feat: push current WIPs

Signed-off-by: Anthony Rabbito <[email protected]>

flake.nix

@@ -8,6 +8,8 @@
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
     nix-darwin.url = "github:LnL7/nix-darwin";
     nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
+    gomod2nix.url = "github:nix-community/gomod2nix";
+    gomod2nix.inputs.nixpkgs.follows = "nixpkgs";
     hardware.url = "github:nixos/nixos-hardware";
     sops-nix.url = "github:mic92/sops-nix";
     disko.url = "github:nix-community/disko";
@@ -28,7 +30,7 @@
     };
   };
 
-  outputs = { self, disko, nix-darwin, nixpkgs, nixpkgs-unstable, home-manager, chaotic
+  outputs = { self, disko, gomod2nix, nix-darwin, nixpkgs, nixpkgs-unstable, home-manager, chaotic
     , jovian-nixos, nix-github-actions, ... }@inputs:
     let
       inherit (self) outputs;
@@ -39,6 +41,9 @@
         import nixpkgs {
           inherit system;
           config.allowUnfree = true;
+          overlays = [
+            gomod2nix.overlays.default
+          ];
         });
       withPrefix = prefix:
         lib.mapAttrs' (name: value: {
@@ -49,7 +54,7 @@
     in {
       githubActions = nix-github-actions.lib.mkGithubMatrix {
         # aarch64-linux is not supported by GitHub
-        checks = nixpkgs.lib.getAttrs [ "x86_64-linux" "x86_64-darwin" ] self.checks;
+        checks = nixpkgs.lib.getAttrs [ "x86_64-linux" ] self.checks;
         attrPrefix = "";
       };
       packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; });
@@ -80,6 +85,7 @@
           specialArgs = { inherit inputs outputs; };
           modules = [
             ./nixos/hosts/fw1.nwk3.rabbito.tech
+            chaotic.nixosModules.default
           ];
         };
       };

nixos/hosts/f80.nwk3.rabbito.tech/default.nix

@@ -48,5 +48,5 @@
   # Debugging Gamescope
   environment.systemPackages = [ pkgs.gdb ];
   chaotic.nyx.overlay.onTopOf = "user-pkgs";
-
+  chaotic.scx.enable = true;
 }

nixos/hosts/fw1.nwk3.rabbito.tech/default.nix

@@ -129,6 +129,7 @@
       (common) {
         log error
         reload
+        # TODO: Use something like https://github.com/StevenBlack/hosts santized on cron
         loop
         loadbalance
         cache
@@ -140,11 +141,6 @@
           ttl 1
           reload 300ms
         }
-        template ANY ANY {
-          match (?:^|\.)(?:deviceenrollment|mdmenrollment|iprofiles|wifi)?\.(?:.{1,3})+
-          rcode NXDOMAIN
-          fallthrough
-        }
       }
 
 

nixos/personalities/server/default.nix

@@ -38,7 +38,6 @@
     prosecuted by law. By accessing this system, you agree that your actions
     may be monitored if unauthorized usage is suspected.
   '';
-
-  # TODO: Configure your system-wide user settings (groups, etc), add more users as needed.
-
+  boot.kernelPackages = pkgs.linuxPackages_cachyos-server;
+  chaotic.scx.enable = true;
 }

nixos/personalities/server/router.nix

@@ -1,16 +1,19 @@
-{ inputs, config, pkgs, ... }:
+{ inputs, config, pkgs, lib, ... }:
 {
  imports = [
    ./default.nix
-  #  ./tailscale.nix
+   ./tailscale.nix
    ../base
  ];
-
+  # Typically enabled in base but since we're a router we want all the control
+  networking.networkmanager.enable = lib.mkForce false;
   boot = {
     kernel = {
       sysctl = {
         "net.ipv4.conf.all.forwarding" = true;
         "net.ipv6.conf.all.forwarding" = true;
+        # TODO: Configure IPV6
+        # "net.ipv6.conf.wan.disable_ipv6" = true;
         "net.ipv6.conf.all.accept_ra" = 0;
         "net.ipv6.conf.all.autoconf" = 0;
         "net.ipv6.conf.all.use_tempaddr" = 0;
@@ -80,17 +83,32 @@
   };
   services.coredns = {
     enable = true;
-    # TODO: Move to overlay to disable check
-    # package = pkgs.coredns.override {
-    #   doCheck = false;
-    #   externalPlugins = [
-    #     {
-    #       name = "k8s_gateway";
-    #       repo = "github.com/ori-edge/k8s_gateway";
-    #       version = "3645f683ae8ccebf8eae21d675874d8f8f7b54fa";
-    #     }
-    #   ];
-    #   vendorHash = "sha256-Szj2uaml4qEXQPnXbhzJ2AmLpAHtYL123vSb0nSJFfw=";
-    # };
+    # https://github.com/NixOS/nixpkgs/issues/307750
+    package = pkgs.coredns-snowflake;
+  };
+  services.radvd = {
+    enable = true;
+    config = ''
+      interface vlan100 {
+          IgnoreIfMissing on;
+          AdvDefaultPreference high;
+          MaxRtrAdvInterval 600;
+          AdvReachableTime 0;
+          AdvIntervalOpt on;
+          AdvSendAdvert on;
+          AdvOtherConfigFlag off;
+          AdvRetransTimer 0;
+          AdvCurHopLimit 64;
+          prefix ::/0 {
+              AdvAutonomous on;
+              AdvValidLifetime 2592000;
+              AdvOnLink on;
+              AdvPreferredLifetime 14400;
+              DeprecatePrefix off;
+              DecrementLifetimes off;
+          };
+      };
+
+    '';
   };
 }

overlays/default.nix

@@ -17,27 +17,6 @@
   # You can change versions, add patches, set compilation flags, anything really.
   # https://nixos.wiki/wiki/Overlays
   modifications = final: prev: {
-    # example = prev.example.overrideAttrs (oldAttrs: rec {
-    # ...
-    # });
-    # kdePackages = prev.kdePackages // {
-    #   kwin = prev.kdePackages.kwin.overrideAttrs (old: {
-    #     src = final.fetchFromGitLab {
-    #       domain = "invent.kde.org";
-    #       owner = "plasma";
-    #       repo = "kwin";
-    #       rev = "0fef229587d642e6175f39abc45fc839baffe1f1";
-    #       hash = "sha256-obRUX6D00SNneHxqBmxIEdNA+VG9EFZn4c2mqybX14M=";
-    #     };
-    #     patches = (old.patches or []) ++ [
-    #       (final.fetchpatch {
-    #         url =
-    #           "https://invent.kde.org/plasma/kwin/-/merge_requests/4800.patch";
-    #         sha256 = "sha256-O7i2j2aElv5tUZSyMXGrPs3A0PYdYzfXHgrjIgKvVgE=";
-    #       })
-    #     ];
-    #   });
-    # };
     lunarvim = prev.lunarvim.overrideAttrs (oldAttrs: {
       src = final.fetchFromGitHub {
         owner = "LunarVim";
@@ -56,17 +35,6 @@
         final.clang
       ];
     });
-    # mesa = prev.mesa.overrideAttrs (oldAttrs: {
-    #   mesonFlags = final.lib.remove "-Db_ndebug=true" oldAttrs.mesonFlags ++ [
-    #     "-Dc_args=-fno-omit-frame-pointer"
-    #     "-Dc_link_args=-fno-omit-frame-pointer"
-    #     "-Dcpp_args=-fno-omit-frame-pointer"
-    #     "-Dcpp_link_args=-fno-omit-frame-pointer"
-    #     "--buildtype=debugoptimized"
-    #     # "--strip=false"
-    #     "-Db_sanitize=${builtins.concatStringsSep "," ["address" "undefined"]}"
-    #   ];
-    # });
     xpadneo = prev.xpadneo.overrideAttrs (oldAttrs: {
       version = "git.74dd867";
       src = final.fetchFromGitHub {
@@ -104,10 +72,6 @@
       '';
       buildInputs = oldAttrs.buildInputs ++ [ final.glib ];
     });
-    sunshine = prev.sunshine.overrideAttrs (oldAttrs: {
-      cmakeFlags = oldAttrs.cmakeFlags
-        ++ [ "-DSUNSHINE_ENABLE_TRAY=OFF" "-DSUNSHINE_REQUIRE_TRAY=OFF" ];
-    });
     discord = prev.discord.overrideAttrs (oldAttrs: {
       withOpenASAR = true;
       withVencord = true;

pkgs/coredns-snowflake/default.nix

@@ -0,0 +1,85 @@
+{ lib
+, stdenv
+, buildGoModule
+, fetchFromGitHub
+, installShellFiles
+, externalPlugins ? []
+, vendorHash ? "sha256-+IbkwbzWnBiGFb1OoSMHmsTFrtokxOI81ueQ29Xvmm8="
+}:
+
+let
+  attrsToPlugins = attrs:
+    builtins.map ({name, repo, version}: "${name}:${repo}") attrs;
+  attrsToSources = attrs:
+    builtins.map ({name, repo, version}: "${repo}@${version}") attrs;
+in buildGoModule rec {
+  pname = "coredns";
+  version = "1.11.1";
+
+  src = fetchFromGitHub {
+    owner = "coredns";
+    repo = "coredns";
+    rev = "v${version}";
+    sha256 = "sha256-XZoRN907PXNKV2iMn51H/lt8yPxhPupNfJ49Pymdm9Y=";
+  };
+
+  inherit vendorHash;
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  outputs = [ "out" "man" ];
+
+  doCheck = false;
+
+  # Override the go-modules fetcher derivation to fetch plugins
+  modBuildPhase = ''
+    echo blocklist:github.com/relekang/coredns-blocklist >> plugin.cfg
+    echo tailscale:github.com/damomurf/coredns-tailscale >> plugin.cfg
+    echo k8s_gateway:github.com/ori-edge/k8s_gateway >> plugin.cfg
+    go mod tidy
+    go mod vendor
+    GOOS= GOARCH= go generate
+    go mod tidy
+    go mod vendor
+  '';
+
+  modInstallPhase = ''
+    mv -t vendor go.mod go.sum plugin.cfg
+    cp -r --reflink=auto vendor "$out"
+  '';
+
+  preBuild = ''
+    chmod -R u+w vendor
+    mv -t . vendor/go.{mod,sum} vendor/plugin.cfg
+
+    GOOS= GOARCH= go generate
+  '';
+
+  postPatch = ''
+    substituteInPlace test/file_cname_proxy_test.go \
+      --replace "TestZoneExternalCNAMELookupWithProxy" \
+                "SkipZoneExternalCNAMELookupWithProxy"
+
+    substituteInPlace test/readme_test.go \
+      --replace "TestReadme" "SkipReadme"
+
+    # this test fails if any external plugins were imported.
+    # it's a lint rather than a test of functionality, so it's safe to disable.
+    substituteInPlace test/presubmit_test.go \
+      --replace "TestImportOrdering" "SkipImportOrdering"
+  '' + lib.optionalString stdenv.isDarwin ''
+    # loopback interface is lo0 on macos
+    sed -E -i 's/\blo\b/lo0/' plugin/bind/setup_test.go
+  '';
+
+  postInstall = ''
+    installManPage man/*
+  '';
+
+  meta = with lib; {
+    homepage = "https://coredns.io";
+    description = "A DNS server that runs middleware";
+    mainProgram = "coredns";
+    license = licenses.asl20;
+  };
+}

pkgs/default.nix

@@ -1,9 +1,11 @@
 # Custom packages, that can be defined similarly to ones from nixpkgs
 # You can build them using 'nix build .#example' or (legacy) 'nix-build -A example'
 
-{ pkgs ? (import ../nixpkgs.nix) { } }: {
+{ pkgs, inputs ? (import ../nixpkgs.nix) { } }: {
   # example = pkgs.callPackage ./example { };
   wayland-push-to-talk-fix = pkgs.callPackage ./wayland-push-to-talk-fix { };
   vulkan-hdr-layer = pkgs.callPackage ./vulkan-hdr-layer { };
   discover-overlay = pkgs.python3Packages.callPackage ./discover-overlay { };
+  # FIXME: Make this a overlay
+  coredns-snowflake = pkgs.callPackage ./coredns-snowflake { };
 }