --- a/hosts/carbon/ppp.nix +++ b/hosts/carbon/ppp.nix @@ -57,22 +57,19 @@ ip46tables -t mangle -A forward-mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1416 ''; - networking.interfaces.net-heimnetz.useDHCP = true; - - networking.dhcpcd = { - enable = false; - allowInterfaces = [ - "net-heimnetz" - "ppp-dtagdsl" - ]; - wait = "ipv6"; - extraConfig = '' - ipv6only - noipv6rs - interface ppp-dtagdsl - ipv6rs - ia_pd 1/::/56 net-heimnetz/201/64 - ''; + networking.dhcpcd-prefixdelegation = { + enable = true; + interfaces = { + "ppp-dtagdsl" = { + iaid = 1; + interfaces = { + "net-heimnetz" = { + sla_id = 201; + prefix_len = 64; + }; + }; + }; + }; }; environment.etc."ppp/ipv6-up" = { diff --git a/modules/default.nix b/modules/default.nix index 09a16f8..41ba192 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -8,6 +8,7 @@ ./clerie-firewall ./clerie-gc-dir ./clerie-system-upgrade + ./dhcpcd-prefixdelegation ./minecraft-server ./monitoring ./nginx-port-forward diff --git a/modules/dhcpcd-prefixdelegation/default.nix b/modules/dhcpcd-prefixdelegation/default.nix new file mode 100644 index 0000000..a681efd --- /dev/null +++ b/modules/dhcpcd-prefixdelegation/default.nix @@ -0,0 +1,144 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.networking.dhcpcd-prefixdelegation; + + downstreamInterfaceConfig = name: opts: "${name}${ + optionalString (opts.sla_id != null) "/${builtins.toString opts.sla_id}${ + optionalString (opts.prefix_len != null) "/${builtins.toString opts.prefix_len}${ + optionalString (opts.suffix != null) "/${opts.suffix}" + }" + }" + }"; + + interfaceConfig = name: opts: '' + interface ${name} + ipv6rs + ia_pd ${builtins.toString opts.iaid}${ + optionalString (opts.prefix != null) "/${opts.prefix}${ + optionalString (opts.prefix_len != null) "/${builtins.toString opts.prefix_len}" + }" + } ${concatMapStringsSep " " ({name, value}: downstreamInterfaceConfig name value) (attrsToList opts.interfaces)} + ''; + + + dhcpcdConf = pkgs.writeText "dhcpcd.conf" '' + duid + noipv6rs + waitip 6 + ipv6only + + allowinterfaces ${concatStringsSep " " (builtins.attrNames cfg.interfaces)} ${concatMapStringsSep " " ({name, value}: concatStringsSep "" (builtins.attrNames value.interfaces)) (attrsToList cfg.interfaces)} + + ${concatMapStringsSep "\n" ({name, value}: interfaceConfig name value) (attrsToList cfg.interfaces)} + ''; + + downstreamInterfaceOpts = { ... }: { + options = { + sla_id = mkOption { + type = with types; nullOr ints.unsigned; + default = null; + }; + + prefix_len = mkOption { + type = with types; nullOr ints.unsigned; + default = null; + }; + + suffix = mkOption { + type = with types; nullOr str; + default = null; + }; + }; + }; + + interfaceOpts = { ... }: { + options = { + iaid = mkOption { + type = with types; ints.unsigned; + description = '' + Request a delegated prefix with this IAID on this interface + ''; + }; + + prefix = mkOption { + type = with types; nullOr str; + default = null; + }; + + prefix_len = mkOption { + type = with types; nullOr ints.unsigned; + default = null; + }; + + interfaces = mkOption { + type = with types; attrsOf (submodule downstreamInterfaceOpts); + default = {}; + description ='' + Interfaces to assign IPv6 prefixes to + ''; + }; + }; + }; + +in + +{ + + options = { + + networking.dhcpcd-prefixdelegation = { + enable = mkEnableOption "dhcpcd for prefixdelegation"; + + interfaces = mkOption { + type = with types; attrsOf (submodule interfaceOpts); + default = {}; + description = '' + Interfaces to request IPv6 prefixes from + ''; + }; + }; + }; + + config = mkIf cfg.enable { + + environment.etc."dhcpcd.conf".source = dhcpcdConf; + + systemd.services.dhcpcd-prefixdelegation = { + description = "DHCP Client for IPv6 Prefix Delegation"; + + wantedBy = [ "multi-user.target" ]; + wants = [ "network.target" ]; + before = [ "network-online.target" ]; + + # Stopping dhcpcd during a reconfiguration is undesirable + # because it brings down the network interfaces configured by + # dhcpcd. So do a "systemctl restart" instead. + stopIfChanged = false; + + path = [ pkgs.dhcpcd ]; + + unitConfig.ConditionCapability = "CAP_NET_ADMIN"; + + serviceConfig = + { Type = "forking"; + PIDFile = "/run/dhcpcd/pid"; + RuntimeDirectory = "dhcpcd"; + ExecStart = "@${pkgs.dhcpcd}/sbin/dhcpcd dhcpcd --quiet --config ${dhcpcdConf}"; + ExecReload = "${pkgs.dhcpcd}/sbin/dhcpcd --rebind"; + Restart = "always"; + }; + }; + + users.users.dhcpcd = { + isSystemUser = true; + group = "dhcpcd"; + }; + users.groups.dhcpcd = {}; + + }; + +} From 78a76b116e9de026d2517ea3ca9c08bc5b4f5b46 Mon Sep 17 00:00:00 2001 From: Flake Update Bot Date: Fri, 6 Sep 2024 03:04:02 +0200 Subject: [PATCH 5/5] Update nixpkgs 2024-09-06-01-03 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 44d0360..1028c06 100644 --- a/flake.lock +++ b/flake.lock @@ -288,11 +288,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1725432240, + "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "ad416d066ca1222956472ab7d0555a6946746a80", "type": "github" }, "original": {