Remove yggdrasil container
This commit is contained in:
parent
594c5e357d
commit
7486153420
15
flake.nix
15
flake.nix
|
@ -309,26 +309,13 @@
|
|||
system = "armv6l-linux";
|
||||
};
|
||||
|
||||
yggdrasil = nixosSystem' {
|
||||
modules = [
|
||||
./hosts/containers/yggdrasil
|
||||
./lib/lxc-container.nix
|
||||
./lib/users/emery.nix
|
||||
(_: {
|
||||
nixpkgs.overlays = [ secrets.overlays.ospf ];
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
matemat = nixosSystem' {
|
||||
modules = [
|
||||
./lib/lxc-container.nix
|
||||
./hosts/containers/matemat
|
||||
yammat.nixosModule
|
||||
secrets.nixosModules.admins
|
||||
(_: {
|
||||
nixpkgs.overlays = [ secrets.overlays.matemat ];
|
||||
})
|
||||
{ nixpkgs.overlays = [ secrets.overlays.matemat ]; }
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -67,13 +67,6 @@ rec {
|
|||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHhcvlbZ4TjAb6eQkYB2/Z3o/PHQVyAS6iEdGX+CEbGD";
|
||||
};
|
||||
|
||||
yggdrasil = {
|
||||
ip4 = "172.20.72.62";
|
||||
ip6 = "2a00:8180:2c00:281:9000::1";
|
||||
ygg = "201:4561:bb58:4dac:5f6a:7b23:44f:a5ef";
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDmEymILp4IACjCbtMXx6eKPuTZHKyPUfAev05Gn7hi";
|
||||
};
|
||||
|
||||
freifunk = {
|
||||
ip4 = "172.20.72.40";
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFbxHGfBMBjjior1FNRub56O62K++HVnqUH67BeKD7d";
|
||||
|
|
|
@ -1,157 +0,0 @@
|
|||
{ pkgs, lib, config, hostRegistry, zentralwerk, ... }:
|
||||
|
||||
let
|
||||
host = hostRegistry.hosts.yggdrasil;
|
||||
yggAddress = host.ygg;
|
||||
yggPrefix = "301:4561:bb58:4dac"; # 301:4561:bb58:4dac::/64
|
||||
# taken from the output of "yggdrasilctl getself".
|
||||
port = 46823;
|
||||
in {
|
||||
|
||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
||||
# Forward traffic under the prefix.
|
||||
|
||||
boot.postBootCommands = ''
|
||||
if [ ! -c /dev/net/tun ]; then
|
||||
mkdir -p /dev/net
|
||||
mknod -m 666 /dev/net/tun c 10 200
|
||||
fi
|
||||
'';
|
||||
|
||||
c3d2 = { isInHq = true; };
|
||||
|
||||
networking = let
|
||||
inherit (zentralwerk.lib.config.site.net) core;
|
||||
in {
|
||||
hostName = "yggdrasil";
|
||||
firewall.enable = false;
|
||||
nat = {
|
||||
enable = true;
|
||||
# Provide routing for the house
|
||||
extraCommands = ''
|
||||
ip6tables -t nat -A POSTROUTING ! --src 200::/7 -o ygg -j MASQUERADE
|
||||
'';
|
||||
};
|
||||
defaultGateway = core.hosts4.upstream4;
|
||||
defaultGateway6 = core.hosts6.up4.upstream4;
|
||||
# systemd-networkd breaks setting default routes. so sad.
|
||||
useNetworkd = pkgs.lib.mkForce false;
|
||||
nameservers = [ "172.20.73.8" ];
|
||||
interfaces.core = {
|
||||
mtu = 1500;
|
||||
ipv4 = {
|
||||
addresses = [{
|
||||
address = host.ip4;
|
||||
prefixLength = core.subnet4Len;
|
||||
}];
|
||||
};
|
||||
ipv6 = {
|
||||
addresses = [
|
||||
{
|
||||
address = host.ip6;
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
interfaces.c3d2 = lib.mkForce {
|
||||
ipv6 = {
|
||||
addresses = [
|
||||
{
|
||||
address = yggPrefix + "::1";
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.yggdrasil = {
|
||||
enable = true;
|
||||
persistentKeys = true;
|
||||
config = {
|
||||
IfName = "ygg";
|
||||
Listen = [
|
||||
"tcp://[::]:${toString port}"
|
||||
];
|
||||
Peers = [
|
||||
# deutschland
|
||||
"tcp://45.11.19.26:5001"
|
||||
|
||||
# czechia
|
||||
"tcp://[2a03:3b40:fe:ab::1]:46370"
|
||||
"tcp://[2a05:9403::8b]:7743"
|
||||
|
||||
# polen
|
||||
"tcp://[2001:41d0:601:1100::cf2]:37145"
|
||||
];
|
||||
NodeInfo = {
|
||||
# This information is visible to the network.
|
||||
name = "y.c3d2.de";
|
||||
location = "Dresden";
|
||||
email = "ehmry@c3d2.de";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Get routes on the core network, advertise Yggdrasil routes to ZW core
|
||||
services.bird2 = {
|
||||
enable = true;
|
||||
config = ''
|
||||
protocol kernel K4 {
|
||||
ipv4 {
|
||||
export all;
|
||||
};
|
||||
}
|
||||
protocol kernel K6 {
|
||||
ipv6 {
|
||||
export all;
|
||||
};
|
||||
}
|
||||
protocol device {
|
||||
scan time 10;
|
||||
}
|
||||
|
||||
# protocol radv {
|
||||
# interface "c3d2" {
|
||||
# min ra interval 10;
|
||||
# max ra interval 60;
|
||||
# prefix ${yggPrefix}/64 {
|
||||
# preferred lifetime 20;
|
||||
# valid lifetime 60;
|
||||
# };
|
||||
# };
|
||||
# }
|
||||
|
||||
protocol ospf v2 ZW4 {
|
||||
area 0 {
|
||||
interface "core" {
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
protocol ospf v3 ZW6 {
|
||||
area 0 {
|
||||
stubnet 200::/7 {};
|
||||
interface "core" {
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
router id ${host.ip4};
|
||||
'';
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."y.c3d2.de" = {
|
||||
default = true;
|
||||
locations."/".proxyPass = "https://c3d2.de";
|
||||
};
|
||||
};
|
||||
|
||||
}
|
Loading…
Reference in New Issue