From e0c0fe1902c81f9501bc894f3184ad66d1297f48 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Fri, 29 Nov 2019 21:29:50 +0100
Subject: [PATCH] lib/yggdrasil-hq: init

---
 hosts/server7/configuration.nix               | 12 -------
 hosts/server7/containers/adc/default.nix      |  6 ++++
 hosts/server7/containers/yggrasil/default.nix | 10 ++++--
 lib/yggdrasil-hq.nix                          | 33 +++++++++++++++++++
 4 files changed, 47 insertions(+), 14 deletions(-)
 create mode 100644 lib/yggdrasil-hq.nix

diff --git a/hosts/server7/configuration.nix b/hosts/server7/configuration.nix
index f31ba6cc..d3085474 100644
--- a/hosts/server7/configuration.nix
+++ b/hosts/server7/configuration.nix
@@ -4,7 +4,6 @@
   imports = [
     <nixpkgs/nixos/modules/profiles/minimal.nix>
     ../../lib/hq.nix
-    ../../lib/yggdrasil.nix
     ../../lib/emery.nix
     ./containers
     ./hardware-configuration.nix
@@ -20,17 +19,6 @@
     # DO NOT CHANGE, KINDERGARTEN IS OVER
   };
 
-  services.yggdrasil = {
-    openMulticastPort = true;
-    configFile = "/var/lib/yggdrasil/keys";
-    config.Peers = [
-      "tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
-      "tcp://ygg.thingylabs.io:443" # Nürnberg
-      "tcp://176.223.130.120:22632" # Wrocław
-      "tcp://[2a05:9403::8b]:7743" # Praha
-    ];
-  };
-
   programs.mosh.enable = true;
 
   nix = {
diff --git a/hosts/server7/containers/adc/default.nix b/hosts/server7/containers/adc/default.nix
index 70b7c80f..f397892c 100644
--- a/hosts/server7/containers/adc/default.nix
+++ b/hosts/server7/containers/adc/default.nix
@@ -1,6 +1,10 @@
 { config, pkgs, lib, ... }:
 
 {
+  imports = [
+    ../../../../lib/yggdrasil-hq.nix
+  ];
+
   services.uhub = {
     enable = true;
     enableTLS = false;
@@ -16,4 +20,6 @@
   };
 
   networking.firewall.allowedTCPPorts = [ config.services.uhub.port ];
+
+  hq.yggdrasil.enable = true;
 }
diff --git a/hosts/server7/containers/yggrasil/default.nix b/hosts/server7/containers/yggrasil/default.nix
index 563ee9fd..7e87d1da 100644
--- a/hosts/server7/containers/yggrasil/default.nix
+++ b/hosts/server7/containers/yggrasil/default.nix
@@ -3,11 +3,17 @@
 {
   imports = [
     <nixpkgs/nixos/modules/profiles/minimal.nix>
-    ../../lib/hq.nix
-    ../../lib/yggdrasil.nix
+    ../../../../lib/hq.nix
+    ../../../../lib/yggdrasil.nix
     ./yggdrasil-prefix.nix
   ];
 
+  networking.interfaces.eth0 = {
+    ipv6.addresses = [
+      { address = "310:5217:69c0:9afc::1"; prefixLength = 64; }
+    ];
+  };
+
   services.yggdrasil = {
     openMulticastPort = true;
     configFile = "/var/lib/yggdrasil/keys";
diff --git a/lib/yggdrasil-hq.nix b/lib/yggdrasil-hq.nix
new file mode 100644
index 00000000..ad2ebe1a
--- /dev/null
+++ b/lib/yggdrasil-hq.nix
@@ -0,0 +1,33 @@
+{ config, lib }:
+with lib;
+
+let
+  cfg = config.hq.yggdrasil;
+  hostNameHash = hashString "sha256" networking.hostName;
+  hextets = map (i: substring (4 * i) (4 * (i + 1)) hostNameHash) [0 1 2 3];
+  hostAddr = concatStringsSep ":" hextets;
+in
+{
+  options = with types; {
+    hq.yggdrasil = {
+      enable = mkEnableOption "Configure Yggdrasil access via the Yggdrasil router";
+
+      interface = mkOption {
+        type = nullOr str;
+        default = "eth0";
+        description = "Network interface to the C3D2 HQ ethernet";
+      };
+    };
+  };
+
+  networking.interfaces = optionalAttrs cfg.enable {
+    "${cfg.interface}.ipv6" = {
+      addresses = [
+        { address = "310:5217:69c0:9afc:${hostAddr}"; prefixLength = 64; }
+      ];
+      routes = [
+        { address = "200::"; prefixLength = 7; via = "310:5217:69c0:9afc::1"; }
+      ];
+    };
+  };
+}