c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Add yggdrasil configurations

This commit is contained in:
Ehmry - 2021-03-03 16:20:17 +01:00
parent 6ff81bef39
commit d2262715da
4 changed files with 110 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
flake.lock
View File

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1613453906, "lastModified": 1614460257,
"narHash": "sha256-w6oeQ3OTCKxRAG9KtjK+ErxpvUhNr48binO99JVQP9Q=", "narHash": "sha256-hFR865O5gIuFNiwFyx/K2g8AeLvGy/f3/SHalF85zuM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "115770eed0c0fa50c1277cd0f7fe0f15501dbc43", "rev": "c9b965a43e582765f797f8b75d50cb2874b30f30",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -16,11 +16,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1613993207, "lastModified": 1614778866,
"narHash": "sha256-a8Cjsz1QkVGb9TUNynphGhM1TbUc//T86gnnB5Ggjwg=", "narHash": "sha256-+l8uyXAxYgR3ZMUpBFs4ZVDcbLsw/TSgAwk9iNYiWNY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6198890f0d451f7d02e8c9bd28ab5e66ad2523d3", "rev": "c14bb3039f25d463cd24a47d88b4a86b33561788",
"type": "github" "type": "github"
}, },
"original": { "original": {

14
flake.nix
View File

@ -8,8 +8,7 @@
outputs = { self, nixpkgs, secrets, nixos-hardware }: outputs = { self, nixpkgs, secrets, nixos-hardware }:
let let
forAllSystems = forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
hostRegistry = import ./host-registry.nix; hostRegistry = import ./host-registry.nix;
in { in {
@ -54,6 +53,8 @@
pulsebert-nixos-rebuild = mkDeploy "pulsebert" "pulsebert.hq.c3d2.de"; pulsebert-nixos-rebuild = mkDeploy "pulsebert" "pulsebert.hq.c3d2.de";
pulsebert-wake = mkWake "pulsebert"; pulsebert-wake = mkWake "pulsebert";
yggdrasil-nixos-rebuild = mkDeploy "yggdrasil" "172.20.72.62";
}); });
nixosConfigurations = let nixosConfigurations = let
@ -104,6 +105,15 @@
system = "aarch64-linux"; system = "aarch64-linux";
}; };
yggdrasil = nixosSystem' {
modules = [
./hosts/containers/yggdrasil
./lib/lxc-container.nix
./lib/users/emery.nix
];
system = "x86_64-linux";
};
}; };
nixosModules.c3d2 = import ./lib; nixosModules.c3d2 = import ./lib;

18
host-registry.nix
View File

@ -46,29 +46,33 @@ rec {
''; '';
}; };
server4 = { server4 = {
ip4 = "172.22.99.15"; ip4 = "172.22.99.14";
ip6 = "2a02:8106:208:5201::15"; ip6 = "2a02:8106:208:5201::14";
publicKey = '' publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48=
''; '';
}; };
server5 = { server5 = {
ip4 = "172.22.99.16"; ip4 = "172.22.99.15";
ip6 = "2a02:8106:208:5201::16"; ip6 = "2a02:8106:208:5201::15";
publicKey = '' publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE=
''; '';
}; };
server6 = { server6 = {
ip4 = "172.22.99.17"; ip4 = "172.22.99.16";
ip6 = "2a02:8106:208:5201::17"; ip6 = "2a02:8106:208:5201::16";
publicKey = '' publicKey = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
''; '';
}; };
storage.publicKey = storage.publicKey =
"storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX"; "storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
yggdrasil = {
ip4 = "172.20.72.62";
ip6 = "2a02:8106:208:5281:9000::1";
ygg = "201:4561:bb58:4dac:5f6a:7b23:44f:a5ef";
};
}; };
hqGlobal = builtins.attrNames hosts; hqGlobal = builtins.attrNames hosts;

81
hosts/containers/yggdrasil/default.nix Normal file
View File

@ -0,0 +1,81 @@
{ hostRegistry, ... }:
let
yggAddress = "201:4561:bb58:4dac:5f6a:7b23:44f:a5ef";
yggPrefix = "301:4561:bb58:4dac"; # 301:4561:bb58:4dac::/64
# taken from the output of "yggdrasilctl getself".
in {
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
# Forward traffic under the prefix.
boot.postBootCommands = ''
if [ ! -c /dev/net/tun ]; then
mkdir -p /dev/net
mknod -m 666 /dev/net/tun c 10 200
fi
'';
c3d2 = { isInHq = true; };
networking = let host = hostRegistry.hosts.yggdrasil;
in {
hostName = "yggdrasil";
defaultGateway = "172.20.72.6";
defaultGateway6 = "2a02:8106:208:5281::b:0";
nameservers = [ "172.20.73.8" ];
interfaces.eth0 = {
ipv4 = {
addresses = [{
address = host.ip4;
prefixLength = 26;
}];
};
ipv6 = {
addresses = [
{
address = host.ip6;
prefixLength = 64;
}
{
address = yggPrefix + "::1";
prefixLength = 64;
}
];
};
};
};
services.yggdrasil = {
enable = true;
persistentKeys = true;
config = {
Peers = [
# deutschland
"tcp://45.11.19.26:5001"
# czechia
"tcp://[2a03:3b40:fe:ab::1]:46370"
"tcp://[2a05:9403::8b]:7743"
# polen
"tcp://[2001:41d0:601:1100::cf2]:37145"
];
NodeInfo = {
# This information is visible to the network.
name = "y.c3d2.de";
location = "Dresden";
email = "ehmry@c3d2.de";
};
};
};
services.nginx = {
enable = true;
virtualHosts."y.c3d2.de" = {
default = true;
locations."/".proxyPass = "https://c3d2.de";
};
};
}