use prefixLength settings from zentralwerk (enlarging serv)

flake.lock

@@ -89,11 +89,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1631810187,
-        "narHash": "sha256-GHEpi5KiRo8fT9Oma5AFWAZVbP/C/ZnENnsdK++dNEU=",
+        "lastModified": 1637013565,
+        "narHash": "sha256-moN0tzKsEmPnTk3JMqODi98DwaVfCReRMERYyeCRba4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a8c43f8eb7ad74d8fa784d12a789195fdd8120f6",
+        "rev": "4890bee027a805e2265e68f98abd1035b9449609",
         "type": "github"
       },
       "original": {
@@ -182,11 +182,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1631792076,
-        "narHash": "sha256-dBRsZ3JB6i53nzC30SsltdwrzjIr8e0zU/y8HitKpT8=",
+        "lastModified": 1636997306,
+        "narHash": "sha256-lzZka8I/y/CRKeXkfyafFx6/dh5LnIBUIM7VfPHy1I4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4d7170376374e74c7aa52938004e354de1947373",
+        "rev": "0a8bc59854397f48461bf043c5f61d90e170755d",
         "type": "github"
       },
       "original": {
@@ -199,11 +199,11 @@
     "openwrt": {
       "flake": false,
       "locked": {
-        "lastModified": 1635777325,
-        "narHash": "sha256-NigEYi+patV+QHfC/KKvgyKypfzw51RsC2MaPmbJXtc=",
+        "lastModified": 1636309300,
+        "narHash": "sha256-upY6H8I58zslHqEWKAueJjFnx3exkUVODY8aNyd9/VM=",
         "ref": "openwrt-21.02",
-        "rev": "b4c40a7efc59caada8190d545d077521c747b7cc",
-        "revCount": 50790,
+        "rev": "4b0f87729c2e3c0571663e6f882fe726fef99f74",
+        "revCount": 50796,
         "type": "git",
         "url": "https://git.openwrt.org/openwrt/openwrt.git"
       },
@@ -373,15 +373,14 @@
       "inputs": {
         "nixpkgs": "nixpkgs_5",
         "nixpkgs-master": "nixpkgs-master",
-        "openwrt": "openwrt",
-        "zentralwerk-network-key": "zentralwerk-network-key"
+        "openwrt": "openwrt"
       },
       "locked": {
-        "lastModified": 1636251699,
-        "narHash": "sha256-KUglGnWyRMSJww/KvRojdqad1TqSU59mOf6FpukOD/g=",
+        "lastModified": 1637365461,
+        "narHash": "sha256-2R8FsTLTEhE0OHvEqlbfH3Eq7Hgpl1cMKtCv3JcFHH8=",
         "ref": "master",
-        "rev": "733f04258dd709ce4a704a1511e35b6ec16315f6",
-        "revCount": 1233,
+        "rev": "9900b9af5e80da0b2b85a866662f8f210b325b1a",
+        "revCount": 1291,
         "type": "git",
         "url": "https://gitea.c3d2.de/zentralwerk/network.git"
       },
@@ -389,23 +388,6 @@
         "type": "git",
         "url": "https://gitea.c3d2.de/zentralwerk/network.git"
       }
-    },
-    "zentralwerk-network-key": {
-      "locked": {
-        "dir": "nix/key",
-        "lastModified": 1631808463,
-        "narHash": "sha256-5xMZkqqQbpXECnKEK2THT7u4+/vL7SPp3Jvoicm1Moc=",
-        "ref": "master",
-        "rev": "e4a5aee0e44ca058d2f12d6c6f34db6d484187fc",
-        "revCount": 1172,
-        "type": "git",
-        "url": "https://gitea.c3d2.de/zentralwerk/network.git?dir=nix%2fkey"
-      },
-      "original": {
-        "dir": "nix/key",
-        "type": "git",
-        "url": "https://gitea.c3d2.de/zentralwerk/network.git?dir=nix%2fkey"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -188,7 +188,7 @@
           { nixpkgs ? inputs.nixpkgs, extraArgs ? {}, ... }@args:
           nixpkgs.lib.nixosSystem (nixpkgs.lib.filterAttrs (n: _: n != "nixpkgs") args // {
             extraArgs = extraArgs // {
-              inherit hostRegistry inputs;
+              inherit hostRegistry inputs zentralwerk;
             };
             extraModules = [
               self.nixosModules.c3d2
@@ -229,7 +229,6 @@
             sops-nix.nixosModules.sops
           ];
           extraArgs = {
-            inherit zentralwerk;
             secretsFile = "${secrets}/hosts/glotzbert/secrets.yaml";
           };
           system = "x86_64-linux";

hosts/containers/bind/default.nix

@@ -1,4 +1,4 @@
-{ hostRegistry, config, pkgs, ... }:
+{ zentralwerk, hostRegistry, config, pkgs, ... }:
 let
   systemctl = "${pkgs.systemd}/bin/systemctl";
   deployCommand = "${systemctl} start deploy-c3d2-dns";
@@ -15,7 +15,7 @@ in
   networking.useNetworkd = true;
   networking.interfaces.eth0.ipv4.addresses = [{
     address = hostRegistry.hosts."${config.networking.hostName}".ip4;
-    prefixLength = 26;
+    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
   }];
   networking.defaultGateway = "172.20.73.1";
 

hosts/containers/c3d2-web/default.nix

@@ -1,4 +1,4 @@
-{ hostRegistry, nixpkgs, config, pkgs, ... }:
+{ zentralwerk, hostRegistry, nixpkgs, config, pkgs, ... }:
 let
   webroot = "/var/www";
   deployCommand = "${pkgs.systemd}/bin/systemctl start deploy-c3d2-web.service";
@@ -10,7 +10,7 @@ in
   networking.useNetworkd = true;
   networking.interfaces.eth0.ipv4.addresses = [{
     address = hostRegistry.hosts."${config.networking.hostName}".ip4;
-    prefixLength = 26;
+    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
   }];
   networking.defaultGateway = "172.20.73.1";
   networking.firewall.allowedTCPPorts = [ 80 443 ];

hosts/containers/deployer/configuration.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ zentralwerk, config, pkgs, lib, ... }:
 
 {
   imports = [
@@ -21,7 +21,7 @@
 
   networking.interfaces.eth0.ipv4.addresses = [{
     address = "172.20.73.16";
-    prefixLength = 26;
+    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
   }];
   networking.defaultGateway = "172.20.73.1";
 

hosts/containers/freifunk/default.nix

@@ -1,8 +1,8 @@
-{ config, pkgs, lib, modulesPath, hostRegistry, ... }:
+{ config, pkgs, lib, modulesPath, hostRegistry, zentralwerk, ... }:
 
 let
-  coreAddress = hostRegistry.hosts.freifunk.ip4;
-  corePrefixlen = 25;
+  inherit (zentralwerk.lib.config.site.net) core;
+  coreAddress = core.hosts4.${config.networking.hostName};
   meshInterface = "bmx";
   meshLoopback = "bmx_prime";
   ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php";
@@ -117,7 +117,7 @@ in {
         enable = true;
         matchConfig = { Name = "core"; };
         addresses = map (Address: { addressConfig = { inherit Address; }; }) [
-          "${coreAddress}/${toString corePrefixlen}"
+          "${coreAddress}/${toString core.subnet4Len}"
           "2a00:8180:2c00:281:8000::1/64"
           "fd23:42:c3d2:581:8000::1/64"
         ];

hosts/containers/gitea/modules/networking.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ zentralwerk, hostRegistry, config, pkgs, ... }:
 
 {
   networking = {
@@ -6,7 +6,10 @@
     useDHCP = false;
     interfaces.eth0 = {
       useDHCP = false;
-      ipv4.addresses = [{ address = "172.20.73.53"; prefixLength = 26; }];
+      ipv4.addresses = [ {
+        address = hostRegistry.hosts."${config.networking.hostName}".ip4;
+        prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
+      } ];
     };
     defaultGateway = "172.20.73.1";
     nameservers = [ "172.20.73.8" "9.9.9.9" ];

hosts/containers/grafana/default.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, modulesPath, ... }:
+{ zentralwerk, config, pkgs, lib, modulesPath, ... }:
 
 let
   restartServices = [ "grafana" "influxdb" ];
@@ -13,7 +13,7 @@ in {
   networking.useNetworkd = true;
   networking.interfaces.eth0.ipv4.addresses = [{
     address = "172.20.73.43";
-    prefixLength = 26;
+    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
   }];
   networking.defaultGateway = "172.20.73.1";
 

hosts/containers/hydra/default.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ zentralwerk, config, pkgs, lib, ... }:
 
 {
   imports = [ ./hydra.nix ./cache.nix ];
@@ -52,7 +52,7 @@
     defaultGateway = "172.20.73.1";
     interfaces.eth0.ipv4.addresses = [{
       address = "172.20.73.49";
-      prefixLength = 26;
+      prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
     }];
   };
 

hosts/containers/jabber/default.nix

@@ -1,4 +1,4 @@
-{ hostRegistry, config, pkgs, lib, ... }:
+{ zentralwerk, hostRegistry, config, pkgs, lib, ... }:
 
 let
   domain = "jabber.c3d2.de";
@@ -23,7 +23,7 @@ in
     useNetworkd = true;
     interfaces.eth0.ipv4.addresses = [{
       address = hostRegistry.hosts."${config.networking.hostName}".ip4;
-      prefixLength = 26;
+      prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
     }];
     defaultGateway = "172.20.73.1";
     firewall.allowedTCPPorts = [

hosts/containers/keycloak/default.nix

@@ -1,4 +1,4 @@
-{ hostRegistry, config, pkgs, ... }:
+{ zentralwerk, hostRegistry, config, pkgs, ... }:
 let
   frontendDomain = "keycloak.c3d2.de";
 in
@@ -11,7 +11,7 @@ in
       useDHCP = false;
       ipv4.addresses = [{
         address = hostRegistry.hosts."${config.networking.hostName}".ip4;
-        prefixLength = 26;
+        prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
         }
       ];
     };

hosts/containers/kibana/default.nix

@@ -1,10 +1,10 @@
-{ config, pkgs, lib, modulesPath, ... }:
+{ zentralwerk, config, pkgs, lib, ... }:
 
 {
   networking.hostName = "kibana";
   networking.interfaces.eth0.ipv4.addresses = [{
     address = "172.20.73.44";
-    prefixLength = 26;
+    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
   }];
   networking.defaultGateway = "172.20.73.1";
   networking.firewall.allowedTCPPorts = [ 80 443 ];

hosts/containers/logging/default.nix

@@ -1,4 +1,4 @@
-{ hostRegistry, config, pkgs, lib, ... }:
+{ zentralwerk, hostRegistry, config, pkgs, lib, ... }:
 
 let
   graylogPort = 9000;
@@ -8,7 +8,7 @@ in
     hostName = "logging";
     interfaces.eth0.ipv4.addresses = [{
       address = hostRegistry.hosts.logging.ip4;
-      prefixLength = 26;
+      prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
     }];
     defaultGateway = "172.20.73.1";
     firewall = {

hosts/containers/mail/default.nix

@@ -1,9 +1,10 @@
+{ zentralwerk, ... }:
 {
   networking.hostName = "mail";
   networking.useNetworkd = true;
   networking.interfaces.eth0.ipv4.addresses = [{
     address = "172.20.73.58";
-    prefixLength = 26;
+    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
   }];
   networking.defaultGateway = "172.20.73.1";
 }

hosts/containers/matemat/default.nix

@@ -1,4 +1,4 @@
-{ hostRegistry, lib, pkgs, ... }:
+{ zentralwerk, hostRegistry, lib, pkgs, ... }:
 {
   c3d2 = {
     isInHq = true;
@@ -9,7 +9,7 @@
   networking.interfaces.eth0 = {
     ipv4.addresses = [{
       address = hostRegistry.hosts.matemat.ip4;
-      prefixLength = 26;
+      prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
     }];
   };
   networking.defaultGateway = "172.20.73.1";

hosts/containers/mobilizon/default.nix

@@ -1,11 +1,11 @@
-{ hostRegistry, config, ... }:
+{ zentralwerk, hostRegistry, config, ... }:
 {
   c3d2.isInHq = false;
   networking = {
     hostName = "mobilizon";
     interfaces.eth0.ipv4.addresses = [{
       address = hostRegistry.hosts."${config.networking.hostName}".ip4;
-      prefixLength = 26;
+      prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
     }];
     defaultGateway = "172.20.73.1";
     firewall.allowedTCPPorts = [ 80 443 ];

hosts/containers/mucbot/default.nix

@@ -1,10 +1,10 @@
-{ config, pkgs, lib, tigger, ... }:
+{ zentralwerk, config, pkgs, lib, tigger, ... }:
 
 {
   networking.hostName = "mucbot";
   networking.interfaces.eth0.ipv4.addresses = [{
     address = "172.20.73.27";
-    prefixLength = 26;
+    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
   }];
   networking.defaultGateway = "172.20.73.1";
   networking.nameservers =

hosts/containers/public-access-proxy/default.nix

@@ -1,4 +1,4 @@
-{ hostRegistry, nixosConfigurations, config, pkgs, lib, ... }:
+{ zentralwerk, hostRegistry, nixosConfigurations, config, pkgs, lib, ... }:
 
 {
   imports = [
@@ -11,7 +11,7 @@
   networking.interfaces.eth0 = {
     ipv4.addresses = [{
       address = "172.20.73.45";
-      prefixLength = 26;
+      prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
     }];
   };
   networking.defaultGateway = "172.20.73.1";

hosts/containers/scrape/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, scrapers, ... }:
+{ zentralwerk, pkgs, config, scrapers, ... }:
 
 let
   freifunkNodes = {
@@ -15,7 +15,7 @@ in {
   networking.hostName = "scrape";
   networking.interfaces.eth0.ipv4.addresses = [{
     address = "172.20.73.32";
-    prefixLength = 26;
+    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
   }];
   networking.defaultGateway = "172.20.73.1";
   # Required for deployment

hosts/containers/sdrweb/default.nix

@@ -1,4 +1,4 @@
-{ hostRegistry, config, pkgs, ... }:
+{ zentralwerk, hostRegistry, config, pkgs, ... }:
 {
   c3d2 = {
     isInHq = false;
@@ -9,7 +9,7 @@
   networking.useNetworkd = true;
   networking.interfaces.eth0.ipv4.addresses = [{
     address = hostRegistry.hosts."${config.networking.hostName}".ip4;
-    prefixLength = 26;
+    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
   }];
   networking.defaultGateway = "172.20.73.1";
 

hosts/containers/spaceapi/default.nix

@@ -1,8 +1,9 @@
+{ zentralwerk, ... }:
 {
   networking.hostName = "spaceapi";
   networking.interfaces.eth0.ipv4.addresses = [{
     address = "172.20.73.25";
-    prefixLength = 26;
+    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
   }];
   networking.defaultGateway = "172.20.73.1";
   networking.firewall.enable = false;

hosts/containers/stream/default.nix

@@ -1,4 +1,4 @@
-{ hostRegistry, pkgs, ... }:
+{ hostRegistry, zentralwerk, pkgs, ... }:
 let
   authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
 in
@@ -12,7 +12,7 @@ in
       matchConfig.MACAddress = "C6:40:E0:21:9B:A4";
       networkConfig.IPv6AcceptRA = false;
       addresses = [ {
-        addressConfig.Address = "${hostRegistry.hosts.stream.ip4}/26";
+        addressConfig.Address = "${hostRegistry.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";
       } ];
       routes = [ {
         routeConfig = {

hosts/containers/ticker/default.nix

@@ -1,10 +1,10 @@
-{ config, lib, pkgs, ... }:
+{ zentralwerk, config, lib, pkgs, ... }:
 
 with lib;
 
 { boot.isContainer = true;
   boot.loader.initScript.enable = true;
-  networking.interfaces.eth0.ipv4.addresses = [{ address = "172.20.73.52"; prefixLength = 26; }];
+  networking.interfaces.eth0.ipv4.addresses = [{ address = "172.20.73.52"; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }];
   networking.interfaces.eth0.useDHCP = false;
   networking.defaultGateway = "172.20.73.1";
   networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];

hosts/containers/yggdrasil/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, config, hostRegistry, ... }:
+{ pkgs, lib, config, hostRegistry, zentralwerk, ... }:
 
 let
   host = hostRegistry.hosts.yggdrasil;
@@ -20,7 +20,9 @@ in {
 
   c3d2 = { isInHq = true; };
 
-  networking = {
+  networking = let
+    inherit (zentralwerk.lib.config.site.net) core;
+  in {
     hostName = "yggdrasil";
     firewall.enable = false;
     nat = {
@@ -30,8 +32,8 @@ in {
         ip6tables -t nat -A POSTROUTING ! --src 200::/7 -o ygg -j MASQUERADE
       '';
     };
-    defaultGateway = "172.20.72.6";
-    defaultGateway6 = "2a00:8180:2c00:281::c3d2:3";
+    defaultGateway = core.hosts4.upstream4;
+    defaultGateway6 = core.hosts6.up4.upstream4;
     # systemd-networkd breaks setting default routes. so sad.
     useNetworkd = pkgs.lib.mkForce false;
     nameservers = [ "172.20.73.8" ];
@@ -40,7 +42,7 @@ in {
       ipv4 = {
         addresses = [{
           address = host.ip4;
-          prefixLength = 25;
+          prefixLength = core.subnet4Len;
         }];
       };
       ipv6 = {

hosts/radiobert/base.nix

@@ -1,4 +1,4 @@
-{ hostRegistry, config, lib, pkgs, ... }:
+{ zentralwerk, hostRegistry, config, lib, pkgs, ... }:
 
 {
   boot.initrd.availableKernelModules = [ "usbhid" ];
@@ -79,7 +79,7 @@
     useDHCP = false;
     interfaces.eth0.ipv4.addresses = [{
       address = hostRegistry.hosts."${config.networking.hostName}".ip4;
-      prefixLength = 26;
+      prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
     }];
     defaultGateway = "172.20.73.1";
     firewall.enable = false;