Revamp network config #77

nerf · 2025-03-31T00:34:06Z

nerf commented

2025-03-31 00:34:06 +00:00

Given the time of day, I would be surprised if this works out without a request for changes.
I didn't touched bragi here, that one is special, even though bragi could assemble its config by
a very similar logic from nixos/roles/hostmap.nix. This is a small push towards [#33]

Given the time of day, I would be surprised if this works out without a request for changes. I didn't touched bragi here, that one is special, even though bragi could assemble its config by a very similar logic from `nixos/roles/hostmap.nix`. This is a small push towards [#33]

nerf added 1 commit 2025-03-31 00:34:07 +00:00

populate ip address based on hostname and populate the hostfile with other vm ips c78fca0751

Gonne requested changes 2025-03-31 07:36:22 +00:00

Dismissed

Gonne left a comment

I would now assume that nixos/modules/vmNetwork.nix only gets imported by nixos/roles/vm.nix and not nixos/${machine}/configuration.nix.

I would now assume that `nixos/modules/vmNetwork.nix` only gets imported by `nixos/roles/vm.nix` and not `nixos/${machine}/configuration.nix`.

nixos/roles/hostmap.nix Outdated

					
				@ -0,0 +16,4 @@

				  "192.168.0.26" = ["toth"];

				  "192.168.0.27" = ["ithaqua"];

				  "192.168.0.28" = ["nyarlathotep"];

				  "192.168.0.29" = ["nixos-installer"];

Gonne commented

2025-03-31 07:18:36 +00:00

This vm does not exist anymore and I deleted its record on azathoth now.

nerf marked this conversation as resolved

nixos/roles/hostmap.nix Outdated

					
				@ -0,0 +18,4 @@

				  "192.168.0.28" = ["nyarlathotep"];

				  "192.168.0.29" = ["nixos-installer"];

				  "192.168.0.30" = ["cthugha"];

				  "192.168.0.40" = ["nerf-nixos-testlab"];

Gonne commented

2025-03-31 07:18:45 +00:00

This vm does not exist anymore and I deleted its record on azathoth now.

nerf marked this conversation as resolved

nixos/roles/vmNetwork.nix Outdated

					
				@ -0,0 +1,30 @@

				# This module assumes that every hostName of a machine in this repo only appears in one of the ip addresses,

Gonne commented

2025-03-31 07:20:01 +00:00

Will this assumption fail with IPv6?

Can we perhaps instead manage a record containing records of per-vm network config? Then we could extract and complete this towards it network config and generate the hostfile via some function.

I imagine some structure like

{
lobon = {
  interfaces.enX0.ipv4.addresses = [
    {
      address = "192.168.0.22";
    }
  ];
};
nyarlathotep =  …
};

Will this assumption fail with IPv6? Can we perhaps instead manage a record containing records of per-vm network config? Then we could extract and complete this towards it network config and generate the hostfile via some function. I imagine some structure like ``` { lobon = { interfaces.enX0.ipv4.addresses = [ { address = "192.168.0.22"; } ]; }; nyarlathotep = … }; ```

nerf commented

2025-03-31 12:12:02 +00:00

I did not spend a single thought about ipv6, I wanted to restructure the existing config not add new features.

In general we could do something similar this, I choose this way, because it directly corresponds to hostfiles.
What are we doing with hostfile entries that are not nix machines?

Right now we just specify exactly one ipv4 and let all the interface set up to modules/vmNetworking.nix. This already assumes exactly one ipv4 address, and always configures enX0. Adding support for a singular ipv6 address should be easy (and still feels out of scope to me). (But I see that extracting two different types of addresses out of this hostfile like syntax would be annoying).

Do we want support for different interfaces and multiple addresses per nix machine? If we don't need it, it
will only make the config more repetitive.

So if we want to turn the structure around i would propose something like

{
lobon = {
  ipv4 = "192.168.0.22";
};
nyarlathotep = ...
}

which is less flexible, but also comes with less overhead that we might not need.

I did not spend a single thought about ipv6, I wanted to restructure the existing config not add new features. In general we could do something similar this, I choose this way, because it directly corresponds to hostfiles. What are we doing with hostfile entries that are not nix machines? Right now we just specify exactly one ipv4 and let all the interface set up to `modules/vmNetworking.nix`. This already assumes exactly one ipv4 address, and always configures `enX0`. Adding support for a singular ipv6 address should be easy (and still feels out of scope to me). (But I see that extracting two different types of addresses out of this hostfile like syntax would be annoying). Do we want support for different interfaces and multiple addresses per nix machine? If we don't need it, it will only make the config more repetitive. So if we want to turn the structure around i would propose something like ``` { lobon = { ipv4 = "192.168.0.22"; }; nyarlathotep = ... } ``` which is less flexible, but also comes with less overhead that we might not need.

Gonne commented

2025-03-31 13:26:28 +00:00

I did not spend a single thought about ipv6, I wanted to restructure the existing config not add new features.

Fair. I mentioned it because introducing it might make all the effort spent here obsolete and thus polishing a non-compatible solution might be a waste of time. Otherwise, we don't need to include it now.

In general we could do something similar this, I choose this way, because it directly corresponds to hostfiles.
What are we doing with hostfile entries that are not nix machines?

Since we may have dependencies on non-nix vms (e.g. sanctamariamaterdei), I prefer to include them perhaps the way you currently do with all vms.

Do we want support for different interfaces and multiple addresses per nix machine? If we don't need it, it
will only make the config more repetitive.

I don't see where we need multiple interfaces, but IPv6 usually has multiple addresses per interface (global, link-local, ?).

So if we want to turn the structure around i would propose something like
lobon = {
  ipv4 = "192.168.0.22";
};
nyarlathotep = ...
}
which is less flexible, but also comes with less overhead that we might not need.

👍

> I did not spend a single thought about ipv6, I wanted to restructure the existing config not add new features. Fair. I mentioned it because introducing it might make all the effort spent here obsolete and thus polishing a non-compatible solution might be a waste of time. Otherwise, we don't need to include it now. > In general we could do something similar this, I choose this way, because it directly corresponds to hostfiles. > What are we doing with hostfile entries that are not nix machines? Since we may have dependencies on non-nix vms (e.g. `sanctamariamaterdei`), I prefer to include them perhaps the way you currently do with all vms. > Do we want support for different interfaces and multiple addresses per nix machine? If we don't need it, it will only make the config more repetitive. I don't see where we need multiple interfaces, but IPv6 usually has multiple addresses per interface (global, link-local, ?). > So if we want to turn the structure around i would propose something like > ```{ > lobon = { > ipv4 = "192.168.0.22"; > }; > nyarlathotep = ... > } > ``` > which is less flexible, but also comes with less overhead that we might not need. 👍

nerf commented

2025-03-31 13:59:53 +00:00

shouldn't we get all the non global ipv6 stuff from SLAAC?
And if not we could still do

lobon = {
  ipv4 = "192,168.0.22";
  ipv6 = { some complicated structure};
};

shouldn't we get all the non global ipv6 stuff from SLAAC? And if not we could still do ``` lobon = { ipv4 = "192,168.0.22"; ipv6 = { some complicated structure}; }; ```

👍 1

Gonne marked this conversation as resolved

nixos/roles/vmNetwork.nix Outdated

					
				@ -0,0 +2,4 @@

				# to derive the ip adress based on the hostname this will need patching if we will ever have a vm with multiple

				# outward facing network interfaces.

				# (other hostnames can appear multiple times)

				{

Gonne commented

2025-03-31 07:35:41 +00:00

I don't see why this is a role and not part of the vmNetwork module.

I don't see why this is a role and not part of the `vmNetwork` module.

nerf commented

2025-03-31 12:14:59 +00:00

I does not eat config options. This distinction is kind of weird and we inherited it from maralorn to have some starting point. It felt to me like it is more part of having the vm role, (this is also why it is hooked via roles/vm.nix ), than being an alone standing module. But I don't have hard feelings about that.

I also thought about integrating modules/vmNetwork.nix into this role (as the argument is now superfluous).

I does not eat config options. This distinction is kind of weird and we inherited it from maralorn to have some starting point. It felt to me like it is more part of having the vm role, (this is also why it is hooked via `roles/vm.nix` ), than being an alone standing module. But I don't have hard feelings about that. I also thought about integrating `modules/vmNetwork.nix` into this role (as the argument is now superfluous).

Gonne commented

2025-03-31 13:16:14 +00:00

I don't really have an opinion either.

Gonne marked this conversation as resolved

nerf force-pushed networking from c78fca0751 to a8bab398ce

2025-03-31 11:59:03 +00:00

Compare

nerf force-pushed networking from a8bab398ce to cfec4e9f32

2025-03-31 12:17:07 +00:00

Compare

requested review from Gonne

2025-03-31 12:20:27 +00:00

removed review request for Gonne

2025-03-31 14:05:09 +00:00

nerf changed title from ~~Revamp network config~~ to WIP: Revamp network config

2025-03-31 14:05:18 +00:00

nerf force-pushed networking from cfec4e9f32 to e9375ad338

2025-03-31 21:11:15 +00:00

Compare

nerf changed title from ~~WIP: Revamp network config~~ to Revamp network config

2025-03-31 21:11:29 +00:00

requested review from Gonne

2025-03-31 21:11:31 +00:00

nerf force-pushed networking from e9375ad338 to d5302456bb

2025-03-31 21:17:03 +00:00

Compare

nerf force-pushed networking from d5302456bb to f815391cbc

2025-04-01 10:29:43 +00:00

Compare

nerf force-pushed networking from f815391cbc to 55fa0f193a

2025-04-01 11:05:23 +00:00

Compare

nerf force-pushed networking from 55fa0f193a to e42e9f0ff7

2025-04-01 11:06:08 +00:00

Compare

nerf force-pushed networking from e42e9f0ff7 to adb8640f6d

2025-04-01 11:07:47 +00:00

Compare

Gonne requested changes 2025-04-01 12:59:23 +00:00

Dismissed

nixos/roles/hostmap.nix Outdated

					
				@ -0,0 +50,4 @@

				  };

				  cthugha = {

				    ipv4 = "192.168.0.30";

				  };

Gonne commented

2025-04-01 12:50:04 +00:00

192.168.0.92 sanctamariamaterdei is missing

`192.168.0.92 sanctamariamaterdei` is missing

nerf force-pushed networking from adb8640f6d to ec77890814

2025-04-01 14:22:56 +00:00

Compare

requested review from Gonne

2025-04-01 14:23:06 +00:00

nerf added 1 commit 2025-04-01 15:03:28 +00:00

replaced ip addresses with hostnames 99871928f9

nerf reviewed 2025-04-01 15:04:23 +00:00

nixos/modules/mailman.nix

					
				@ -118,3 +118,3 @@

				        BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";

				      };

				      repo = "borg@192.168.1.11:lobon"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33

				      repo = "borg@bragi:lobon"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33

nerf commented

2025-04-01 15:04:23 +00:00

should the repo name lobon be hardcoded?

should the repo name `lobon` be hardcoded?

Gonne commented

2025-04-01 15:54:18 +00:00

Probably not.

nerf commented

2025-04-01 17:13:42 +00:00

Feels out of scope, I just noted as i changed the ip to a hostname

nerf reviewed 2025-04-01 15:04:43 +00:00

nixos/modules/mail.nix

					
				@ -359,3 +359,3 @@

				        BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";

				      };

				      repo = "borg@192.168.1.11:nyarlathotep"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33

				      repo = "borg@bragi:nyarlathotep"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33