lib/yggdrasil-hq: init

2019-11-29 21:29:50 +01:00 · 2019-11-29 21:29:50 +01:00 · e0c0fe1902
parent 44b080063b
commit e0c0fe1902
4 changed files with 47 additions and 14 deletions
--- a/hosts/server7/configuration.nix
+++ b/hosts/server7/configuration.nix
@ -4,7 +4,6 @@
  imports = [
    <nixpkgs/nixos/modules/profiles/minimal.nix>
    ../../lib/hq.nix
-    ../../lib/yggdrasil.nix
    ../../lib/emery.nix
    ./containers
    ./hardware-configuration.nix
@ -20,17 +19,6 @@
    # DO NOT CHANGE, KINDERGARTEN IS OVER
  };

-  services.yggdrasil = {
-    openMulticastPort = true;
-    configFile = "/var/lib/yggdrasil/keys";
-    config.Peers = [
-      "tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
-      "tcp://ygg.thingylabs.io:443" # Nürnberg
-      "tcp://176.223.130.120:22632" # Wrocław
-      "tcp://[2a05:9403::8b]:7743" # Praha
-    ];
-  };
-
  programs.mosh.enable = true;

  nix = {
--- a/hosts/server7/containers/adc/default.nix
+++ b/hosts/server7/containers/adc/default.nix
@ -1,6 +1,10 @@
 { config, pkgs, lib, ... }:

 {
+  imports = [
+    ../../../../lib/yggdrasil-hq.nix
+  ];
+
  services.uhub = {
    enable = true;
    enableTLS = false;
@ -16,4 +20,6 @@
  };

  networking.firewall.allowedTCPPorts = [ config.services.uhub.port ];
+
+  hq.yggdrasil.enable = true;
 }
--- a/hosts/server7/containers/yggrasil/default.nix
+++ b/hosts/server7/containers/yggrasil/default.nix
@ -3,11 +3,17 @@
 {
  imports = [
    <nixpkgs/nixos/modules/profiles/minimal.nix>
-    ../../lib/hq.nix
-    ../../lib/yggdrasil.nix
+    ../../../../lib/hq.nix
+    ../../../../lib/yggdrasil.nix
    ./yggdrasil-prefix.nix
  ];

+  networking.interfaces.eth0 = {
+    ipv6.addresses = [
+      { address = "310:5217:69c0:9afc::1"; prefixLength = 64; }
+    ];
+  };
+
  services.yggdrasil = {
    openMulticastPort = true;
    configFile = "/var/lib/yggdrasil/keys";
--- a/lib/yggdrasil-hq.nix
+++ b/lib/yggdrasil-hq.nix
@ -0,0 +1,33 @@
+{ config, lib }:
+with lib;
+
+let
+  cfg = config.hq.yggdrasil;
+  hostNameHash = hashString "sha256" networking.hostName;
+  hextets = map (i: substring (4 * i) (4 * (i + 1)) hostNameHash) [0 1 2 3];
+  hostAddr = concatStringsSep ":" hextets;
+in
+{
+  options = with types; {
+    hq.yggdrasil = {
+      enable = mkEnableOption "Configure Yggdrasil access via the Yggdrasil router";
+
+      interface = mkOption {
+        type = nullOr str;
+        default = "eth0";
+        description = "Network interface to the C3D2 HQ ethernet";
+      };
+    };
+  };
+
+  networking.interfaces = optionalAttrs cfg.enable {
+    "${cfg.interface}.ipv6" = {
+      addresses = [
+        { address = "310:5217:69c0:9afc:${hostAddr}"; prefixLength = 64; }
+      ];
+      routes = [
+        { address = "200::"; prefixLength = 7; via = "310:5217:69c0:9afc::1"; }
+      ];
+    };
+  };
+}