server7: move yggdrasil out of container

2019-11-29 23:33:30 +01:00 · 2019-11-29 23:33:30 +01:00 · 73d769952d
parent cec0945c8e
commit 73d769952d
2 changed files with 24 additions and 40 deletions
--- a/hosts/server7/configuration.nix
+++ b/hosts/server7/configuration.nix
@ -1,16 +1,34 @@
 { config, pkgs, lib, ... }:

-{
+let yggaddr = import ./yggaddr.nix;
+in {
  imports = [
    <nixpkgs/nixos/modules/profiles/minimal.nix>
    ../../lib/hq.nix
+    ../../lib/default-gateway.nix
    ../../lib/emery.nix
+    ../../lib/yggdrasil.nix
    ./containers
    ./hardware-configuration.nix
    ./hydra.nix
    ./nix-serve.nix
  ];

+  # Route IPv6
+  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
+  # Obtain global IPv6 despite being a router myself
+  boot.kernel.sysctl."net.ipv6.conf.eth0.accept_ra" = 2;
+
+  services.yggdrasil = {
+    configFile = "/var/lib/yggdrasil/keys";
+    config.Peers = [
+      "tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
+      "tcp://ygg.thingylabs.io:443" # Nürnberg
+      "tcp://176.223.130.120:22632" # Wrocław
+      "tcp://[2a05:9403::8b]:7743" # Praha
+    ];
+  };
+
  security.sudo.wheelNeedsPassword = false;
  services.openssh = {
    enable = true;
@ -45,15 +63,15 @@
          address = "172.22.99.245";
          prefixLength = 24;
        }];
+        ipv6.addresses = [{
+          address = yggaddr.prefix + ":1";
+          prefixLength = 64;
+        }];
      };
      enp2s0f1.useDHCP = false;
    };
  };
-  hq.yggdrasil = {
-    enable = true;
-    interface = "br0";
-  };
-  
+
  environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal nixfmt ];

  services.collectd = {
--- a/hosts/server7/containers/yggdrasil/default.nix
+++ b/hosts/server7/containers/yggdrasil/default.nix
@ -1,34 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  imports = [
-    <nixpkgs/nixos/modules/profiles/minimal.nix>
-    ../../../../lib/hq.nix
-    ../../../../lib/yggdrasil.nix
-  ];
-
-  networking.firewall.enable = false;
-
-  networking.interfaces.eth0 = {
-    useDHCP = true;
-    ipv6.addresses = [
-      { address = "310:5217:69c0:9afc::1"; prefixLength = 64; }
-    ];
-  };
-  # Route IPv6
-  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
-  # Obtain global IPv6 despite being a router myself
-  boot.kernel.sysctl."net.ipv6.conf.eth0.accept_ra" = 2;
-
-  services.yggdrasil = {
-    openMulticastPort = true;
-    configFile = "/var/lib/yggdrasil/keys";
-    config.Peers = [
-      "tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
-      "tcp://ygg.thingylabs.io:443" # Nürnberg
-      "tcp://176.223.130.120:22632" # Wrocław
-      "tcp://[2a05:9403::8b]:7743" # Praha
-    ];
-  };
-
-}