c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Remove yggdrasil container

This commit is contained in:
Ehmry - 2022-01-13 20:20:48 +01:00
parent 594c5e357d
commit 7486153420
3 changed files with 1 additions and 178 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
flake.nix
View File

@ -309,26 +309,13 @@
system = "armv6l-linux";
};
yggdrasil = nixosSystem' {
modules = [
./hosts/containers/yggdrasil
./lib/lxc-container.nix
./lib/users/emery.nix
(_: {
nixpkgs.overlays = [ secrets.overlays.ospf ];
})
];
};
matemat = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/matemat
yammat.nixosModule
secrets.nixosModules.admins
(_: {
nixpkgs.overlays = [ secrets.overlays.matemat ];
})
{ nixpkgs.overlays = [ secrets.overlays.matemat ]; }
];
};

7
host-registry.nix
View File

@ -67,13 +67,6 @@ rec {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHhcvlbZ4TjAb6eQkYB2/Z3o/PHQVyAS6iEdGX+CEbGD";
};
yggdrasil = {
ip4 = "172.20.72.62";
ip6 = "2a00:8180:2c00:281:9000::1";
ygg = "201:4561:bb58:4dac:5f6a:7b23:44f:a5ef";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDmEymILp4IACjCbtMXx6eKPuTZHKyPUfAev05Gn7hi";
};
freifunk = {
ip4 = "172.20.72.40";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMFbxHGfBMBjjior1FNRub56O62K++HVnqUH67BeKD7d";

157
hosts/containers/yggdrasil/default.nix
View File

@ -1,157 +0,0 @@
{ pkgs, lib, config, hostRegistry, zentralwerk, ... }:
let
host = hostRegistry.hosts.yggdrasil;
yggAddress = host.ygg;
yggPrefix = "301:4561:bb58:4dac"; # 301:4561:bb58:4dac::/64
# taken from the output of "yggdrasilctl getself".
port = 46823;
in {
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
# Forward traffic under the prefix.
boot.postBootCommands = ''
if [ ! -c /dev/net/tun ]; then
mkdir -p /dev/net
mknod -m 666 /dev/net/tun c 10 200
fi
'';
c3d2 = { isInHq = true; };
networking = let
inherit (zentralwerk.lib.config.site.net) core;
in {
hostName = "yggdrasil";
firewall.enable = false;
nat = {
enable = true;
# Provide routing for the house
extraCommands = ''
ip6tables -t nat -A POSTROUTING ! --src 200::/7 -o ygg -j MASQUERADE
'';
};
defaultGateway = core.hosts4.upstream4;
defaultGateway6 = core.hosts6.up4.upstream4;
# systemd-networkd breaks setting default routes. so sad.
useNetworkd = pkgs.lib.mkForce false;
nameservers = [ "172.20.73.8" ];
interfaces.core = {
mtu = 1500;
ipv4 = {
addresses = [{
address = host.ip4;
prefixLength = core.subnet4Len;
}];
};
ipv6 = {
addresses = [
{
address = host.ip6;
prefixLength = 64;
}
];
};
};
interfaces.c3d2 = lib.mkForce {
ipv6 = {
addresses = [
{
address = yggPrefix + "::1";
prefixLength = 64;
}
];
};
};
};
services.yggdrasil = {
enable = true;
persistentKeys = true;
config = {
IfName = "ygg";
Listen = [
"tcp://[::]:${toString port}"
];
Peers = [
# deutschland
"tcp://45.11.19.26:5001"
# czechia
"tcp://[2a03:3b40:fe:ab::1]:46370"
"tcp://[2a05:9403::8b]:7743"
# polen
"tcp://[2001:41d0:601:1100::cf2]:37145"
];
NodeInfo = {
# This information is visible to the network.
name = "y.c3d2.de";
location = "Dresden";
email = "ehmry@c3d2.de";
};
};
};
# Get routes on the core network, advertise Yggdrasil routes to ZW core
services.bird2 = {
enable = true;
config = ''
protocol kernel K4 {
ipv4 {
export all;
};
}
protocol kernel K6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# protocol radv {
# interface "c3d2" {
# min ra interval 10;
# max ra interval 60;
# prefix ${yggPrefix}/64 {
# preferred lifetime 20;
# valid lifetime 60;
# };
# };
# }
protocol ospf v2 ZW4 {
area 0 {
interface "core" {
authentication cryptographic;
password "${pkgs.zentralwerk-ospf-message-digest-key}";
};
};
}
protocol ospf v3 ZW6 {
area 0 {
stubnet 200::/7 {};
interface "core" {
authentication cryptographic;
password "${pkgs.zentralwerk-ospf-message-digest-key}";
};
};
}
router id ${host.ip4};
'';
};
services.nginx = {
enable = true;
virtualHosts."y.c3d2.de" = {
default = true;
locations."/".proxyPass = "https://c3d2.de";
};
};
}