kyle/imladris
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding straylight.

Browse Source
This commit is contained in:
Kyle Isom
2026-04-01 12:35:13 -07:00
parent fdd7104504
commit 0f1f0dcc78
3 changed files with 44 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
flake.nix
View File

@@ -66,6 +66,7 @@
"orion" "orion"
"rift" "rift"
"sk" "sk"
"straylight"
"vade" "vade"
] (hostName: lib.nixosSystem { ] (hostName: lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";

25
hw/orion/default.nix
View File

@@ -2,11 +2,32 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../configs/desktop.nix # orion started as a desktop with an interactive installer;
../../configs/qemu.nix # the disk is already provisioned.
# ./disk-config.nix
../../configs/mcpkg.nix ../../configs/mcpkg.nix
../../configs/mcp.nix
]; ];
config = {
# FIDO2 LUKS unlock (matches vade setup)
boot.initrd.luks.devices."crypted".crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
# Allow rootless containers (Podman) to bind port 53 for CoreDNS (MCNS precursor).
boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;
# Open ports: DNS (53), mc-proxy (443, 8443, 9443), exod (8080, 9090).
networking.firewall.allowedTCPPorts = [ 53 443 8443 9443 8080 9090 ];
networking.firewall.allowedUDPPorts = [ 53 ];
# Route internal Metacircular zones to rift's own CoreDNS.
networking.nameservers = [ "192.168.88.181" ];
services.resolved.domains = [ "~mcp.metacircular.net" ];
};
# Route internal Metacircular zones to rift's CoreDNS (MCNS precursor). # Route internal Metacircular zones to rift's CoreDNS (MCNS precursor).
# Uses systemd-resolved domain routing so rift handles only *.mcp.metacircular.net # Uses systemd-resolved domain routing so rift handles only *.mcp.metacircular.net
# while DHCP/Tailscale DNS handles everything else. # while DHCP/Tailscale DNS handles everything else.

20
hw/straylight/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{ inputs, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
../../configs/desktop.nix
../../configs/qemu.nix
../../configs/mcpkg.nix
];
# Route internal Metacircular zones to rift's CoreDNS (MCNS precursor).
# Uses systemd-resolved domain routing so rift handles only *.mcp.metacircular.net
# while DHCP/Tailscale DNS handles everything else.
networking.nameservers = [
"192.168.88.181"
"100.95.252.120"
];
services.resolved.domains = [
"~mcp.metacircular.net"
];
}