Add yggdrasil configurations

2021-03-03 16:20:17 +01:00 · 2021-03-03 16:20:17 +01:00 · d2262715da
parent 6ff81bef39
commit d2262715da
4 changed files with 110 additions and 15 deletions
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1613453906,
-        "narHash": "sha256-w6oeQ3OTCKxRAG9KtjK+ErxpvUhNr48binO99JVQP9Q=",
+        "lastModified": 1614460257,
+        "narHash": "sha256-hFR865O5gIuFNiwFyx/K2g8AeLvGy/f3/SHalF85zuM=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "115770eed0c0fa50c1277cd0f7fe0f15501dbc43",
+        "rev": "c9b965a43e582765f797f8b75d50cb2874b30f30",
        "type": "github"
      },
      "original": {
@ -16,11 +16,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1613993207,
-        "narHash": "sha256-a8Cjsz1QkVGb9TUNynphGhM1TbUc//T86gnnB5Ggjwg=",
+        "lastModified": 1614778866,
+        "narHash": "sha256-+l8uyXAxYgR3ZMUpBFs4ZVDcbLsw/TSgAwk9iNYiWNY=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "6198890f0d451f7d02e8c9bd28ab5e66ad2523d3",
+        "rev": "c14bb3039f25d463cd24a47d88b4a86b33561788",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -8,8 +8,7 @@

  outputs = { self, nixpkgs, secrets, nixos-hardware }:
    let
-      forAllSystems =
-        nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
+      forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];

      hostRegistry = import ./host-registry.nix;
    in {
@ -54,6 +53,8 @@

          pulsebert-nixos-rebuild = mkDeploy "pulsebert" "pulsebert.hq.c3d2.de";
          pulsebert-wake = mkWake "pulsebert";
+
+          yggdrasil-nixos-rebuild = mkDeploy "yggdrasil" "172.20.72.62";
        });

      nixosConfigurations = let
@ -104,6 +105,15 @@
          system = "aarch64-linux";
        };

+        yggdrasil = nixosSystem' {
+          modules = [
+            ./hosts/containers/yggdrasil
+            ./lib/lxc-container.nix
+            ./lib/users/emery.nix
+          ];
+          system = "x86_64-linux";
+        };
+
      };

      nixosModules.c3d2 = import ./lib;
--- a/host-registry.nix
+++ b/host-registry.nix
@ -46,29 +46,33 @@ rec {
      '';
    };
    server4 = {
-      ip4 = "172.22.99.15";
-      ip6 = "2a02:8106:208:5201::15";
+      ip4 = "172.22.99.14";
+      ip6 = "2a02:8106:208:5201::14";
      publicKey = ''
        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48=
      '';
    };
    server5 = {
-      ip4 = "172.22.99.16";
-      ip6 = "2a02:8106:208:5201::16";
+      ip4 = "172.22.99.15";
+      ip6 = "2a02:8106:208:5201::15";
      publicKey = ''
        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE=
      '';
    };
    server6 = {
-      ip4 = "172.22.99.17";
-      ip6 = "2a02:8106:208:5201::17";
+      ip4 = "172.22.99.16";
+      ip6 = "2a02:8106:208:5201::16";
      publicKey = ''
        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
      '';
    };
    storage.publicKey =
      "storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
-
+    yggdrasil = {
+      ip4 = "172.20.72.62";
+      ip6 = "2a02:8106:208:5281:9000::1";
+      ygg = "201:4561:bb58:4dac:5f6a:7b23:44f:a5ef";
+    };
  };

  hqGlobal = builtins.attrNames hosts;
--- a/hosts/containers/yggdrasil/default.nix
+++ b/hosts/containers/yggdrasil/default.nix
@ -0,0 +1,81 @@
+{ hostRegistry, ... }:
+
+let
+  yggAddress = "201:4561:bb58:4dac:5f6a:7b23:44f:a5ef";
+  yggPrefix = "301:4561:bb58:4dac"; # 301:4561:bb58:4dac::/64
+  # taken from the output of "yggdrasilctl getself".
+in {
+
+  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
+  # Forward traffic under the prefix.
+
+  boot.postBootCommands = ''
+    if [ ! -c /dev/net/tun ]; then
+      mkdir -p /dev/net
+      mknod -m 666 /dev/net/tun c 10 200
+    fi
+  '';
+
+  c3d2 = { isInHq = true; };
+
+  networking = let host = hostRegistry.hosts.yggdrasil;
+  in {
+    hostName = "yggdrasil";
+    defaultGateway = "172.20.72.6";
+    defaultGateway6 = "2a02:8106:208:5281::b:0";
+    nameservers = [ "172.20.73.8" ];
+    interfaces.eth0 = {
+      ipv4 = {
+        addresses = [{
+          address = host.ip4;
+          prefixLength = 26;
+        }];
+      };
+      ipv6 = {
+        addresses = [
+          {
+            address = host.ip6;
+            prefixLength = 64;
+          }
+          {
+            address = yggPrefix + "::1";
+            prefixLength = 64;
+          }
+        ];
+      };
+    };
+  };
+
+  services.yggdrasil = {
+    enable = true;
+    persistentKeys = true;
+    config = {
+      Peers = [
+        # deutschland
+        "tcp://45.11.19.26:5001"
+
+        # czechia
+        "tcp://[2a03:3b40:fe:ab::1]:46370"
+        "tcp://[2a05:9403::8b]:7743"
+
+        # polen
+        "tcp://[2001:41d0:601:1100::cf2]:37145"
+      ];
+      NodeInfo = {
+        # This information is visible to the network.
+        name = "y.c3d2.de";
+        location = "Dresden";
+        email = "ehmry@c3d2.de";
+      };
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."y.c3d2.de" = {
+      default = true;
+      locations."/".proxyPass = "https://c3d2.de";
+    };
+  };
+
+}