diff --git a/config/net/c3d2.nix b/config/net/c3d2.nix index 3869b83..2878222 100644 --- a/config/net/c3d2.nix +++ b/config/net/c3d2.nix @@ -112,21 +112,21 @@ c3d2.hwaddr = "0A:14:48:01:21:01"; core.hwaddr = "0A:14:48:01:21:00"; }; - ospf.allowedUpstreams = [ "upstream3" "upstream4" "upstream1" "anon1" "freifunk" ]; + ospf.allowedUpstreams = [ "freifunk" "upstream4" "upstream3" "anon1" ]; }; c3d2-gw2 = makeGateway { interfaces = { c3d2.hwaddr = "0A:14:48:01:21:03"; core.hwaddr = "0A:14:48:01:21:02"; }; - ospf.allowedUpstreams = [ "upstream1" "upstream3" "upstream4" "anon1" "freifunk" ]; + ospf.allowedUpstreams = [ "upstream3" "upstream4" "anon1" "freifunk" ]; }; c3d2-gw3 = makeGateway { interfaces = { c3d2.hwaddr = "0A:14:48:01:21:05"; core.hwaddr = "0A:14:48:01:21:04"; }; - ospf.allowedUpstreams = [ "upstream4" "upstream3" "upstream1" "anon1" "freifunk" ]; + ospf.allowedUpstreams = [ "upstream4" "upstream3" "anon1" "freifunk" ]; }; }; } diff --git a/config/net/cluster.nix b/config/net/cluster.nix index 5431eb6..2ee3134 100644 --- a/config/net/cluster.nix +++ b/config/net/cluster.nix @@ -155,7 +155,7 @@ in type = "veth"; }; }; - ospf.allowedUpstreams = [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ]; + ospf.allowedUpstreams = [ "upstream4" "upstream3" "anon1" "freifunk" ]; }; server3 = makeServer; server5 = makeServer; diff --git a/config/net/core.nix b/config/net/core.nix index 6446b5b..4a8227c 100644 --- a/config/net/core.nix +++ b/config/net/core.nix @@ -64,8 +64,6 @@ server7 = "172.20.72.57"; server8 = "172.20.72.58"; server9 = "172.20.72.59"; - upstream1 = "172.20.72.6"; - upstream2 = "172.20.72.10"; upstream3 = "172.20.72.11"; upstream4 = "172.20.72.12"; yggdrasil = "172.20.72.62"; @@ -126,8 +124,6 @@ priv9-gw = "fd23:42:c3d2:581::c:8"; pub-gw = "fd23:42:c3d2:581::8:2"; serv-gw = "fd23:42:c3d2:581::8:1"; - upstream1 = "fd23:42:c3d2:581::b:0"; - upstream2 = "fd23:42:c3d2:581::b:1"; upstream3 = "fd23:42:c3d2:581::b:2"; upstream4 = "fd23:42:c3d2:581::b:3"; yggdrasil = "fd23:42:c3d2:581:9000::1"; @@ -187,7 +183,6 @@ priv8-gw = "2a00:8180:2c00:281::c:7"; priv9-gw = "2a00:8180:2c00:281::c:8"; serv-gw = "2a00:8180:2c00:281::8:1"; - upstream1 = "2a00:8180:2c00:281::b:0"; upstream4 = "2a00:8180:2c00:281::b:1"; yggdrasil = "2a00:8180:2c00:281:9000::1"; vpn-gw = "2a00:8180:2c00:281:9001::1"; @@ -221,7 +216,7 @@ }; ospf = { allowedUpstreams = - [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ]; + [ "upstream4" "upstream3" "anon1" "freifunk" ]; stubNets4 = [ "172.20.0.0/14" "10.0.0.0/8" ]; stubNets6 = [ "fd00::/8" "2a02:8106:208:5200::/56" "2a02:8106:211:e900::/56" ]; diff --git a/config/net/mgmt.nix b/config/net/mgmt.nix index cbae65b..b263286 100644 --- a/config/net/mgmt.nix +++ b/config/net/mgmt.nix @@ -191,7 +191,7 @@ }; ospf = { allowedUpstreams = - [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ]; + [ "upstream4" "upstream3" "anon1" "freifunk" ]; }; role = "container"; }; diff --git a/config/net/priv.nix b/config/net/priv.nix index de904ea..7965b87 100644 --- a/config/net/priv.nix +++ b/config/net/priv.nix @@ -38,7 +38,7 @@ lib.mkMerge ( core.type = "veth"; "priv${toString n}".type = "veth"; }; - ospf.allowedUpstreams = [ "upstream4" "upstream3" "upstream1" "anon1" "freifunk" ]; + ospf.allowedUpstreams = [ "upstream4" "upstream3" "anon1" "freifunk" ]; }; } ) (seq 1 privCount) @@ -520,7 +520,7 @@ lib.mkMerge ( hwaddr = "0A:14:47:02:2A:19"; }; }; - ospf.allowedUpstreams = [ "upstream3" "upstream4" "upstream1" "anon1" "freifunk" ]; + ospf.allowedUpstreams = [ "upstream3" "upstream4" "anon1" "freifunk" ]; }; priv18-gw = { interfaces = { diff --git a/config/net/serv.nix b/config/net/serv.nix index 53a0b94..5aeb1b3 100644 --- a/config/net/serv.nix +++ b/config/net/serv.nix @@ -176,7 +176,7 @@ }; }; ospf.allowedUpstreams = - [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ]; + [ "upstream4" "upstream3" "anon1" "freifunk" ]; }; stats = makeContainer { interfaces.serv.hwaddr = "0A:14:48:01:15:00"; diff --git a/config/net/upstream.nix b/config/net/upstream.nix index 76dcc7a..480d368 100644 --- a/config/net/upstream.nix +++ b/config/net/upstream.nix @@ -5,156 +5,6 @@ let in { site.hosts = { - upstream1 = { - forwardPorts = [ - { # http - destination = "${servHosts.public-access-proxy}:80"; - proto = "tcp"; - reflect = true; - sourcePort = 80; - } - { # https - destination = "${servHosts.public-access-proxy}:443"; - proto = "tcp"; - reflect = true; - sourcePort = 443; - } - { - destination = dn42; - proto = "udp"; - reflect = true; - sourcePort = 2325; - } - { - destination = dn42; - proto = "udp"; - reflect = true; - sourcePort = 2399; - } - { - destination = dn42; - proto = "udp"; - reflect = true; - sourcePort = 2327; - } - { - destination = dn42; - proto = "udp"; - reflect = true; - sourcePort = 2338; - } - { - destination = dn42; - proto = "udp"; - reflect = true; - sourcePort = 2339; - } - { - destination = dn42; - proto = "udp"; - reflect = true; - sourcePort = 40533; - } - { - destination = dn42; - proto = "udp"; - reflect = true; - sourcePort = 61699; - } - { - destination = "172.20.74.210:22"; - proto = "tcp"; - reflect = true; - sourcePort = 2222; - } - { - destination = "172.20.74.210:443"; - proto = "tcp"; - reflect = true; - sourcePort = 8443; - } - { - destination = "172.20.73.47:22"; - proto = "tcp"; - reflect = true; - sourcePort = 2223; - } - { - destination = "172.20.73.48:30000"; - proto = "udp"; - reflect = true; - sourcePort = 30000; - } - { - destination = config.site.net.core.hosts4.yggdrasil; - proto = "tcp"; - reflect = true; - sourcePort = 1337; - } - ]; - interfaces = { - core = { - hwaddr = "0A:14:48:01:26:00"; - type = "veth"; - }; - up1 = { - hwaddr = "00:23:74:D7:2D:7C"; - type = "veth"; - upstream = { - link = null; - noNat = { subnets6 = [ "2a02:8106:208:5200::/56" ]; }; - provider = "vodafone"; - staticIpv4Address = "24.134.104.53"; - upBandwidth = 52500; - }; - }; - }; - ospf.upstreamInstance = 3; - role = "container"; - }; - - upstream2 = { - forwardPorts = [ - { - destination = "172.20.75.9:1194"; - proto = "udp"; - reflect = true; - sourcePort = 1194; - } - { - destination = "172.20.74.210:22"; - proto = "tcp"; - reflect = true; - sourcePort = 2222; - } - { - destination = "172.20.74.210:443"; - proto = "tcp"; - reflect = true; - sourcePort = 8443; - } - ]; - interfaces = { - core = { - hwaddr = "0A:14:48:01:27:00"; - type = "veth"; - }; - up2 = { - hwaddr = "00:23:74:D7:42:7C"; - type = "veth"; - upstream = { - link = null; - noNat = { subnets6 = [ "2a02:8106:208:e900::/56" ]; }; - provider = "vodafone"; - staticIpv4Address = null; - upBandwidth = 52500; - }; - }; - }; - ospf.upstreamInstance = 4; - role = "container"; - }; - upstream3 = { interfaces = { core = { @@ -449,7 +299,7 @@ in }; }; ospf = { - allowedUpstreams = [ "upstream1" "upstream3" "upstream4" "freifunk" ]; + allowedUpstreams = [ "upstream3" "upstream4" "freifunk" ]; upstreamInstance = 5; }; role = "container"; diff --git a/config/net/yggdrasil.nix b/config/net/yggdrasil.nix index 67bc3f8..70e8074 100644 --- a/config/net/yggdrasil.nix +++ b/config/net/yggdrasil.nix @@ -9,7 +9,7 @@ }; ospf = { allowedUpstreams = - [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ]; + [ "upstream4" "upstream3" "anon1" "freifunk" ]; stubNets6 = [ "200::/7" ]; }; diff --git a/nix/lib/dns.nix b/nix/lib/dns.nix index 2700b0b..68a30fe 100644 --- a/nix/lib/dns.nix +++ b/nix/lib/dns.nix @@ -167,13 +167,9 @@ rec { name = "dyn.zentralwerk.org"; ns = publicNS; records = [ { - name = "upstream1"; + name = "upstream4"; type = "A"; - data = "24.134.104.53"; - } { - name = "upstream2"; - type = "A"; - data = "24.134.252.105"; + data = "81.201.149.152"; } ]; } ] ++ builtins.concatLists ( builtins.attrValues (