forked from c3d2/nix-config
Add yggdrasil configurations
This commit is contained in:
parent
6ff81bef39
commit
d2262715da
12
flake.lock
12
flake.lock
|
@ -2,11 +2,11 @@
|
|||
"nodes": {
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1613453906,
|
||||
"narHash": "sha256-w6oeQ3OTCKxRAG9KtjK+ErxpvUhNr48binO99JVQP9Q=",
|
||||
"lastModified": 1614460257,
|
||||
"narHash": "sha256-hFR865O5gIuFNiwFyx/K2g8AeLvGy/f3/SHalF85zuM=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "115770eed0c0fa50c1277cd0f7fe0f15501dbc43",
|
||||
"rev": "c9b965a43e582765f797f8b75d50cb2874b30f30",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -16,11 +16,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1613993207,
|
||||
"narHash": "sha256-a8Cjsz1QkVGb9TUNynphGhM1TbUc//T86gnnB5Ggjwg=",
|
||||
"lastModified": 1614778866,
|
||||
"narHash": "sha256-+l8uyXAxYgR3ZMUpBFs4ZVDcbLsw/TSgAwk9iNYiWNY=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "6198890f0d451f7d02e8c9bd28ab5e66ad2523d3",
|
||||
"rev": "c14bb3039f25d463cd24a47d88b4a86b33561788",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
14
flake.nix
14
flake.nix
|
@ -8,8 +8,7 @@
|
|||
|
||||
outputs = { self, nixpkgs, secrets, nixos-hardware }:
|
||||
let
|
||||
forAllSystems =
|
||||
nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
|
||||
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
|
||||
|
||||
hostRegistry = import ./host-registry.nix;
|
||||
in {
|
||||
|
@ -54,6 +53,8 @@
|
|||
|
||||
pulsebert-nixos-rebuild = mkDeploy "pulsebert" "pulsebert.hq.c3d2.de";
|
||||
pulsebert-wake = mkWake "pulsebert";
|
||||
|
||||
yggdrasil-nixos-rebuild = mkDeploy "yggdrasil" "172.20.72.62";
|
||||
});
|
||||
|
||||
nixosConfigurations = let
|
||||
|
@ -104,6 +105,15 @@
|
|||
system = "aarch64-linux";
|
||||
};
|
||||
|
||||
yggdrasil = nixosSystem' {
|
||||
modules = [
|
||||
./hosts/containers/yggdrasil
|
||||
./lib/lxc-container.nix
|
||||
./lib/users/emery.nix
|
||||
];
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
nixosModules.c3d2 = import ./lib;
|
||||
|
|
|
@ -46,29 +46,33 @@ rec {
|
|||
'';
|
||||
};
|
||||
server4 = {
|
||||
ip4 = "172.22.99.15";
|
||||
ip6 = "2a02:8106:208:5201::15";
|
||||
ip4 = "172.22.99.14";
|
||||
ip6 = "2a02:8106:208:5201::14";
|
||||
publicKey = ''
|
||||
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48=
|
||||
'';
|
||||
};
|
||||
server5 = {
|
||||
ip4 = "172.22.99.16";
|
||||
ip6 = "2a02:8106:208:5201::16";
|
||||
ip4 = "172.22.99.15";
|
||||
ip6 = "2a02:8106:208:5201::15";
|
||||
publicKey = ''
|
||||
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE=
|
||||
'';
|
||||
};
|
||||
server6 = {
|
||||
ip4 = "172.22.99.17";
|
||||
ip6 = "2a02:8106:208:5201::17";
|
||||
ip4 = "172.22.99.16";
|
||||
ip6 = "2a02:8106:208:5201::16";
|
||||
publicKey = ''
|
||||
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
|
||||
'';
|
||||
};
|
||||
storage.publicKey =
|
||||
"storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
|
||||
|
||||
yggdrasil = {
|
||||
ip4 = "172.20.72.62";
|
||||
ip6 = "2a02:8106:208:5281:9000::1";
|
||||
ygg = "201:4561:bb58:4dac:5f6a:7b23:44f:a5ef";
|
||||
};
|
||||
};
|
||||
|
||||
hqGlobal = builtins.attrNames hosts;
|
||||
|
|
|
@ -0,0 +1,81 @@
|
|||
{ hostRegistry, ... }:
|
||||
|
||||
let
|
||||
yggAddress = "201:4561:bb58:4dac:5f6a:7b23:44f:a5ef";
|
||||
yggPrefix = "301:4561:bb58:4dac"; # 301:4561:bb58:4dac::/64
|
||||
# taken from the output of "yggdrasilctl getself".
|
||||
in {
|
||||
|
||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
||||
# Forward traffic under the prefix.
|
||||
|
||||
boot.postBootCommands = ''
|
||||
if [ ! -c /dev/net/tun ]; then
|
||||
mkdir -p /dev/net
|
||||
mknod -m 666 /dev/net/tun c 10 200
|
||||
fi
|
||||
'';
|
||||
|
||||
c3d2 = { isInHq = true; };
|
||||
|
||||
networking = let host = hostRegistry.hosts.yggdrasil;
|
||||
in {
|
||||
hostName = "yggdrasil";
|
||||
defaultGateway = "172.20.72.6";
|
||||
defaultGateway6 = "2a02:8106:208:5281::b:0";
|
||||
nameservers = [ "172.20.73.8" ];
|
||||
interfaces.eth0 = {
|
||||
ipv4 = {
|
||||
addresses = [{
|
||||
address = host.ip4;
|
||||
prefixLength = 26;
|
||||
}];
|
||||
};
|
||||
ipv6 = {
|
||||
addresses = [
|
||||
{
|
||||
address = host.ip6;
|
||||
prefixLength = 64;
|
||||
}
|
||||
{
|
||||
address = yggPrefix + "::1";
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.yggdrasil = {
|
||||
enable = true;
|
||||
persistentKeys = true;
|
||||
config = {
|
||||
Peers = [
|
||||
# deutschland
|
||||
"tcp://45.11.19.26:5001"
|
||||
|
||||
# czechia
|
||||
"tcp://[2a03:3b40:fe:ab::1]:46370"
|
||||
"tcp://[2a05:9403::8b]:7743"
|
||||
|
||||
# polen
|
||||
"tcp://[2001:41d0:601:1100::cf2]:37145"
|
||||
];
|
||||
NodeInfo = {
|
||||
# This information is visible to the network.
|
||||
name = "y.c3d2.de";
|
||||
location = "Dresden";
|
||||
email = "ehmry@c3d2.de";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."y.c3d2.de" = {
|
||||
default = true;
|
||||
locations."/".proxyPass = "https://c3d2.de";
|
||||
};
|
||||
};
|
||||
|
||||
}
|
Loading…
Reference in New Issue