From 59f46086ad8d221fdbfd60da116081d7c7cb5eaf Mon Sep 17 00:00:00 2001 From: blur-star Date: Sat, 17 Sep 2022 18:33:27 +0100 Subject: [PATCH 01/10] add docker --- hosts/leoncloud/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hosts/leoncloud/default.nix b/hosts/leoncloud/default.nix index 1227d092..61241f9b 100644 --- a/hosts/leoncloud/default.nix +++ b/hosts/leoncloud/default.nix @@ -101,5 +101,10 @@ in allowedUDPPorts = [ ]; }; - system.stateVersion = "22.05"; + +#-------------Docker--------------- + virtualisation.docker.enable = true; +#---------------------------------- + system.stateVersion = "22.05"; + } -- 2.44.1 From accf748ca42fa1218ec4cfa3b0b3074a8c1fb9c4 Mon Sep 17 00:00:00 2001 From: Astro Date: Sun, 18 Sep 2022 15:56:49 +0200 Subject: [PATCH 02/10] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'zentralwerk': 'git+https://gitea.c3d2.de/zentralwerk/network.git?ref=refs%2fheads%2fmaster&rev=0f9246d4ba491aced88783dcc6efac3cb00b9f95' (2022-09-13) → 'git+https://gitea.c3d2.de/zentralwerk/network.git?ref=master&rev=da6b2d55fc7e8d3a84e3c77829b4d03256f28afc' (2022-09-18) --- flake.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 77857587..b0f3ab4a 100644 --- a/flake.lock +++ b/flake.lock @@ -890,11 +890,11 @@ ] }, "locked": { - "lastModified": 1663031935, - "narHash": "sha256-b8KsPSsweildhQCcxbHScFcile9PmCZuSZQzu8/Nnes=", - "ref": "refs/heads/master", - "rev": "0f9246d4ba491aced88783dcc6efac3cb00b9f95", - "revCount": 1550, + "lastModified": 1663509011, + "narHash": "sha256-ymP7SvKeiRxjUAsN6V+mLTF2vGgpr4HlJuzr1eat4zc=", + "ref": "master", + "rev": "da6b2d55fc7e8d3a84e3c77829b4d03256f28afc", + "revCount": 1594, "type": "git", "url": "https://gitea.c3d2.de/zentralwerk/network.git" }, -- 2.44.1 From 02a5d15dfcd57d9fe5743f6bd4e9983ad47c74d1 Mon Sep 17 00:00:00 2001 From: leon Date: Sun, 18 Sep 2022 16:02:34 +0100 Subject: [PATCH 03/10] add docker --- hosts/leoncloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/leoncloud/default.nix b/hosts/leoncloud/default.nix index 61241f9b..c78e8e06 100644 --- a/hosts/leoncloud/default.nix +++ b/hosts/leoncloud/default.nix @@ -103,7 +103,7 @@ in #-------------Docker--------------- - virtualisation.docker.enable = true; + virtualisation.docker.enable = true; #---------------------------------- system.stateVersion = "22.05"; -- 2.44.1 From 9091453f232eeccbd13ef51901a6fcda9eddd82e Mon Sep 17 00:00:00 2001 From: leon Date: Sun, 18 Sep 2022 17:55:52 +0100 Subject: [PATCH 04/10] add ssh-key to leoncloud --- hosts/leoncloud/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/leoncloud/default.nix b/hosts/leoncloud/default.nix index c78e8e06..967b9f6a 100644 --- a/hosts/leoncloud/default.nix +++ b/hosts/leoncloud/default.nix @@ -92,7 +92,8 @@ in extraGroups = [ "wheel" ]; createHome = true; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2zpmWA3Z9zshWaU8k1SWyJnbAyasOu9pV+9BvTY0XE leon@¯\_(ツ)_/¯" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2zpmWA3Z9zshWaU8k1SWyJnbAyasOu9pV+9BvTY0XE leon@¯\_(ツ)_/¯" #my-laptop + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPZoT83l0ogbJpviBs4VmO+NdF4NPtYAnyf8RRSoXsv leon@leon" #leon-vps pub/172.20.78.113 serv/172.20.73.50 ]; }; -- 2.44.1 From ec30dddd544f4e5cf8eb24c7ff1409cc204d4609 Mon Sep 17 00:00:00 2001 From: Astro Date: Sun, 18 Sep 2022 20:38:41 +0200 Subject: [PATCH 05/10] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'zentralwerk': 'git+https://gitea.c3d2.de/zentralwerk/network.git?ref=master&rev=da6b2d55fc7e8d3a84e3c77829b4d03256f28afc' (2022-09-18) → 'git+https://gitea.c3d2.de/zentralwerk/network.git?ref=master&rev=2e4f65b3b7817f2e382baca5d07d0fad63f5549b' (2022-09-18) --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index b0f3ab4a..54310e55 100644 --- a/flake.lock +++ b/flake.lock @@ -890,11 +890,11 @@ ] }, "locked": { - "lastModified": 1663509011, - "narHash": "sha256-ymP7SvKeiRxjUAsN6V+mLTF2vGgpr4HlJuzr1eat4zc=", + "lastModified": 1663526290, + "narHash": "sha256-hQwLvfEuSFgR67LqT8b2juTD+e2e6A4e59xb4573H1U=", "ref": "master", - "rev": "da6b2d55fc7e8d3a84e3c77829b4d03256f28afc", - "revCount": 1594, + "rev": "2e4f65b3b7817f2e382baca5d07d0fad63f5549b", + "revCount": 1606, "type": "git", "url": "https://gitea.c3d2.de/zentralwerk/network.git" }, -- 2.44.1 From 4b97809e99ace8b4713dd8974703333dc25c5b79 Mon Sep 17 00:00:00 2001 From: Astro Date: Sun, 18 Sep 2022 21:35:22 +0200 Subject: [PATCH 06/10] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'zentralwerk': 'git+https://gitea.c3d2.de/zentralwerk/network.git?ref=master&rev=2e4f65b3b7817f2e382baca5d07d0fad63f5549b' (2022-09-18) → 'git+https://gitea.c3d2.de/zentralwerk/network.git?ref=master&rev=3fbc5577d587b9be366a41611e8ccdc49e043522' (2022-09-18) --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 54310e55..d7feba92 100644 --- a/flake.lock +++ b/flake.lock @@ -890,11 +890,11 @@ ] }, "locked": { - "lastModified": 1663526290, - "narHash": "sha256-hQwLvfEuSFgR67LqT8b2juTD+e2e6A4e59xb4573H1U=", + "lastModified": 1663529696, + "narHash": "sha256-kZltiGFF4JB1O54y84NHs/yHpEDKiDiROsOzOPL6Guk=", "ref": "master", - "rev": "2e4f65b3b7817f2e382baca5d07d0fad63f5549b", - "revCount": 1606, + "rev": "3fbc5577d587b9be366a41611e8ccdc49e043522", + "revCount": 1609, "type": "git", "url": "https://gitea.c3d2.de/zentralwerk/network.git" }, -- 2.44.1 From fe3636e3244ce9ef19711db024ff61dbcc67acc1 Mon Sep 17 00:00:00 2001 From: Astro Date: Sun, 18 Sep 2022 21:39:16 +0200 Subject: [PATCH 07/10] leon: switch to flpk net --- hosts/leon/default.nix | 66 +++--------------------------------------- 1 file changed, 4 insertions(+), 62 deletions(-) diff --git a/hosts/leon/default.nix b/hosts/leon/default.nix index 8e29804e..e63dffd0 100644 --- a/hosts/leon/default.nix +++ b/hosts/leon/default.nix @@ -27,16 +27,8 @@ #-------------------------------------------------------------------------------- -{ zentralwerk, config, pkgs, ... }: -let - netConfig = zentralwerk.lib.config.site.net.serv; +{ pkgs, ... }: - mac = { - serv = "e2:e9:bb:f4:49:fe"; - pub = "e2:e9:bb:f4:49:ff"; - }; - -in { microvm = { mem = 2048; @@ -45,63 +37,13 @@ in c3d2.deployment = { server = "server10"; mounts = [ "etc" "home" "var"]; - autoNetSetup = false; + autoNetSetup = true; }; - microvm.interfaces = [ { - type = "tap"; - id = "pub-leon"; - mac = mac.pub; - } { - type = "tap"; - id = "serv-leon"; - mac = mac.serv; - } ]; networking = { hostName = "leon"; firewall.enable = true; }; - systemd.network = { - enable = true; - - # On the serv network I have a static IPv4 and only a route to the - # rest of the network so that I am reachable by - # public-access-proxy. - - links."00-serv" = { - matchConfig.MACAddress = mac.serv; - linkConfig.Name = "serv"; - }; - - networks."00-serv" = { - matchConfig.MACAddress = mac.serv; - networkConfig.IPv6AcceptRA = false; - # try harder disabling global ipv6 - networkConfig.LinkLocalAddressing = "no"; - addresses = [ { - addressConfig.Address = "${config.c3d2.hosts.${config.networking.hostName}.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}"; - } ]; - routes = [ { - routeConfig = { - Destination = "172.20.0.0/14"; - Gateway = config.c3d2.hosts.serv-gw.ip4; - }; - } ]; - }; - - # On the pub network I am a normal client. - - links."00-pub" = { - matchConfig.MACAddress = mac.pub; - linkConfig.Name = "pub"; - }; - - networks."01-pub" = { - matchConfig.MACAddress = mac.pub; - networkConfig.DHCP = "ipv4"; - networkConfig.IPv6AcceptRA = true; - }; - }; # enable IP routing boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = 1; boot.kernel.sysctl."net.ipv4.conf.default.forwarding" = 1; @@ -160,12 +102,12 @@ in # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients #----------------------Start-Routing---------------------------- postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.11.1/24 -o pub -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.11.1/24 -o flpk -j MASQUERADE ''; # This undoes the above command postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.10.11.1/24 -o pub -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.10.11.1/24 -o flpk -j MASQUERADE ''; #----------------------End-Routing---------------------------- -- 2.44.1 From e492f5a7245bad58335fe8f7879680d5ef731a03 Mon Sep 17 00:00:00 2001 From: Astro Date: Sun, 18 Sep 2022 22:15:00 +0200 Subject: [PATCH 08/10] modules/microvm: disable dhcpcd --- modules/microvm.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/microvm.nix b/modules/microvm.nix index 4be9f388..5565481b 100644 --- a/modules/microvm.nix +++ b/modules/microvm.nix @@ -225,6 +225,7 @@ in networking = lib.mkIf config.c3d2.deployment.autoNetSetup { useDHCP = false; + dhcpcd.enable = false; useNetworkd = true; }; -- 2.44.1 From f6dc5459f1f5c113b6699fc57be0cbfdefb971d1 Mon Sep 17 00:00:00 2001 From: Astro Date: Sun, 18 Sep 2022 22:34:43 +0200 Subject: [PATCH 09/10] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'zentralwerk': 'git+https://gitea.c3d2.de/zentralwerk/network.git?ref=master&rev=3fbc5577d587b9be366a41611e8ccdc49e043522' (2022-09-18) → 'git+https://gitea.c3d2.de/zentralwerk/network.git?ref=master&rev=4ac8db230ded88a3ed95ff48332a581c6cca81b2' (2022-09-18) --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index d7feba92..41f0b76e 100644 --- a/flake.lock +++ b/flake.lock @@ -890,11 +890,11 @@ ] }, "locked": { - "lastModified": 1663529696, - "narHash": "sha256-kZltiGFF4JB1O54y84NHs/yHpEDKiDiROsOzOPL6Guk=", + "lastModified": 1663533200, + "narHash": "sha256-XVy6Uotb3u6F9OH5x1cXjRn87sZJGiRO9LUeY8fpkE4=", "ref": "master", - "rev": "3fbc5577d587b9be366a41611e8ccdc49e043522", - "revCount": 1609, + "rev": "4ac8db230ded88a3ed95ff48332a581c6cca81b2", + "revCount": 1612, "type": "git", "url": "https://gitea.c3d2.de/zentralwerk/network.git" }, -- 2.44.1 From c7bd7a84be2c6bcb8e4179b8ed258ca35448a91b Mon Sep 17 00:00:00 2001 From: Astro Date: Sun, 18 Sep 2022 23:07:48 +0200 Subject: [PATCH 10/10] leoncloud: remove manual network config --- hosts/leoncloud/default.nix | 52 +------------------------------------ 1 file changed, 1 insertion(+), 51 deletions(-) diff --git a/hosts/leoncloud/default.nix b/hosts/leoncloud/default.nix index 1227d092..85c4b767 100644 --- a/hosts/leoncloud/default.nix +++ b/hosts/leoncloud/default.nix @@ -16,63 +16,13 @@ in c3d2.deployment = { server = "server9"; mounts = [ "etc" "home" "var"]; - autoNetSetup = false; + autoNetSetup = true; }; - microvm.interfaces = [ { - type = "tap"; - id = "pub-leoncloud"; - mac = mac.pub; - } { - type = "tap"; - id = "serv-leoncloud"; - mac = mac.serv; - } ]; networking = { hostName = "leoncloud"; firewall.enable = true; }; - systemd.network = { - enable = true; - - # On the serv network I have a static IPv4 and only a route to the - # rest of the network so that I am reachable by - # public-access-proxy. - - links."00-serv" = { - matchConfig.MACAddress = mac.serv; - linkConfig.Name = "serv"; - }; - - networks."00-serv" = { - matchConfig.MACAddress = mac.serv; - networkConfig.IPv6AcceptRA = false; - # try harder disabling global ipv6 - networkConfig.LinkLocalAddressing = "no"; - addresses = [ { - addressConfig.Address = "${config.c3d2.hosts.${config.networking.hostName}.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}"; - } ]; - routes = [ { - routeConfig = { - Destination = "172.20.0.0/14"; - Gateway = config.c3d2.hosts.serv-gw.ip4; - }; - } ]; - }; - - # On the pub network I am a normal client. - - links."00-pub" = { - matchConfig.MACAddress = mac.pub; - linkConfig.Name = "pub"; - }; - - networks."01-pub" = { - matchConfig.MACAddress = mac.pub; - networkConfig.DHCP = "ipv4"; - networkConfig.IPv6AcceptRA = true; - }; - }; security.sudo = { enable = true; -- 2.44.1