server7: move yggdrasil out of container
This commit is contained in:
parent
cec0945c8e
commit
73d769952d
|
@ -1,16 +1,34 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
let yggaddr = import ./yggaddr.nix;
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||||
../../lib/hq.nix
|
../../lib/hq.nix
|
||||||
|
../../lib/default-gateway.nix
|
||||||
../../lib/emery.nix
|
../../lib/emery.nix
|
||||||
|
../../lib/yggdrasil.nix
|
||||||
./containers
|
./containers
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./hydra.nix
|
./hydra.nix
|
||||||
./nix-serve.nix
|
./nix-serve.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Route IPv6
|
||||||
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
||||||
|
# Obtain global IPv6 despite being a router myself
|
||||||
|
boot.kernel.sysctl."net.ipv6.conf.eth0.accept_ra" = 2;
|
||||||
|
|
||||||
|
services.yggdrasil = {
|
||||||
|
configFile = "/var/lib/yggdrasil/keys";
|
||||||
|
config.Peers = [
|
||||||
|
"tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
|
||||||
|
"tcp://ygg.thingylabs.io:443" # Nürnberg
|
||||||
|
"tcp://176.223.130.120:22632" # Wrocław
|
||||||
|
"tcp://[2a05:9403::8b]:7743" # Praha
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -45,15 +63,15 @@
|
||||||
address = "172.22.99.245";
|
address = "172.22.99.245";
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
}];
|
}];
|
||||||
|
ipv6.addresses = [{
|
||||||
|
address = yggaddr.prefix + ":1";
|
||||||
|
prefixLength = 64;
|
||||||
|
}];
|
||||||
};
|
};
|
||||||
enp2s0f1.useDHCP = false;
|
enp2s0f1.useDHCP = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
hq.yggdrasil = {
|
|
||||||
enable = true;
|
|
||||||
interface = "br0";
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal nixfmt ];
|
environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal nixfmt ];
|
||||||
|
|
||||||
services.collectd = {
|
services.collectd = {
|
||||||
|
|
|
@ -1,34 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
|
||||||
../../../../lib/hq.nix
|
|
||||||
../../../../lib/yggdrasil.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.firewall.enable = false;
|
|
||||||
|
|
||||||
networking.interfaces.eth0 = {
|
|
||||||
useDHCP = true;
|
|
||||||
ipv6.addresses = [
|
|
||||||
{ address = "310:5217:69c0:9afc::1"; prefixLength = 64; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
# Route IPv6
|
|
||||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
|
||||||
# Obtain global IPv6 despite being a router myself
|
|
||||||
boot.kernel.sysctl."net.ipv6.conf.eth0.accept_ra" = 2;
|
|
||||||
|
|
||||||
services.yggdrasil = {
|
|
||||||
openMulticastPort = true;
|
|
||||||
configFile = "/var/lib/yggdrasil/keys";
|
|
||||||
config.Peers = [
|
|
||||||
"tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
|
|
||||||
"tcp://ygg.thingylabs.io:443" # Nürnberg
|
|
||||||
"tcp://176.223.130.120:22632" # Wrocław
|
|
||||||
"tcp://[2a05:9403::8b]:7743" # Praha
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
Loading…
Reference in New Issue