IPv6 renumbering
This commit is contained in:
parent
1369154dbb
commit
4fdf88ac18
|
@ -40,28 +40,28 @@ rec {
|
||||||
|
|
||||||
server3 = {
|
server3 = {
|
||||||
ip4 = "172.22.99.13";
|
ip4 = "172.22.99.13";
|
||||||
ip6 = "2a02:8106:208:5201::13";
|
ip6 = "2a00:8180:2c00:223::13";
|
||||||
publicKey = ''
|
publicKey = ''
|
||||||
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHBQq8QxGUdvQTF6QPiRYHtD73ls4zoUcOtAPLVN/7dDZk7KZLQ+c373VB5jd9FfYKB2/w8lDCHXVi1sY26e+QE=
|
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHBQq8QxGUdvQTF6QPiRYHtD73ls4zoUcOtAPLVN/7dDZk7KZLQ+c373VB5jd9FfYKB2/w8lDCHXVi1sY26e+QE=
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
server4 = {
|
server4 = {
|
||||||
ip4 = "172.22.99.14";
|
ip4 = "172.22.99.14";
|
||||||
ip6 = "2a02:8106:208:5201::14";
|
ip6 = "2a00:8180:2c00:223::14";
|
||||||
publicKey = ''
|
publicKey = ''
|
||||||
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48=
|
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48=
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
server5 = {
|
server5 = {
|
||||||
ip4 = "172.22.99.15";
|
ip4 = "172.22.99.15";
|
||||||
ip6 = "2a02:8106:208:5201::15";
|
ip6 = "2a00:8180:2c00:223::15";
|
||||||
publicKey = ''
|
publicKey = ''
|
||||||
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE=
|
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE=
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
server6 = {
|
server6 = {
|
||||||
ip4 = "172.22.99.16";
|
ip4 = "172.22.99.16";
|
||||||
ip6 = "2a02:8106:208:5201::16";
|
ip6 = "2a00:8180:2c00:223::16";
|
||||||
publicKey =
|
publicKey =
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHhcvlbZ4TjAb6eQkYB2/Z3o/PHQVyAS6iEdGX+CEbGD";
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHhcvlbZ4TjAb6eQkYB2/Z3o/PHQVyAS6iEdGX+CEbGD";
|
||||||
};
|
};
|
||||||
|
@ -69,26 +69,26 @@ rec {
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
|
||||||
yggdrasil = {
|
yggdrasil = {
|
||||||
ip4 = "172.20.72.62";
|
ip4 = "172.20.72.62";
|
||||||
ip6 = "2a02:8106:208:5281:9000::1";
|
ip6 = "2a00:8180:2c00:281:9000::1";
|
||||||
ygg = "201:4561:bb58:4dac:5f6a:7b23:44f:a5ef";
|
ygg = "201:4561:bb58:4dac:5f6a:7b23:44f:a5ef";
|
||||||
publicKey =
|
publicKey =
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDmEymILp4IACjCbtMXx6eKPuTZHKyPUfAev05Gn7hi";
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDmEymILp4IACjCbtMXx6eKPuTZHKyPUfAev05Gn7hi";
|
||||||
};
|
};
|
||||||
freifunk = {
|
freifunk = {
|
||||||
ip4 = "172.20.72.40";
|
ip4 = "172.20.72.40";
|
||||||
ip6 = "2a02:8106:208:5281:8000::1";
|
ip6 = "2a00:8180:2c00:281:8000::1";
|
||||||
publiKey =
|
publiKey =
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFbxHGfBMBjjior1FNRub56O62K++HVnqUH67BeKD7d";
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFbxHGfBMBjjior1FNRub56O62K++HVnqUH67BeKD7d";
|
||||||
};
|
};
|
||||||
matemat = {
|
matemat = {
|
||||||
ip4 = "172.22.99.133";
|
ip4 = "172.22.99.133";
|
||||||
ip6 = "2a02:8106:208:5201:f82b:1bff:fedc:8572";
|
ip6 = "2a00:8180:2c00:223:f82b:1bff:fedc:8572";
|
||||||
publicKey =
|
publicKey =
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBa07c4NnU1TGX1SMNea9e1d4nMtc0OS4gJLmTA3g/fe";
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBa07c4NnU1TGX1SMNea9e1d4nMtc0OS4gJLmTA3g/fe";
|
||||||
};
|
};
|
||||||
scrape = {
|
scrape = {
|
||||||
ip4 = "172.20.73.32";
|
ip4 = "172.20.73.32";
|
||||||
ip6 = "2a02:8106:208:5282:e073:50ff:fef5:eb6e";
|
ip6 = "2a00:8180:2c00:282:e073:50ff:fef5:eb6e";
|
||||||
publicKey =
|
publicKey =
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGxPgg6nswoij1fBzDPDu6h4+d458XL2+dBxAx9KVOh";
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGxPgg6nswoij1fBzDPDu6h4+d458XL2+dBxAx9KVOh";
|
||||||
};
|
};
|
||||||
|
@ -98,22 +98,22 @@ rec {
|
||||||
};
|
};
|
||||||
|
|
||||||
grafana = {
|
grafana = {
|
||||||
ip6 = "2a02:8106:208:5282:4042:fbff:fe4b:2de8";
|
ip6 = "2a00:8180:2c00:282:4042:fbff:fe4b:2de8";
|
||||||
};
|
};
|
||||||
|
|
||||||
hydra = {
|
hydra = {
|
||||||
ip4 = "172.20.73.49";
|
ip4 = "172.20.73.49";
|
||||||
ip6 = "2a02:8106:208:5282:e03c:d7ff:fe8e:fe16";
|
ip6 = "2a00:8180:2c00:282:e03c:d7ff:fe8e:fe16";
|
||||||
};
|
};
|
||||||
|
|
||||||
mucbot = {
|
mucbot = {
|
||||||
ip4 = "172.20.73.27";
|
ip4 = "172.20.73.27";
|
||||||
ip6 = "2a02:8106:208:5282:28db:dff:fe6b:e89a";
|
ip6 = "2a00:8180:2c00:282:28db:dff:fe6b:e89a";
|
||||||
};
|
};
|
||||||
|
|
||||||
kibana = {
|
kibana = {
|
||||||
ip4 = "172.20.73.44";
|
ip4 = "172.20.73.44";
|
||||||
ip6 = "2a02:8106:208:5282:460:7cff:fe28:76b2";
|
ip6 = "2a00:8180:2c00:282:460:7cff:fe28:76b2";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -155,7 +155,7 @@ in {
|
||||||
|
|
||||||
protocol static {
|
protocol static {
|
||||||
ipv6;
|
ipv6;
|
||||||
route 2000::/3 via 2a02:8106:208:5201::c3d2:4;
|
route 2000::/3 via 2a00:8180:2c00:281::c3d2:3;
|
||||||
route fd00::/8 unreachable;
|
route fd00::/8 unreachable;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -118,12 +118,12 @@ in {
|
||||||
matchConfig = { Name = "core"; };
|
matchConfig = { Name = "core"; };
|
||||||
addresses = map (Address: { addressConfig = { inherit Address; }; }) [
|
addresses = map (Address: { addressConfig = { inherit Address; }; }) [
|
||||||
"${coreAddress}/${toString corePrefixlen}"
|
"${coreAddress}/${toString corePrefixlen}"
|
||||||
"2a02:8106:208:5281:8000::1/64"
|
"2a00:8180:2c00:281:8000::1/64"
|
||||||
"fd23:42:c3d2:581:8000::1/64"
|
"fd23:42:c3d2:581:8000::1/64"
|
||||||
];
|
];
|
||||||
# routes = map (Gateway: { routeConfig = { inherit Gateway; }; }) [
|
# routes = map (Gateway: { routeConfig = { inherit Gateway; }; }) [
|
||||||
# # upstream1
|
# # upstream1
|
||||||
# "2a02:8106:208:5281::b:0"
|
# "2a00:8180:2c00:281::b:0"
|
||||||
# # anon1
|
# # anon1
|
||||||
# "172.20.72.7"
|
# "172.20.72.7"
|
||||||
# ];
|
# ];
|
||||||
|
|
|
@ -25,8 +25,7 @@
|
||||||
satisfy any;
|
satisfy any;
|
||||||
auth_basic secured;
|
auth_basic secured;
|
||||||
auth_basic_user_file ${pkgs.matemat-auth};
|
auth_basic_user_file ${pkgs.matemat-auth};
|
||||||
allow 2a02:8106:208:5200::/56;
|
allow 2a00:8180:2c00:200::/56;
|
||||||
allow 2a02:8106:211:e900::/56;
|
|
||||||
allow 172.22.99.0/24;
|
allow 172.22.99.0/24;
|
||||||
allow 172.20.72.0/21;
|
allow 172.20.72.0/21;
|
||||||
deny all;
|
deny all;
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
}];
|
}];
|
||||||
interfaces.eth0.ipv6.addresses = [{
|
interfaces.eth0.ipv6.addresses = [{
|
||||||
address = "2a02:8106:208:5201::34";
|
address = "2a00:8180:2c00:223::34";
|
||||||
prefixLength = 64;
|
prefixLength = 64;
|
||||||
}];
|
}];
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,7 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
defaultGateway = "172.20.72.6";
|
defaultGateway = "172.20.72.6";
|
||||||
defaultGateway6 = "2a02:8106:208:5281::b:0";
|
defaultGateway6 = "2a00:8180:2c00:281::c3d2:3";
|
||||||
# systemd-networkd breaks setting default routes. so sad.
|
# systemd-networkd breaks setting default routes. so sad.
|
||||||
useNetworkd = pkgs.lib.mkForce false;
|
useNetworkd = pkgs.lib.mkForce false;
|
||||||
nameservers = [ "172.20.73.8" ];
|
nameservers = [ "172.20.73.8" ];
|
||||||
|
@ -123,9 +123,6 @@ in {
|
||||||
|
|
||||||
protocol ospf v2 ZW4 {
|
protocol ospf v2 ZW4 {
|
||||||
area 0 {
|
area 0 {
|
||||||
networks {
|
|
||||||
172.20.72.0/21;
|
|
||||||
};
|
|
||||||
interface "core" {
|
interface "core" {
|
||||||
authentication cryptographic;
|
authentication cryptographic;
|
||||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||||
|
|
|
@ -96,9 +96,8 @@ in {
|
||||||
"::1/128"
|
"::1/128"
|
||||||
"fd23:42:c3d2:500::/56"
|
"fd23:42:c3d2:500::/56"
|
||||||
"172.22.99.0/24"
|
"172.22.99.0/24"
|
||||||
"2a02:8106:208:5200::/56"
|
|
||||||
"172.20.72.0/21"
|
"172.20.72.0/21"
|
||||||
"2a02:8106:211:e900::/56"
|
"2a00:8180:2c00:200::/56"
|
||||||
];
|
];
|
||||||
zeroconf.publish.enable = true;
|
zeroconf.publish.enable = true;
|
||||||
package = pkgs.pulseaudioFull;
|
package = pkgs.pulseaudioFull;
|
||||||
|
|
|
@ -37,7 +37,7 @@ in {
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
}];
|
}];
|
||||||
ipv6.addresses = [{
|
ipv6.addresses = [{
|
||||||
address = "2a02:8106:208:5201::20";
|
address = "2a00:8180:2c00:223::20";
|
||||||
prefixLength = 64;
|
prefixLength = 64;
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
|
18
hq.nixops
18
hq.nixops
|
@ -8,7 +8,7 @@
|
||||||
hosts/containers/dhcp/configuration.nix
|
hosts/containers/dhcp/configuration.nix
|
||||||
];
|
];
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "2a02:8106:208:5201:3801:15ff:fe95:8988";
|
targetHost = "2a00:8180:2c00:223:3801:15ff:fe95:8988";
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -20,7 +20,7 @@
|
||||||
hosts/containers/mucbot/configuration.nix
|
hosts/containers/mucbot/configuration.nix
|
||||||
];
|
];
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "2a02:8106:208:5282:28db:dff:fe6b:e89a";
|
targetHost = "2a00:8180:2c00:282:28db:dff:fe6b:e89a";
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -43,7 +43,7 @@
|
||||||
hosts/containers/elastic/configuration.nix
|
hosts/containers/elastic/configuration.nix
|
||||||
];
|
];
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "2a02:8106:208:5282:e0d5:d8ff:fe54:586c";
|
targetHost = "2a00:8180:2c00:282:e0d5:d8ff:fe54:586c";
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -54,7 +54,7 @@
|
||||||
hosts/containers/logging/configuration.nix
|
hosts/containers/logging/configuration.nix
|
||||||
];
|
];
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "2a02:8106:208:5282:6811:edff:fe40:89c6";
|
targetHost = "2a00:8180:2c00:282:6811:edff:fe40:89c6";
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -65,7 +65,7 @@
|
||||||
hosts/storage-ng/configuration.nix
|
hosts/storage-ng/configuration.nix
|
||||||
];
|
];
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "2a02:8106:208:5201::20";
|
targetHost = "2a00:8180:2c00:223::20";
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -76,7 +76,7 @@
|
||||||
hosts/containers/mongo/configuration.nix
|
hosts/containers/mongo/configuration.nix
|
||||||
];
|
];
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "2a02:8106:208:5282:5038:2aff:feba:7d3b";
|
targetHost = "2a00:8180:2c00:282:5038:2aff:feba:7d3b";
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -87,7 +87,7 @@
|
||||||
hosts/containers/registry/configuration.nix
|
hosts/containers/registry/configuration.nix
|
||||||
];
|
];
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "2a02:8106:208:5201::34";
|
targetHost = "2a00:8180:2c00:223::34";
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -98,7 +98,7 @@
|
||||||
hosts/containers/prometheus/configuration.nix
|
hosts/containers/prometheus/configuration.nix
|
||||||
];
|
];
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "2a02:8106:208:5282:8c46:d6ff:fe43:6afd";
|
targetHost = "2a00:8180:2c00:282:8c46:d6ff:fe43:6afd";
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -110,7 +110,7 @@
|
||||||
hosts/containers/spaceapi/configuration.nix
|
hosts/containers/spaceapi/configuration.nix
|
||||||
];
|
];
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "2a02:8106:208:5282:1457:adff:fe93:62e9";
|
targetHost = "2a00:8180:2c00:282:1457:adff:fe93:62e9";
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue