c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

modules/microvm: implement c3d2.deployment.autoNetSetup

This commit is contained in:
Astro 2022-06-17 23:23:08 +02:00
parent 6be5862f97
commit 6508600c80
13 changed files with 101 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hosts/containers/dn42/default.nix
View File

@ -10,29 +10,17 @@ in {
useNetworkd = true;
# No Firewalling!
firewall.enable = false;
useDHCP = false;
interfaces.ens3 = {
ipv4.addresses = [{
address = address4;
prefixLength = 24;
}];
};
defaultGateway = "172.22.99.4";
};
services.resolved.enable = false;
c3d2 = {
isInHq = true;
hq = {
interface = "ens3";
interface = "c3d2";
statistics.enable = true;
};
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
interfaces = [ {
net = "c3d2";
mac = "FE:60:4B:B4:4E:38";
} ];
};
};
services.collectd.plugins.exec =
@ -182,7 +170,7 @@ in {
protocol static hq4 {
ipv4;
route 172.22.99.0/24 via "ens3";
route 172.22.99.0/24 via "c3d2";
}
protocol static hq6 {

18
hosts/containers/freifunk/default.nix
View File

@ -44,17 +44,21 @@ in {
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
interfaces = [ {
net = "core";
mac = mac.core;
} {
net = "bmx";
mac = mac.bmx;
} ];
autoNetSetup = false;
};
};
services.collectd.plugins.protocols = "";
microvm.interfaces = [ {
type = "tap";
id = "core-freifunk";
mac = mac.core;
} {
type = "tap";
id = "bmx-freifunk";
mac = mac.bmx;
} ];
networking.hostName = "freifunk";
networking.useNetworkd = true;
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];

17
hosts/containers/leon/default.nix
View File

@ -12,28 +12,11 @@ in
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
interfaces = [ {
net = "serv";
mac = "00:de:8d:c1:9f:45";
} ];
};
networking = {
hostName = "leon";
useDHCP = false;
interfaces.eth0 = {
useDHCP = false;
ipv4.addresses = [ {
address = netConfig.hosts4.${config.networking.hostName};
prefixLength = netConfig.subnet4Len;
} ];
};
defaultGateway = netConfig.hosts4.serv-gw;
nameservers = [
netConfig.hosts4.dnscache "9.9.9.9"
];
# TODO: enable
firewall.enable = true;
};

12
hosts/containers/matemat/default.nix
View File

@ -6,23 +6,11 @@
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
interfaces = [{
net = "serv";
mac = "FA:2B:1B:DC:85:72";
}];
};
};
networking = {
hostName = "matemat";
interfaces.ens3 = {
ipv4.addresses = [{
address = config.c3d2.hosts.matemat.ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
useDHCP = false;
};
defaultGateway = "172.20.73.1";
firewall.allowedTCPPorts = [ 80 443 ];
};

9
hosts/containers/mobilizon/default.nix
View File

@ -5,18 +5,9 @@
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
interfaces = [ {
net = "serv";
mac = "4A:D1:5C:A7:16:76";
} ];
};
networking = {
hostName = "mobilizon";
interfaces.ens3.ipv4.addresses = [{
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
defaultGateway = "172.20.73.1";
firewall.allowedTCPPorts = [ 80 443 ];
};

11
hosts/containers/mucbot/default.nix
View File

@ -4,21 +4,10 @@
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "var"];
interfaces = [ {
net = "serv";
mac = "2A:DB:0D:6B:E8:9A";
} ];
};
c3d2.autoUpdate = true;
networking.hostName = "mucbot";
networking.interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.27";
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
networking.defaultGateway = "172.20.73.1";
networking.nameservers =
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
users.users.tigger = {
createHome = true;

17
hosts/containers/nfsroot/default.nix
View File

@ -21,10 +21,6 @@ in {
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
interfaces = [ {
net = "serv";
mac = "00:de:fa:c8:28:9c";
} ];
};
fileSystems = builtins.foldl' (fileSystems: export: fileSystems // {
@ -34,19 +30,6 @@ in {
networking = {
hostName = "nfsroot";
useDHCP = false;
interfaces.eth0 = {
useDHCP = false;
ipv4.addresses = [ {
address = netConfig.hosts4.${config.networking.hostName};
prefixLength = netConfig.subnet4Len;
} ];
};
defaultGateway = netConfig.hosts4.serv-gw;
nameservers = [
netConfig.hosts4.dnscache "9.9.9.9"
];
firewall.enable = false;
};

21
hosts/containers/oparl/default.nix
View File

@ -17,28 +17,9 @@ in
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
interfaces = [ {
net = "serv";
mac = "00:de:9a:ce:38:79";
} ];
};
networking = {
hostName = "oparl";
useDHCP = false;
interfaces.eth0 = {
useDHCP = false;
ipv4.addresses = [ {
address = netConfig.hosts4.${config.networking.hostName};
prefixLength = netConfig.subnet4Len;
} ];
};
defaultGateway = netConfig.hosts4.serv-gw;
nameservers = [
netConfig.hosts4.dnscache "9.9.9.9"
];
};
networking.hostName = "oparl";
users.users.oparl = {
isNormalUser = true;

12
hosts/containers/public-access-proxy/default.nix
View File

@ -9,21 +9,9 @@
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "var"];
interfaces = [ {
net = "serv";
mac = "12:24:5F:BD:9B:E7";
} ];
};
networking.hostName = "public-access-proxy";
networking.useNetworkd = true;
networking.interfaces.ens3 = {
ipv4.addresses = [{
address = "172.20.73.45";
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
};
networking.defaultGateway = "172.20.73.1";
my.services.proxy = {
enable = true;

13
hosts/containers/scrape/default.nix
View File

@ -16,21 +16,10 @@ in {
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
interfaces = [ {
net = "serv";
mac = "E2:73:50:F5:EB:6E";
} ];
};
};
networking = {
hostName = "scrape";
interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.32";
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
defaultGateway = "172.20.73.1";
};
networking.hostName = "scrape";
users.groups.scrape = {};
users.users.scrape = {

9
hosts/containers/spaceapi/default.nix
View File

@ -3,18 +3,9 @@
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "var"];
interfaces = [ {
net = "serv";
mac = "16:57:AD:93:62:E9";
} ];
};
networking.hostName = "spaceapi";
networking.interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.25";
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
networking.defaultGateway = "172.20.73.1";
networking.firewall.enable = false;
c3d2.autoUpdate = true;

11
hosts/containers/ticker/default.nix
View File

@ -9,21 +9,10 @@ with lib;
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "var"];
interfaces = [ {
net = "serv";
mac = "B6:07:40:C1:81:F2";
} ];
};
networking = {
interfaces.eth0 = {
ipv4.addresses = [{ address = "172.20.73.52"; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }];
useDHCP = false;
};
defaultGateway = "172.20.73.1";
nameservers = [ "172.20.73.8" "9.9.9.9" ];
hostName = "ticker";
useDHCP = false;
firewall.allowedTCPPorts = [ 22 80 443 ];
};

107
modules/microvm.nix
View File

@ -1,7 +1,30 @@
{ zentralwerk, options, config, lib, pkgs, ... }:
let
defaultGateways = {
serv = "serv-gw";
c3d2 = "c3d2-gw3";
pub = "pub-gw";
};
inherit (config.networking) hostName;
inherit (config.c3d2.deployment) server;
serverFQDN = "${server}.cluster.zentralwerk.org";
generateMacAddress = net:
let
hash = builtins.hashString "md5" "1-${net}-${hostName}";
c = off: builtins.substring off 2 hash;
in
"${builtins.substring 0 1 hash}2:${c 2}:${c 4}:${c 6}:${c 8}:${c 10}";
nets = builtins.attrNames (
lib.filterAttrs (net: { hosts4, hosts6, ... }:
hosts4 ? ${hostName} ||
lib.filterAttrs (ctx: hosts6:
hosts6 ? ${hostName}
) hosts6 != {}
) zentralwerk.lib.config.site.net
);
in
{
options.c3d2.deployment = with lib; {
@ -10,20 +33,13 @@ in
description = "Server that is supposed to host this MicroVM.";
};
interfaces = mkOption {
description = "Network interfaces";
type = types.listOf (types.submodule {
options = {
net = mkOption {
description = "Network to hook up to";
type = types.enum serverBridges;
};
mac = mkOption {
description = "Ethernet MAC address";
type = types.str;
};
};
});
autoNetSetup = mkOption {
type = types.bool;
default = true;
description = ''
Automatically configure MicroVM network interfaces and
systemd-networkd according to Zentralwerk network data.
'';
};
mounts = mkOption {
@ -52,11 +68,13 @@ in
hypervisor = lib.mkDefault "cloud-hypervisor";
mem = lib.mkDefault 512;
interfaces = map ({ net, mac }: {
type = "tap";
id = builtins.substring 0 15 "${net}-${config.networking.hostName}";
inherit mac;
}) config.c3d2.deployment.interfaces;
interfaces = lib.mkIf config.c3d2.deployment.autoNetSetup (
map (net: {
type = "tap";
id = builtins.substring 0 15 "${net}-${hostName}";
mac = generateMacAddress net;
}) nets
);
shares = [ {
source = "/nix/store";
@ -71,12 +89,59 @@ in
else let
tag = builtins.replaceStrings ["/"] ["_"] dir;
in {
source = "/var/lib/microvms/${config.networking.hostName}/${dir}";
source = "/var/lib/microvms/${hostName}/${dir}";
mountPoint = "/${dir}";
inherit tag;
proto = "virtiofs";
socket = "${tag}.socket";
}) config.c3d2.deployment.mounts;
};
networking = lib.mkIf config.c3d2.deployment.autoNetSetup {
useDHCP = false;
useNetworkd = true;
};
systemd.network = lib.mkIf config.c3d2.deployment.autoNetSetup {
links = builtins.foldl' (links: net: links // {
"30-${net}" = {
# enable = true;
matchConfig.MACAddress = generateMacAddress net;
# rename interface to net name
linkConfig.Name = net;
};
}) {} nets;
networks = builtins.foldl' (networks: net: networks // {
"30-${net}" =
let
zwNet = zentralwerk.lib.config.site.net.${net};
addresses =
lib.optional (zwNet.hosts4 ? ${hostName}) "${zwNet.hosts4.${hostName}}/${toString zwNet.subnet4Len}"
++
map (hosts6: "${hosts6.${hostName}}/64") (
builtins.filter (hosts6: hosts6 ? ${hostName}) (
builtins.attrValues zwNet.hosts6
)
);
in {
matchConfig.MACAddress = generateMacAddress net;
addresses = map (Address: {
addressConfig = { inherit Address; };
}) addresses;
gateway = lib.mkIf (defaultGateways ? ${net}) (
let
gw = defaultGateways.${net};
in
[ zwNet.hosts4.${gw} ]
++ map (hosts6: hosts6.${gw}) (
builtins.filter (hosts6: hosts6 ? ${gw}) (
builtins.attrValues zwNet.hosts6
)
)
);
};
}) {} nets;
};
};
}
}