jcaesar · November 29, 2024 14:42
diff --git a/.gitignore b/.gitignore
 *
 !flake.nix
 !flake.lock
diff --git a/flake.lock b/flake.lock
 {
  "nodes": {
    "nixpkgs": {
      "locked": {
        "lastModified": 1726346340,
        "narHash": "sha256-S15Ylznn8MBWIooDT65Z7E3h9N7XpB5VMx7ZdHZ/JGA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "c60562f3643f6c1604cba0c7177834266bd35af9",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "c60562f3643f6c1604cba0c7177834266bd35af9",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "nixpkgs": "nixpkgs"
      }
    }
  },
  "root": "root",
  "version": 7
 }
diff --git a/flake.nix b/flake.nix
 # nix run .#nixosConfigurations.fun.config.system.build.vm
 {
  outputs =
    {
      self,
      nixpkgs,
    }:

    let
      inherit (nixpkgs.lib)
        flip
        mapAttrs
        listToAttrs
        reverseList
        genList
        concatStringsSep
        getExe
        getExe'
        mkForce
        optional
        ;
      count = 12; # seems like the most hops is 13 anyway (and we're running one on the vm itself, and that has to peer somewhere)
      genCount = f: listToAttrs (genList (idx: f idx (toString idx)) count);
      strs = reverseList (genList (i: "c${toString i}") count);
      sstrs = concatStringsSep " " strs;
      common =
        { pkgs, lib, ... }:
        {
          services.cjdns = {
            enable = true;
            ETHInterface.bind = "all";
          };

          environment.systemPackages = [ pkgs.cjdns-tools ];
          networking.useDHCP = false;
          services.resolved.enable = false;
          systemd.network.wait-online.enable = false;
          systemd.network.enable = true;
          systemd.network.networks."vethpairs" = {
            matchConfig.Name = [
              "vea*"
              "veb*"
            ];
            networkEmulatorConfig.DelaySec = "5ms";
            networkConfig.LinkLocalAddressing = "no";
          };

          system.stateVersion = lib.trivial.release;
        };
      top =
        { pkgs, ... }:
        {
          imports = [ common ];
          services.getty.autologinUser = mkForce "root";
          systemd.network.netdevs = genCount (
            _: sidx: {
              name = "ve-${sidx}";
              value = {
                netdevConfig.Kind = "veth";
                netdevConfig.Name = "vea${sidx}";
                peerConfig.Name = "veb${sidx}";
              };
            }
          );
          systemd.network.networks."lan" = {
            matchConfig.Name = "eth*";
            networkConfig.DHCP = "yes";
          };

          services.cjdns.UDPInterface.bind = "0.0.0.0:1234";
          services.cjdns.UDPInterface.connectTo = {
            "45.32.152.232:5078" = {
              publicKey = "08bz912l989nzqc21q9x5qr96ns465nd71f290hb9q40z94jjw60.k";
              login = "default-login";
              password = "v277jzr7r3jgk0vk1389b2c3h0gy98t";
            };
            "170.75.162.17:9202" = {
              login = "public";
              password = "public";
              publicKey = "tcbvl7zf6d8127d1phgq1t01jqdtug7qwmfcg97lcstt22ct7jg0.k";
              # notes = "vps.ircerr.ca ircerr 100mb 2TB lunanode";
            };
            "78.46.87.243:25192" = {
              login = "public";
              password = "public";
              publicKey = "vb5wrlmnd3dq0z9nblbq2txftz71hufffl310yz503hu077lmtj0.k";
              peerName = "bbhub.ga";
              # Contact = "XMPP: [email protected]";
            };
          };

          boot.enableContainers = true;
          containers =
            let
              c = idx: sidx: {
                name = "c${sidx}";
                value = {
                  autoStart = true;
                  privateNetwork = true;
                  enableTun = true;
                  interfaces = [ "vea${sidx}" ] ++ optional (idx != 0) "veb${toString (idx - 1)}";
                  config = {
                    imports = [ common ];
                    networking.firewall.allowedTCPPorts = [ 80 ];
                    services.nginx = {
                      enable = true;
                      virtualHosts.default = {
                        default = true;
                        locations."/".extraConfig = ''
                          return 200 'You are ${sidx} steps away from the end';
                        '';
                      };
                    };
                  };
                };
              };
            in
            genCount c;

          environment.systemPackages = [
            (pkgs.writeScriptBin "chainjd-ping" ''
              #!/usr/bin/env bash
              for h in .host ${sstrs}; do
                ip="$(systemd-run -qPM $h ${getExe' pkgs.iproute2 "ip"} -brief address show to fc00::/8 | sed -rn 's/^tun0 *UNKNOWN  *([0-9a-f:]*)\/8 *$/\1/p')"
                timeout 3 ping -c1 $ip | grep 'bytes from'
              done
            '')
          ];

          systemd.services.collect-addrs =
            let
              aw = map (s: "container@${s}.service") strs;
            in
            {
              after = aw;
              requires = aw;
              script = ''
                set -uo pipefail
                mkdir -p /var/www
                (
                  echo "<html><head><title>Chain</title></head><body><ul>"
                  for h in ${sstrs}; do
                    ip=$(systemd-run -qPM $h ${getExe' pkgs.iproute2 "ip"} -brief address show to fc00::/8 | sed -rn 's/^tun0 *UNKNOWN  *([0-9a-f:]*)\/8 *$/\1/p')
                    echo "<li><a href=\"http://$ip\">$ip</a></li>"
                  done
                  echo "</ul></body></html>"
                ) >/var/www/index.html
              '';
              wantedBy = [ "default.target" ];
            };
          services.nginx = {
            enable = true;
            virtualHosts."default" = {
              root = "/var/www/";
              default = true;
            };
          };
        };
    in
    {
      packages = flip mapAttrs nixpkgs.legacyPackages (
        _: pkgs:
        let
          mkSys =
            attr: variant: mod:
            (pkgs.nixos (
              { modulesPath, ... }:
              {
                imports = [
                  top
                  mod
                  "${modulesPath}/${variant}"
                ];
              }
            )).config.system.build.${attr};
        in
        rec {
          # nix run .#vm
          vm = mkSys "vm" "virtualisation/qemu-vm.nix" {
            virtualisation.graphics = false;
            virtualisation.memorySize = 2048;
          };

          # nix build .#iso
          # qemu_kvm -m 1024 -cpu max -cdrom result/iso/*.iso
          iso = mkSys "isoImage" "installer/cd-dvd/iso-image.nix" {
            boot.kernelParams = [
              "console=ttyS0"
              "console=tty0"
            ];
          };

          runIso = pkgs.writeScriptBin "runIso" ''
            #!/bin/sh
            ${getExe pkgs.qemu_kvm} -m 2048 -cpu max -smp 1 -boot d -nographic -cdrom ${iso}/iso/nixos.iso
          '';
        }
      );
    };
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/c60562f3643f6c1604cba0c7177834266bd35af9";
 }
	{
	"nodes": {
	"nixpkgs": {
	"locked": {
	"lastModified": 1726346340,
	"narHash": "sha256-S15Ylznn8MBWIooDT65Z7E3h9N7XpB5VMx7ZdHZ/JGA=",
	"owner": "NixOS",
	"repo": "nixpkgs",
	"rev": "c60562f3643f6c1604cba0c7177834266bd35af9",
	"type": "github"
	},
	"original": {
	"owner": "NixOS",
	"repo": "nixpkgs",
	"rev": "c60562f3643f6c1604cba0c7177834266bd35af9",
	"type": "github"
	}
	},
	"root": {
	"inputs": {
	"nixpkgs": "nixpkgs"
	}
	}
	},
	"root": "root",
	"version": 7
	}
	# nix run .#nixosConfigurations.fun.config.system.build.vm
	{
	outputs =
	{
	self,
	nixpkgs,
	}:

	let
	inherit (nixpkgs.lib)
	flip
	mapAttrs
	listToAttrs
	reverseList
	genList
	concatStringsSep
	getExe
	getExe'
	mkForce
	optional
	;
	count = 12; # seems like the most hops is 13 anyway (and we're running one on the vm itself, and that has to peer somewhere)
	genCount = f: listToAttrs (genList (idx: f idx (toString idx)) count);
	strs = reverseList (genList (i: "c${toString i}") count);
	sstrs = concatStringsSep " " strs;
	common =
	{ pkgs, lib, ... }:
	{
	services.cjdns = {
	enable = true;
	ETHInterface.bind = "all";
	};

	environment.systemPackages = [ pkgs.cjdns-tools ];
	networking.useDHCP = false;
	services.resolved.enable = false;
	systemd.network.wait-online.enable = false;
	systemd.network.enable = true;
	systemd.network.networks."vethpairs" = {
	matchConfig.Name = [
	"vea*"
	"veb*"
	];
	networkEmulatorConfig.DelaySec = "5ms";
	networkConfig.LinkLocalAddressing = "no";
	};

	system.stateVersion = lib.trivial.release;
	};
	top =
	{ pkgs, ... }:
	{
	imports = [ common ];
	services.getty.autologinUser = mkForce "root";
	systemd.network.netdevs = genCount (
	_: sidx: {
	name = "ve-${sidx}";
	value = {
	netdevConfig.Kind = "veth";
	netdevConfig.Name = "vea${sidx}";
	peerConfig.Name = "veb${sidx}";
	};
	}
	);
	systemd.network.networks."lan" = {
	matchConfig.Name = "eth*";
	networkConfig.DHCP = "yes";
	};

	services.cjdns.UDPInterface.bind = "0.0.0.0:1234";
	services.cjdns.UDPInterface.connectTo = {
	"45.32.152.232:5078" = {
	publicKey = "08bz912l989nzqc21q9x5qr96ns465nd71f290hb9q40z94jjw60.k";
	login = "default-login";
	password = "v277jzr7r3jgk0vk1389b2c3h0gy98t";
	};
	"170.75.162.17:9202" = {
	login = "public";
	password = "public";
	publicKey = "tcbvl7zf6d8127d1phgq1t01jqdtug7qwmfcg97lcstt22ct7jg0.k";
	# notes = "vps.ircerr.ca ircerr 100mb 2TB lunanode";
	};
	"78.46.87.243:25192" = {
	login = "public";
	password = "public";
	publicKey = "vb5wrlmnd3dq0z9nblbq2txftz71hufffl310yz503hu077lmtj0.k";
	peerName = "bbhub.ga";
	# Contact = "XMPP: [email protected]";
	};
	};

	boot.enableContainers = true;
	containers =
	let
	c = idx: sidx: {
	name = "c${sidx}";
	value = {
	autoStart = true;
	privateNetwork = true;
	enableTun = true;
	interfaces = [ "vea${sidx}" ] ++ optional (idx != 0) "veb${toString (idx - 1)}";
	config = {
	imports = [ common ];
	networking.firewall.allowedTCPPorts = [ 80 ];
	services.nginx = {
	enable = true;
	virtualHosts.default = {
	default = true;
	locations."/".extraConfig = ''
	return 200 'You are ${sidx} steps away from the end';
	'';
	};
	};
	};
	};
	};
	in
	genCount c;

	environment.systemPackages = [
	(pkgs.writeScriptBin "chainjd-ping" ''
	#!/usr/bin/env bash
	for h in .host ${sstrs}; do
	ip="$(systemd-run -qPM $h ${getExe' pkgs.iproute2 "ip"} -brief address show to fc00::/8 \| sed -rn 's/^tun0 UNKNOWN ([0-9a-f:])\/8 $/\1/p')"
	timeout 3 ping -c1 $ip \| grep 'bytes from'
	done
	'')
	];

	systemd.services.collect-addrs =
	let
	aw = map (s: "container@${s}.service") strs;
	in
	{
	after = aw;
	requires = aw;
	script = ''
	set -uo pipefail
	mkdir -p /var/www
	(
	echo "<html><head><title>Chain</title></head><body><ul>"
	for h in ${sstrs}; do
	ip=$(systemd-run -qPM $h ${getExe' pkgs.iproute2 "ip"} -brief address show to fc00::/8 \| sed -rn 's/^tun0 UNKNOWN ([0-9a-f:])\/8 $/\1/p')
	echo "<li><a href=\"http://$ip\">$ip</a></li>"
	done
	echo "</ul></body></html>"
	) >/var/www/index.html
	'';
	wantedBy = [ "default.target" ];
	};
	services.nginx = {
	enable = true;
	virtualHosts."default" = {
	root = "/var/www/";
	default = true;
	};
	};
	};
	in
	{
	packages = flip mapAttrs nixpkgs.legacyPackages (
	_: pkgs:
	let
	mkSys =
	attr: variant: mod:
	(pkgs.nixos (
	{ modulesPath, ... }:
	{
	imports = [
	top
	mod
	"${modulesPath}/${variant}"
	];
	}
	)).config.system.build.${attr};
	in
	rec {
	# nix run .#vm
	vm = mkSys "vm" "virtualisation/qemu-vm.nix" {
	virtualisation.graphics = false;
	virtualisation.memorySize = 2048;
	};

	# nix build .#iso
	# qemu_kvm -m 1024 -cpu max -cdrom result/iso/*.iso
	iso = mkSys "isoImage" "installer/cd-dvd/iso-image.nix" {
	boot.kernelParams = [
	"console=ttyS0"
	"console=tty0"
	];
	};

	runIso = pkgs.writeScriptBin "runIso" ''
	#!/bin/sh
	${getExe pkgs.qemu_kvm} -m 2048 -cpu max -smp 1 -boot d -nographic -cdrom ${iso}/iso/nixos.iso
	'';
	}
	);
	};
	inputs.nixpkgs.url = "github:NixOS/nixpkgs/c60562f3643f6c1604cba0c7177834266bd35af9";
	}