diff --git a/hosts/containers/dn42/default.nix b/hosts/containers/dn42/default.nix index bb3d4c22..e19c7a65 100644 --- a/hosts/containers/dn42/default.nix +++ b/hosts/containers/dn42/default.nix @@ -10,29 +10,17 @@ in { useNetworkd = true; # No Firewalling! firewall.enable = false; - useDHCP = false; - interfaces.ens3 = { - ipv4.addresses = [{ - address = address4; - prefixLength = 24; - }]; - }; - defaultGateway = "172.22.99.4"; }; services.resolved.enable = false; c3d2 = { isInHq = true; hq = { - interface = "ens3"; + interface = "c3d2"; statistics.enable = true; }; deployment = { server = "server10"; mounts = [ "etc" "home" "var"]; - interfaces = [ { - net = "c3d2"; - mac = "FE:60:4B:B4:4E:38"; - } ]; }; }; services.collectd.plugins.exec = @@ -182,7 +170,7 @@ in { protocol static hq4 { ipv4; - route 172.22.99.0/24 via "ens3"; + route 172.22.99.0/24 via "c3d2"; } protocol static hq6 { diff --git a/hosts/containers/freifunk/default.nix b/hosts/containers/freifunk/default.nix index 0ba733bb..1e8ef304 100644 --- a/hosts/containers/freifunk/default.nix +++ b/hosts/containers/freifunk/default.nix @@ -44,17 +44,21 @@ in { deployment = { server = "server10"; mounts = [ "etc" "home" "var"]; - interfaces = [ { - net = "core"; - mac = mac.core; - } { - net = "bmx"; - mac = mac.bmx; - } ]; + autoNetSetup = false; }; }; services.collectd.plugins.protocols = ""; + microvm.interfaces = [ { + type = "tap"; + id = "core-freifunk"; + mac = mac.core; + } { + type = "tap"; + id = "bmx-freifunk"; + mac = mac.bmx; + } ]; + networking.hostName = "freifunk"; networking.useNetworkd = true; networking.nameservers = [ "172.20.73.8" "9.9.9.9" ]; diff --git a/hosts/containers/leon/default.nix b/hosts/containers/leon/default.nix index a728ddf4..6ac46c3f 100644 --- a/hosts/containers/leon/default.nix +++ b/hosts/containers/leon/default.nix @@ -12,28 +12,11 @@ in c3d2.deployment = { server = "server10"; mounts = [ "etc" "home" "var"]; - interfaces = [ { - net = "serv"; - mac = "00:de:8d:c1:9f:45"; - } ]; }; networking = { hostName = "leon"; - useDHCP = false; - interfaces.eth0 = { - useDHCP = false; - ipv4.addresses = [ { - address = netConfig.hosts4.${config.networking.hostName}; - prefixLength = netConfig.subnet4Len; - } ]; - }; - defaultGateway = netConfig.hosts4.serv-gw; - nameservers = [ - netConfig.hosts4.dnscache "9.9.9.9" - ]; - # TODO: enable firewall.enable = true; }; diff --git a/hosts/containers/matemat/default.nix b/hosts/containers/matemat/default.nix index f3fe0d8e..fef3009d 100644 --- a/hosts/containers/matemat/default.nix +++ b/hosts/containers/matemat/default.nix @@ -6,23 +6,11 @@ deployment = { server = "server10"; mounts = [ "etc" "home" "var"]; - interfaces = [{ - net = "serv"; - mac = "FA:2B:1B:DC:85:72"; - }]; }; }; networking = { hostName = "matemat"; - interfaces.ens3 = { - ipv4.addresses = [{ - address = config.c3d2.hosts.matemat.ip4; - prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; - }]; - useDHCP = false; - }; - defaultGateway = "172.20.73.1"; firewall.allowedTCPPorts = [ 80 443 ]; }; diff --git a/hosts/containers/mobilizon/default.nix b/hosts/containers/mobilizon/default.nix index 882d3e91..ac673bc7 100644 --- a/hosts/containers/mobilizon/default.nix +++ b/hosts/containers/mobilizon/default.nix @@ -5,18 +5,9 @@ c3d2.deployment = { server = "server10"; mounts = [ "etc" "home" "var"]; - interfaces = [ { - net = "serv"; - mac = "4A:D1:5C:A7:16:76"; - } ]; }; networking = { hostName = "mobilizon"; - interfaces.ens3.ipv4.addresses = [{ - address = config.c3d2.hosts."${config.networking.hostName}".ip4; - prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; - }]; - defaultGateway = "172.20.73.1"; firewall.allowedTCPPorts = [ 80 443 ]; }; diff --git a/hosts/containers/mucbot/default.nix b/hosts/containers/mucbot/default.nix index f936e88a..a864113b 100644 --- a/hosts/containers/mucbot/default.nix +++ b/hosts/containers/mucbot/default.nix @@ -4,21 +4,10 @@ c3d2.deployment = { server = "server10"; mounts = [ "etc" "var"]; - interfaces = [ { - net = "serv"; - mac = "2A:DB:0D:6B:E8:9A"; - } ]; }; c3d2.autoUpdate = true; networking.hostName = "mucbot"; - networking.interfaces.eth0.ipv4.addresses = [{ - address = "172.20.73.27"; - prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; - }]; - networking.defaultGateway = "172.20.73.1"; - networking.nameservers = - [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ]; users.users.tigger = { createHome = true; diff --git a/hosts/containers/nfsroot/default.nix b/hosts/containers/nfsroot/default.nix index 3cde9945..22ae7d1c 100644 --- a/hosts/containers/nfsroot/default.nix +++ b/hosts/containers/nfsroot/default.nix @@ -21,10 +21,6 @@ in { c3d2.deployment = { server = "server10"; mounts = [ "etc" "home" "var"]; - interfaces = [ { - net = "serv"; - mac = "00:de:fa:c8:28:9c"; - } ]; }; fileSystems = builtins.foldl' (fileSystems: export: fileSystems // { @@ -34,19 +30,6 @@ in { networking = { hostName = "nfsroot"; - useDHCP = false; - interfaces.eth0 = { - useDHCP = false; - ipv4.addresses = [ { - address = netConfig.hosts4.${config.networking.hostName}; - prefixLength = netConfig.subnet4Len; - } ]; - }; - defaultGateway = netConfig.hosts4.serv-gw; - nameservers = [ - netConfig.hosts4.dnscache "9.9.9.9" - ]; - firewall.enable = false; }; diff --git a/hosts/containers/oparl/default.nix b/hosts/containers/oparl/default.nix index fc2300b1..e73a5e55 100644 --- a/hosts/containers/oparl/default.nix +++ b/hosts/containers/oparl/default.nix @@ -17,28 +17,9 @@ in c3d2.deployment = { server = "server10"; mounts = [ "etc" "home" "var"]; - interfaces = [ { - net = "serv"; - mac = "00:de:9a:ce:38:79"; - } ]; }; - networking = { - hostName = "oparl"; - - useDHCP = false; - interfaces.eth0 = { - useDHCP = false; - ipv4.addresses = [ { - address = netConfig.hosts4.${config.networking.hostName}; - prefixLength = netConfig.subnet4Len; - } ]; - }; - defaultGateway = netConfig.hosts4.serv-gw; - nameservers = [ - netConfig.hosts4.dnscache "9.9.9.9" - ]; - }; + networking.hostName = "oparl"; users.users.oparl = { isNormalUser = true; diff --git a/hosts/containers/public-access-proxy/default.nix b/hosts/containers/public-access-proxy/default.nix index 5ebc3c64..64ce42ca 100644 --- a/hosts/containers/public-access-proxy/default.nix +++ b/hosts/containers/public-access-proxy/default.nix @@ -9,21 +9,9 @@ c3d2.deployment = { server = "server10"; mounts = [ "etc" "var"]; - interfaces = [ { - net = "serv"; - mac = "12:24:5F:BD:9B:E7"; - } ]; }; networking.hostName = "public-access-proxy"; - networking.useNetworkd = true; - networking.interfaces.ens3 = { - ipv4.addresses = [{ - address = "172.20.73.45"; - prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; - }]; - }; - networking.defaultGateway = "172.20.73.1"; my.services.proxy = { enable = true; diff --git a/hosts/containers/scrape/default.nix b/hosts/containers/scrape/default.nix index 78543752..89022932 100644 --- a/hosts/containers/scrape/default.nix +++ b/hosts/containers/scrape/default.nix @@ -16,21 +16,10 @@ in { deployment = { server = "server10"; mounts = [ "etc" "home" "var"]; - interfaces = [ { - net = "serv"; - mac = "E2:73:50:F5:EB:6E"; - } ]; }; }; - networking = { - hostName = "scrape"; - interfaces.eth0.ipv4.addresses = [{ - address = "172.20.73.32"; - prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; - }]; - defaultGateway = "172.20.73.1"; - }; + networking.hostName = "scrape"; users.groups.scrape = {}; users.users.scrape = { diff --git a/hosts/containers/spaceapi/default.nix b/hosts/containers/spaceapi/default.nix index 0745d08e..c6833841 100644 --- a/hosts/containers/spaceapi/default.nix +++ b/hosts/containers/spaceapi/default.nix @@ -3,18 +3,9 @@ c3d2.deployment = { server = "server10"; mounts = [ "etc" "var"]; - interfaces = [ { - net = "serv"; - mac = "16:57:AD:93:62:E9"; - } ]; }; networking.hostName = "spaceapi"; - networking.interfaces.eth0.ipv4.addresses = [{ - address = "172.20.73.25"; - prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; - }]; - networking.defaultGateway = "172.20.73.1"; networking.firewall.enable = false; c3d2.autoUpdate = true; diff --git a/hosts/containers/ticker/default.nix b/hosts/containers/ticker/default.nix index 0074ec2f..63ff06ee 100644 --- a/hosts/containers/ticker/default.nix +++ b/hosts/containers/ticker/default.nix @@ -9,21 +9,10 @@ with lib; c3d2.deployment = { server = "server10"; mounts = [ "etc" "var"]; - interfaces = [ { - net = "serv"; - mac = "B6:07:40:C1:81:F2"; - } ]; }; networking = { - interfaces.eth0 = { - ipv4.addresses = [{ address = "172.20.73.52"; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }]; - useDHCP = false; - }; - defaultGateway = "172.20.73.1"; - nameservers = [ "172.20.73.8" "9.9.9.9" ]; hostName = "ticker"; - useDHCP = false; firewall.allowedTCPPorts = [ 22 80 443 ]; }; diff --git a/modules/microvm.nix b/modules/microvm.nix index a0131921..6764b7fd 100644 --- a/modules/microvm.nix +++ b/modules/microvm.nix @@ -1,7 +1,30 @@ { zentralwerk, options, config, lib, pkgs, ... }: let + defaultGateways = { + serv = "serv-gw"; + c3d2 = "c3d2-gw3"; + pub = "pub-gw"; + }; + + inherit (config.networking) hostName; inherit (config.c3d2.deployment) server; serverFQDN = "${server}.cluster.zentralwerk.org"; + + generateMacAddress = net: + let + hash = builtins.hashString "md5" "1-${net}-${hostName}"; + c = off: builtins.substring off 2 hash; + in + "${builtins.substring 0 1 hash}2:${c 2}:${c 4}:${c 6}:${c 8}:${c 10}"; + + nets = builtins.attrNames ( + lib.filterAttrs (net: { hosts4, hosts6, ... }: + hosts4 ? ${hostName} || + lib.filterAttrs (ctx: hosts6: + hosts6 ? ${hostName} + ) hosts6 != {} + ) zentralwerk.lib.config.site.net + ); in { options.c3d2.deployment = with lib; { @@ -10,20 +33,13 @@ in description = "Server that is supposed to host this MicroVM."; }; - interfaces = mkOption { - description = "Network interfaces"; - type = types.listOf (types.submodule { - options = { - net = mkOption { - description = "Network to hook up to"; - type = types.enum serverBridges; - }; - mac = mkOption { - description = "Ethernet MAC address"; - type = types.str; - }; - }; - }); + autoNetSetup = mkOption { + type = types.bool; + default = true; + description = '' + Automatically configure MicroVM network interfaces and + systemd-networkd according to Zentralwerk network data. + ''; }; mounts = mkOption { @@ -52,11 +68,13 @@ in hypervisor = lib.mkDefault "cloud-hypervisor"; mem = lib.mkDefault 512; - interfaces = map ({ net, mac }: { - type = "tap"; - id = builtins.substring 0 15 "${net}-${config.networking.hostName}"; - inherit mac; - }) config.c3d2.deployment.interfaces; + interfaces = lib.mkIf config.c3d2.deployment.autoNetSetup ( + map (net: { + type = "tap"; + id = builtins.substring 0 15 "${net}-${hostName}"; + mac = generateMacAddress net; + }) nets + ); shares = [ { source = "/nix/store"; @@ -71,12 +89,59 @@ in else let tag = builtins.replaceStrings ["/"] ["_"] dir; in { - source = "/var/lib/microvms/${config.networking.hostName}/${dir}"; + source = "/var/lib/microvms/${hostName}/${dir}"; mountPoint = "/${dir}"; inherit tag; proto = "virtiofs"; socket = "${tag}.socket"; }) config.c3d2.deployment.mounts; }; + + networking = lib.mkIf config.c3d2.deployment.autoNetSetup { + useDHCP = false; + useNetworkd = true; + }; + + systemd.network = lib.mkIf config.c3d2.deployment.autoNetSetup { + links = builtins.foldl' (links: net: links // { + "30-${net}" = { + # enable = true; + matchConfig.MACAddress = generateMacAddress net; + # rename interface to net name + linkConfig.Name = net; + }; + }) {} nets; + + networks = builtins.foldl' (networks: net: networks // { + "30-${net}" = + let + zwNet = zentralwerk.lib.config.site.net.${net}; + addresses = + lib.optional (zwNet.hosts4 ? ${hostName}) "${zwNet.hosts4.${hostName}}/${toString zwNet.subnet4Len}" + ++ + map (hosts6: "${hosts6.${hostName}}/64") ( + builtins.filter (hosts6: hosts6 ? ${hostName}) ( + builtins.attrValues zwNet.hosts6 + ) + ); + in { + matchConfig.MACAddress = generateMacAddress net; + addresses = map (Address: { + addressConfig = { inherit Address; }; + }) addresses; + gateway = lib.mkIf (defaultGateways ? ${net}) ( + let + gw = defaultGateways.${net}; + in + [ zwNet.hosts4.${gw} ] + ++ map (hosts6: hosts6.${gw}) ( + builtins.filter (hosts6: hosts6 ? ${gw}) ( + builtins.attrValues zwNet.hosts6 + ) + ) + ); + }; + }) {} nets; + }; }; -} +}