From 8869681b2804cf133ed528221e345c1f2e0a2caa Mon Sep 17 00:00:00 2001 From: Astro Date: Sat, 21 Jan 2023 02:12:32 +0100 Subject: [PATCH] remove yggdrasil --- config/net/c3d2.nix | 2 - config/net/core.nix | 4 +- config/net/upstream.nix | 6 - config/net/yggdrasil.nix | 18 --- config/secrets-production.nix.gpg | 146 +++++++++++------------ config/secrets.nix | 7 -- nix/lib/config/options.nix | 10 -- nix/lib/dns.nix | 25 ++-- nix/nixos-module/container/dnscache.nix | 3 - nix/nixos-module/container/yggdrasil.nix | 57 --------- nix/nixos-module/default.nix | 1 - 11 files changed, 83 insertions(+), 196 deletions(-) delete mode 100644 config/net/yggdrasil.nix delete mode 100644 nix/nixos-module/container/yggdrasil.nix diff --git a/config/net/c3d2.nix b/config/net/c3d2.nix index 844404a..851e747 100644 --- a/config/net/c3d2.nix +++ b/config/net/c3d2.nix @@ -87,11 +87,9 @@ c3d2-gw2 = "2a00:8180:2c00:223::c3d2:3"; c3d2-gw3 = "2a00:8180:2c00:223::c3d2:4"; }; - hosts6.yggdrasil.c3d2-gw3 = "30c:c3d2:b946:76d0::1"; subnets6 = { dn42 = "fd23:42:c3d2:523::/64"; up4 = "2a00:8180:2c00:223::/64"; - yggdrasil = "30c:c3d2:b946:76d0::/64"; }; }; diff --git a/config/net/core.nix b/config/net/core.nix index 8feb7cf..581a1ea 100644 --- a/config/net/core.nix +++ b/config/net/core.nix @@ -69,7 +69,7 @@ server8 = "172.20.72.58"; upstream3 = "172.20.72.11"; upstream4 = "172.20.72.12"; - yggdrasil = "172.20.72.62"; + # unused = "172.20.72.62"; vpn-gw = "172.20.72.69"; flpk-gw = "172.20.72.71"; }; @@ -132,7 +132,6 @@ serv-gw = "fd23:42:c3d2:581::8:1"; upstream3 = "fd23:42:c3d2:581::b:2"; upstream4 = "fd23:42:c3d2:581::b:3"; - yggdrasil = "fd23:42:c3d2:581:9000::1"; vpn-gw = "fd23:42:c3d2:581:9001::1"; flpk-gw = "fd23:42:c3d2:581:9002::1"; }; @@ -193,7 +192,6 @@ priv9-gw = "2a00:8180:2c00:281::c:8"; serv-gw = "2a00:8180:2c00:281::8:1"; upstream4 = "2a00:8180:2c00:281::b:1"; - yggdrasil = "2a00:8180:2c00:281:9000::1"; vpn-gw = "2a00:8180:2c00:281:9001::1"; }; }; diff --git a/config/net/upstream.nix b/config/net/upstream.nix index c2507e1..1541ce5 100644 --- a/config/net/upstream.nix +++ b/config/net/upstream.nix @@ -257,12 +257,6 @@ in reflect = true; sourcePort = 45000; } - { - destination = config.site.net.core.hosts4.yggdrasil; - proto = "tcp"; - reflect = true; - sourcePort = 1337; - } { destination = config.site.net.core.hosts4.vpn-gw; proto = "udp"; diff --git a/config/net/yggdrasil.nix b/config/net/yggdrasil.nix deleted file mode 100644 index e337a3a..000000000 --- a/config/net/yggdrasil.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - site.hosts.yggdrasil = { - role = "container"; - interfaces = { - core = { - hwaddr = "0A:14:48:01:26:ff"; - type = "veth"; - }; - }; - bgp = { - allowedUpstreams = - [ "upstream4" "upstream3" "anon1" "freifunk" ]; - nets6 = [ "200::/7" ]; - }; - - services.yggdrasil.enable = true; - }; -} diff --git a/config/secrets-production.nix.gpg b/config/secrets-production.nix.gpg index 12ab63b..0ce6458 100644 --- a/config/secrets-production.nix.gpg +++ b/config/secrets-production.nix.gpg @@ -1,78 +1,74 @@ -----BEGIN PGP MESSAGE----- -hQEMA2PKcvDMvlKLAQf/WuVryEfs9S9vXfuAXIOhYaF4f+8IvE6rOSOiz5inq/PQ -QIMEIRWs8gnJfA3Ae+QuCmKFicnuyacPqvatPz4GLrCIGuOT4HSHchrrPf8qq5jD -FR+hWpyGNcvDlBexntAHo7LfVCIkxQTY/yzQiORYKB8DhLAnPsApedHvfFg+Cf9H -blELmSqiYSZ+ewVpcxgXFQxw23ctLNZgIICGbLLbTbYDV3nBpHd3TyOTJ/o3XxBI -Ip+hKDoSZzY6BcICrWWaEejgJJIpIpCCLH6aAitPgOmzpH2InPhO62cZ9nG4ij3W -3rAAfG8V3hlRBXlm1vL0FuXSTwN5CzYptoyJzdDHoNLqAUNfQAgfd4tv2rENFxOB -Wy+eMEPdACnoYTD39oF6CtisTuE3a0Mj2ybNeYVgDRxd6EXkCoPe9nClSlJLcdfn -NwmP/84IRVaNm2NUXkhJ4X/SC8mohvxBjCmjKI0BeanC5sIEOUFGTNVQxgaIKwy9 -TKxbm/VJWVXZOHScA9uYozAgglGY1ibyAwxKV0gA1GZzGtDjdGtAJimIQuP7fiMB -VLQ56cyhRKjk+tAu+Dsf4GJ8Cslz8Sshx00RC7lJQFEBlx+W2inz5SzzY7AKAkCr -enh/Ygs2NPR39+//PdCVXGC5AaomX95QbghbO1UXnTpVCgpiz+c0DhQDoy7wfT6M -N3OSvxrqdGBrz858sZGSzK6RAKmQVs4APrKgNX2L6vEpEau/TyX9np3GL+OKoQwM -PBNoAfyTv3mrsUvoVmGSK6feKX19tf46Bpa7qGQh0oRQiJpoK4C355vMHAlcwRjq -NzxUNV6rqugL6Wlj+LUijP/SoYgmLKwvRR8vjMvsE2MEvUIm3dimFykseW1c0eek -u5KjvRAf+duBqf2cjaim1nVXxnu/bQJeOwjxqOt3g8Ps2IziscbFqIVPAH02Z0Ab -PWTrvBeSLWqHHPJDH5qpCxAvqSSwBmVbiNRmps/Kvf8C/Rv4eR+syGHAXupDxa0s -aVkKjVURqvr4jfv6K51N9n99XYhyY++nSIoYHQpf3NrRyiY1/csLn+ZcY9qE3Aza -HHgRQdQWlYsllKz+6FvNWXXd7poPHoHqTUcA517YY3Wsf0jKLYqW3itjmyI4Wbt7 -VDnpLyEYWSe8DOLdXDAQo6zf/EtSYqPsAZIBy2Z35NVT/boMcCT24FPZxQ32cKiq -E5DFSGH1xGnavAGLdxJ/A/UKUfqP/i9GnB9U8WBsjVvsqd8rUBmBm3GIiXNlzvzq -8p02F4ci3Tb8hTiG3eYbUCvdhKTYVKbXTNyNBovmaUcyfi3Qh264IBsLPT/RPTVL -FmBiVlek3ptmXcTlTxvRIahFoKwSvhAXVBVFmclhr6SF3ZyGh+zrwUAMBD1chBXy -jTPOYhNCZW5jLy6cLoTutaLM5GSemAOXmlyIW1bmWVvUMxqPcH4M9/zpr5pt4xLd -9VtaTN4zRuoHTc/Nc/JXQh/U9lbKny+EAJA6D0YZAzI5D1Anxn/feFEygNRzBVBM -KHuLXlk7G66v8mJ8kjmrLzCmeFDL1mMmUSVtUeCrFSX1H/V24Sep9m7nzrI6HbCc -SKO0cuby/syep0UIcINAWAIf0JVRtEf+oshv00hbHwcxmZgLrRoRyD0iJ0hZdS9u -h/mgIiR6CuDOPbTI1pFGp02l+mBOIWJLnGce38GodtoFnWRMvc1tdEMYzEtS4tSl -rupzxHGIHjPXcEnfRwkScuNNmnN5mLosnKhfGPUGVuqiYzfqAnAqyIPjZiFIrllA -pamx16ZtbCR7tJLc6zAZL6EInMdsNIFzwMr3hgVHxdOZmepGQIg8hZ2ODRdKc/+w -UlzLpaV76gJa4GCsg6SOA2odGg8ktm0arJePpEZDdixu6rgi0NkxlCK22GfCBSrh -6/CbawunAoX91nlmc71chT/esMJMasBLcNHph8NCib34OdN7DV9F4ya/UjdbGvMy -aVreFBrSw+z40C1BWuGBsNJChzr1x1mEMW+7nXbdWN4AjoQtqDdqtYVt5f9y4U48 -EI5KtXYy31bUuMDWFhRGnkFtiKsgSwYSgLYfyYgoFjMXp9juSlLIjyLKS7rMgm6v -zFXpGledMtgV9/zPPFXcAMQBa71QgHqt0zqJ1SxAnBJjr4K0AKDSHlYTsuVY8IlV -bcHcfpjHG3vLBJ83QAFNfPubVrusk863D96tAyQ9QAl8f7Y8w3AwSxVo3t8NCKie -LZVqb0JXnBgUThxqxG4XujhWT/Z+wFsBj5ZrsqB0fSWyudxBKLVKF2dwu4Gd9aNg -WJ3L72Vjuu3Ev+FHdQyj2cm80DnWcAZCU5oRQPtcz56jn5MMOHxYXPUyB3ba0roX -+XQsYOdRbmO0OmdeG5QFRCvM18Bxnl2I9bK54UJ3dGqB0NJHE4JLZocLIh7KDTBu -R9AX/QtOrx4cmf9Z3lEuVc73/WeUTfp73mKTo+FAl89mnOP/Ak7Ic1KsjvvAhNSs -268F/zjElf7dAMZHJhLdYUDa5enzsclo34BjuH4VmU9ItGUl/xe56JHyDg7xIDz+ -OeDQ4W5NJZrgD4SDs/faxoSq8prA+juqiC+7yYy0FCaUcf4a5Nj6EASxHR6qbJjZ -hEkxnJtHFSdv/Hr5z5RRCSjVhZ5mPFh3sSOwtzVqul24/PvZ8FJpkVKa5uWmVB/U -PFqnAw8aDc4hUAirhqRgEnRyLSh6JrgJlXsCv/aLEHRuZinYMZwffP/mI2OHXFSS -n+FgkZ1x49q0EEJp1pgl9j+HTXhZJuMgYVrDNSTc6EAYsMGxXN+aBlCKRgDiiyzq -/bK4J4lSfyHqUeunFh5Sqt7O3OXjVe74Dndv7IwpbmMxoYnBoHJlZpA7Gu6WJ5+S -N84itq/J5XRmQQ7Yt3j+QQa8BAZ6zrip1ryfgXRCXrTolqDiRiAJAfF5898ZNjdG -V0SiUUy10oahataso6WENHoZ+ZkoDhdxoLRLcrwRAxePimJn9Bsm4tCvpK2YciXA -Zzm+H3srsOfjEM8xSQGOW0vPRbfXMBy5KYkEkLdt00N87bAT1kNIJQBdaqO41u9v -NKpKXoRuF3JZSjqnvtfox7un6lnBlL+fcgcdvPEQSFgnBOhDbBqrCKv6zuqUaB9z -ulRp5YVPsxkZhpPJmAov291l3tDkgGoDqWiQSv9szl40FpCduQQqNWaWcC5sapaX -V21IaZX7p2hGZ5kKYYk2+rp5Hi/uoMiQGOe+yTjG+6FOVQMQAK8hp9LaHEHUqsl7 -ZBJJoYZU90UzRnAVDKw088pzvFNQCUTQSWGmCRlF9Qgm2rSWo3Q6XcyEAP97pJrh -Gqfgd5Ed/71XcLDR6qpyCdrezG2GaxufteEfOItKGY8xHYiDFbLiVHh851GdXWlJ -kpnbqmnFQRWwuCZPx5eGx8rMgEQDJKn2igBgahjbsDqSCiFJf0Rqb6vhqyffBX/4 -fqfs0IMRw0y4h7dZfrtCc8u43pIusLOkc5F8XIufXaE3Fr7rIr8NBgov+H9IVYjf -Vsd3qSSjjb1xW3dzle+4W0Ry9DIePt2mpw+gpXF8V16GGkANKBLYFD4K+JvRbY1k -gupTwLeZdy99qKTponEfjyl/zPLo+gh9cDinRiBTf7uQnWgodKUX0KA8RyqiVsXJ -MffFQt/ZduStFrGI1KbzdFiDQ2RSWEQKxAzyIAnB1q75h+XPqIQNAYrAjfKRoQmi -8L8mapuv1ueLeR23GfbP2Xf/o/5Wi9Xul1xH9/FDfxguNrcX74aofide7NgOLhNG -80VW0sgedLfhbj09F8/SvSIDjsv//piC67yPu+E2HX7TSSwhdps6Elow3oi79llx -j125YCFtzWq0zZRfNtqkcBExh4o46PihbV6piTsHWC6GrURfZtH/E8logFygwcTE -ZiMGWqbBsLjuiso1AauRPvXLlfAjy5wPiXnNJYu2uJn03nCwZsysE16pT3xdEbJ3 -6kQMpSJkQVVY/WT/zt7/sz5n3G53ylaZwxM7oF/iLoQWAS9lALVvLxDv91TpS/IV -gLaGpUiKvETeR8y0ybF6iMeH44UzEieVkzCaSBky5oZSIR4V6BQipL8W6gDRKeQ1 -E/3mUsqkwu2o7HtVZuMverDYtp5lgIA9aFUf2N5RTQN5Khch7F55S0lsANQhSzZV -Z/AgxPIm/wCqldLSIe4lAoxe+7Kd51x+MvXzwsXO3Y+yR5rHO4yefkIQHgputd0B -dI1sIct+7YvBkglxz7km3VfdefZQl6zGEcJJdSMrwmoNm29ey9R4oshFWH0XYK1o -zzGoPqgAGA/4MTey5yxh38LFV3BLKWvAUGeYfyaF3nzmN5X0KGQZ0burWAbiGJuX -MdaScLobFNqvOxhXq15j1W/WccnsG0vauaV0UEh6O95Iw6rGjjqrFEbyRzt+v/Mq -oXBweSF8DyQYCfeBXWbygtdr9rHwJ0BuvNk9pQKKUmv/sVzABiIb4jiAM3oTsibt -tp9sUK5JLwikz8aEW5qmu4tuaaTgTjJwktDP31xDSgyrC18Yk2x6yWk9961EdmeF -j3kQraTPC/8ovD2NuInhiBCuTsLJShsYBjmtrD1oSfJER2ThffaxzXdh8fbsiYwX -sPMqtRN4yUWeI2YRQe4aZR19OgRMFn6v280mkKOFIKdYhrUSEl8nzv0tLodV7g3i -iw4QCYbmiHIcXPEZ1j1z2NhWPXTCrzDzU9L7P1olskQkCqEfkuDJu5lRrg== -=mILt +hQEMA2PKcvDMvlKLAQf+N28QCjh68YIkQYSL3EnA34fuG4PqrPONlCOVbuH3SsA/ +BPzZEA2dURxbgIFTkjUCqORv62aMgTxJQdGN6S3x3je5aGXGk38SoTYuPZo5Mdss +75l9cj8zJsz9ZnawXbFiM6RMpxd/zGoaPqiOclkiA/NcaaGVuhEYv57ucFsESwcJ +8Pb4PVAt50vH3pcmJUezK1EWftKbMjIB1w/QoiBFbkCi6/2GIs/3ISCFiBO0O7g+ +egW6/6ivODTGV/TghlMoB5717eORUUGr2nejbSV/OaK/bz+KjznJfclg/bRVxM2p +QYgidYaINIb95O1P56kMYlTfZ7czBwpTr/HV8XuWEdLqAfpIIaf3SlQZKl7FJShO +Skxxt2nhQzyLIZq8TEexXO5ayTOfuAmCAx3GEv6tPy77KwW/5lzq416TcVgk9ZKh +qBZB2SBaqH6JavphKFet1GLzztW0Xd1J874P0FXhIdT8OKsJyGNkxgBevEEwNICz +RVJAAboAF2GwLqdhruT5cTBAKtFPq3QJ/3G/rZQ4WoJ7geYhJHlIlMhG1AkPhKt/ +hCb4nz9nD+9xL8dM1C/6LqROHFZV6X6gha79+84YXfM9wdHP6/Dj1Bs5wB9qQhZu +HEJOAgule7on5dPaXOV3LzSKLSriDHWcVEsZnN4IzO0I7u59TGWF/RQypThBqDUu +4C+AwXpoyzGC0rqa+fLfOmWAN0K/uV3Mt+Uj4HwFxu4lYUUqDpB2hcCX6DHytttm +C7fuqungdMgcpzE5fYH4k38sMPxI98Tnma1hC2MpFIrgV7OgiJ1mVP86rHEGnVut +92EJ4n7aLHpydcaDYVrIE6x5xmcBbe2Cwf8dBawAsm12nACo9c07AtAsQZUpSF67 +2G3vDJnC0iEF1PGJrWw9tTGBoCS6q3N8iPJ7UF7uSE0DI2Ja5pxiRGVjTe0ddRbJ +WDhYye/bNjprQh0NY9A5qUfXXnIo5tB0A2aSi2z/vUrffefMIkhYihEyFcPEtpr9 +XqmS7TU0gU2ehcMZZdm0alNo3mjX4lHwczIEiLHMmj3J7Ozgq7aCMwSdFN8TpwOH +0pAqSjrvG8C05Hr6ymlwRYrJ/OfLAkb1Kjf/Me3N2/ZAjeSzTRFuZ2vgbODCk/BM +rSy/RMKB0WEvwLEq9Fj5XNH2p9P++v8JDpiH6I/HPZfRORGs5Gs2d7QQiXZ0YIWl +lUyj9qGUj+RSXVcaHRZxx18RpvA+sgY1E7THx/2+Viwjx+zUHioFnVoEK8ft/hNV +KtX9+wonftW6aQgN+VGqtWu+uGwxvNe9oxzuT2OWSH2OTFirmqK27KfDpHjjWIrp ++6S5ZGkTm8QzfVeADdmPtQ5lmYCKeugkKQpVyvxZA5lUyROvKMZ7PKLRKTTu6qFL +B8GdQTdaw4gQY8qliAVy7NvMVVdG8RhIyxRHEKSsV+cuftRvzRo89lyY4I3GTzII +m6CbRCSNXMXWsyLFM2gd9ICn7Ax9XhuNyJ8NbeDp7f2Qr1GswKA4gJB/ybHpTOAi +f9WzUZINWeklP5ORTk84ZfHtoZsU3a6ZQUCOLg3MKHtbcvmcb4Z1R9dwKiDCREWX +59oCDmjZHsQqEzTTw/n9l9g1EHIu1l8zjAy7AzwEuup34Pwuw+Y/0JLsBrXzk869 +ISAMvHy/n6uZVWmqi+PW30i8LhiRvOg4htOs5kQg4PER0+X/hapKVcVIfFP2kPYm +TOrfyn1WVsJ1ltsLX0LtQimGjFguDmR2/xlcYjBCKj8lDrNov7Qq8R2yXiZtuSgZ +/YEG3GT8EmBvIXgN/1btvn0udY3edA6QxXtuLQ/aZExJqkZgWuhpgoP4A9P3GPzx +Bmxg1WB+yMFlKAKbhnQkEjdPLKo7tTmonMOtpvPbuc7W7WT2Sh9jmDIV7U6tXkQA +AGtk0TYsa1YBWMAqzP2bHNwJ1sMfdeSt9jffxrWSjj5v52qKGovhkr3EqoeCefCV +POoAjnp9Fm9dOs9DTzstt3cZpHL6zQtNRdTZhrXIEZJ/JavhTd7hjJrSGJrxRt44 +jKcftkwsE1jMB8uSZGpOSfqwF+jZizoREdgQh8QQ3ZQbl8UMWdTUjhhekqK0noWn +qVT7KzXiTG/1DKLaot755iK7iJhyL9PTT/NCHUbnFzFkHyQjHwwwOw86s7JuTSS4 +l0w04bEOwy5EP8RJDDSFMaW/5qJYsaefBv+0R8DTyod6VG6YRk1jTBTU9HLzlImC +Md3hi4Ar4P/dxIBb7eebx4x4P5AVeecRAjNFCOlzuMobwdFWhbPhiNIigPLXl2oS +cMxQQBGenB2eSDbJYbycXD2oZtCRghL+Snj9deFmynBCYxUe9NToXS6IqKmmvdcI +SU4GKJDbREedfIVUdNNnK5L5goCjKHRsHamPrNGlxrEeeH/VZKh+3yKJlWahpELM +OdcxEaBEXRzOJW62TRm5JjluI8P0wQJCWn5TzOkNwGYCWiN+rSd5S9PhUDZ67Cjn +xKvhfXyLi0j45TbHFnwpBI2b5/z29EqviRBrII2mk07DDTKFiHQA4l3Ep44dInSW +WVRzzcAhDaO0A/wiDS25AhU2P0Bq9LpaQAoQwYOcK70YfY11EybNHey0CGHvuwj3 +hEWQeH7WgqafRj/lnScLdlgw78Disc8DqiNB+PlTSsyEubeVM+p2loz3mXsjLYOQ +lauDOCjQD6B4jGXigNFk8w+SdI9YCB4oQu5YMPXOzWA93bSmK0ZMl2ntN+1LmyWA +ecHlRrAZp7NzG2CGVnnsqPRcK6EJNrfI1jbCE0eYvIW/tzrmj8DAfmLsA4H2CDt2 +wDVEu+uDZ2UkXm21Jm7NdKIiYjmKfFMQNgkoPwFJab4FE1zV2ZK5tcTy6tPEj/rS +vw1u7Gg+ewB6yo6N11ZYA5Q5ivLgn2yY+1HO3e2Se3+VFdTb3mgqypEAfUADD5Xs +Vy6DNpZpxx+elHr9xt0m+WF5tMCxGawbyKl/6VAsRTEV7sSIaQFpRoBilXVf/n4S +anTn27031AK5+QGhiO+14AK/anEODcVql+wqvnBeIju0QmhOdy23dAnlsNU2Z3ff +F620h34C3+3PQKrLzmr3Enam6jFG96nn3cpFn3jqxybbm7ipy7n6mqIeAAvPLbqu +ZaZ7URbGlYAC8pUTO5UE5eRO5KXp1lITL7eEo8D2wGr/pXfrKVObCh82MPDpL2FS +6wQQAPBxEC2NE2KrwthCknHCgfjXEoq6AB8HmyjdumxC7Z3aMkr514ebh49it/I6 +Z18DLT4AonINWO3AGiB172Zsln4LjBIWad4PaSAAAhDu9QV4IIxjNEd8mtZ7ZUIS +ZOW/JOILwh/wkN4DLby8WakjZ351Z+UIqdvKbLVY17tAc+sOYBgnJL05o6URQFqw +RSHkxjF3GxdlpwYOHQfoWeWSxQkur+aPWMhXdKiYJzlH76KF9RdlzP4i89OpDAVy +udz/h8cgwTD1yadB27NX31wez0RRuECGAlpEk3vyo9+VDL+NOHiG0jc5xWY4Kk2Q +P2KlaFXUwlb2qJXSNfT9uWUT+tzelYC0gJEVXVYe+DV3sr/5kLSTn8D0KpqhuGd9 +rNPkLakqfYUlDYMChE6ZDkaV1v6T4jwjgBB65RtvGRsTmhZQIz9bHl04J0xs/UZP +5MWOsQghvEx8xtLFuXbHQAXJd8n3XjUn+OQ81olBEwXWSrMorVjHrfOKVCtaDr8g +o9dIsVn6Ox77brX9902+DLuybMb0roBKcg6uQdq52Z5sQ0dUPNDI6YC0LTCxXwU4 +IjTLwSkQqow/Igmr339Bv4fUBft+eLuVkceQnJ+C8Osu3zQ2JJfFZDa2Rvn7xhcO +y4NyTdJpJHOQ2F7Pu2rh4WwTLJwf5rdwotc7UNQgXqZAhzMPNYBGp469mJK387sc +igGndEvKsjQ9EkLoyszjY77B0FwMrF0VsoK7q5Acw9rZu/jpt4PAdRXF2uGCV9ZK +SPrYAj2C3YvRbSscfQlczkpRZQSZUT0MiU9U12v8De29e5SYhL7wOLFKNBNVOqNO +vpF+MoY/CtjFoo/yep5W5tvGhn8y1M6uY6ERV1G2wuHbJJsV5vwal7se61U+aHmL +zMQQEvAQVd9MID6HKElepP6NJOPuirk9UfVqoLAUa2tS+H1srVAvfISxjTF4fzFg +StmSJPn4B8EUdFtow9fWvDrDUEDZibmuG2bjruqday09L1NYxrj6O3Cps8u3j4Z7 +PFA0Eq6ZSVLGUCzTa/OUWWuJl318JXeXFn/wOyG/PBP49gTYDG6JX3Nv7l04WXaW +qZXYYoyez7vzQ87B7zS2/5oCchLI3s8DhdhCLN28ZwaIgDXF4VbyqDddhpjBLtgs +w4Fdor/N3rzuCtKV5MgX/ZRGuqADwCgN78DhEuCyWWvUf8CoSAKcCx1xSZYf6rlU +PulV0jUfVRSc+jIj4Oe2HplI1qeGsK8EUCkSWGlC+UKqyqsCz9M= +=gug1 -----END PGP MESSAGE----- diff --git a/config/secrets.nix b/config/secrets.nix index c471333..3ebb3d4 100644 --- a/config/secrets.nix +++ b/config/secrets.nix @@ -87,13 +87,6 @@ publicKey = "encrypted"; }; - yggdrasil.services.yggdrasil.keys = '' - { - "PublicKey": "0000000000000000000000000000000000000000000000000000000000000000", - "PrivateKey": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - } - ''; - ap1.wifi."platform/qca953x_wmac".ssids."uebergangsnetz".psk = "encrypted"; ap10.wifi."platform/qca953x_wmac".ssids = { "iz-dresden.org".psk = "encrypted"; diff --git a/nix/lib/config/options.nix b/nix/lib/config/options.nix index 71458c1..06105bf 100644 --- a/nix/lib/config/options.nix +++ b/nix/lib/config/options.nix @@ -400,16 +400,6 @@ let type = types.bool; default = false; }; - services.yggdrasil = { - enable = mkOption { - type = types.bool; - default = false; - }; - keys = mkOption { - type = types.str; - default = ""; - }; - }; links = mkOption { description = "Which port is connected to what other device? Keys are either network names or known hostnames."; default = {}; diff --git a/nix/lib/dns.nix b/nix/lib/dns.nix index f50aff9..62bfe1d 100644 --- a/nix/lib/dns.nix +++ b/nix/lib/dns.nix @@ -138,20 +138,17 @@ rec { # `{ dn42 = { "...ip6.arpa" = "lo.core.zentralwerk.dn42"; }; }` reverseHosts6 = builtins.foldl' (result: net: lib.recursiveUpdate result ( builtins.mapAttrs (ctx: hosts: - if ctx == "yggdrasil" - then {} - else - builtins.foldl' (result: host: - let - domain = - if ctx == "dn42" - then "${net}.zentralwerk.dn42" - else namedNets.${net}.domainName; - in - lib.recursiveUpdate result { - "${ipv6ToReverse hosts.${host}}" = "${host}.${domain}"; - } - ) {} (builtins.attrNames hosts) + builtins.foldl' (result: host: + let + domain = + if ctx == "dn42" + then "${net}.zentralwerk.dn42" + else namedNets.${net}.domainName; + in + lib.recursiveUpdate result { + "${ipv6ToReverse hosts.${host}}" = "${host}.${domain}"; + } + ) {} (builtins.attrNames hosts) ) namedNets.${net}.hosts6 )) {} (builtins.attrNames namedNets); diff --git a/nix/nixos-module/container/dnscache.nix b/nix/nixos-module/container/dnscache.nix index 3552b56..738ca99 100644 --- a/nix/nixos-module/container/dnscache.nix +++ b/nix/nixos-module/container/dnscache.nix @@ -51,9 +51,6 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable { "${config.site.net.flpk.subnet4} allow" "2a0f:5382:acab:1400::/56 allow" ] - [ # yggdrasil - "${config.site.net.c3d2.subnets6.yggdrasil} allow" - ] [ # default "0.0.0.0/0 deny" "::/0 deny" diff --git a/nix/nixos-module/container/yggdrasil.nix b/nix/nixos-module/container/yggdrasil.nix deleted file mode 100644 index eaacf69..000000000 --- a/nix/nixos-module/container/yggdrasil.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, config, hostName, ... }: - -let - hostConf = config.site.hosts.${hostName}; - cfg = hostConf.services.yggdrasil; -in lib.mkIf cfg.enable { - networking.firewall.enable = false; - - boot.postBootCommands = '' - if [ ! -c /dev/net/tun ]; then - mkdir -p /dev/net - mknod -m 666 /dev/net/tun c 10 200 - fi - ''; - - # Forward traffic under the prefix. - boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; - networking.nat = { - enable = true; - # Provide NAT66 for everyone with addresses foreign to Yggdrasil - extraCommands = '' - ip6tables -t nat -A POSTROUTING ! --src 200::/7 -o ygg -j MASQUERADE - ''; - }; - - systemd.tmpfiles.rules = [ - "d /var/lib/yggdrasil 0700 root root -" - "L+ /var/lib/yggdrasil/keys.json - - - - ${builtins.toFile "keys.json" cfg.keys}" - ]; - - services.yggdrasil = { - enable = true; - persistentKeys = true; - config = { - IfName = "ygg"; - Peers = # https://publicpeers.neilalexander.dev/ - [ - # czechia - "tcp://[2a03:3b40:fe:ab::1]:46370" # emery vpsfree.cz - - # poland - "tls://[2001:41d0:601:1100::cf2]:11129" - ]; - Listen = [ - "tcp://[::]:1337" - # Not needed as `sysctl net.ipv6.bindv6only=0` by default - # "tcp://0.0.0.0:1337" - ]; - NodeInfo = { - # This information is visible to the network. - name = "y.c3d2.de"; - location = "Dresden"; - email = "ehmry@c3d2.de"; - }; - }; - }; -} diff --git a/nix/nixos-module/default.nix b/nix/nixos-module/default.nix index e6c3799..878e0e0 100644 --- a/nix/nixos-module/default.nix +++ b/nix/nixos-module/default.nix @@ -25,7 +25,6 @@ in { ./container/wireguard.nix ./container/dns.nix ./container/dnscache.nix - ./container/yggdrasil.nix ] ++ optionals lib.config.site.hosts.${hostName}.isRouter [ ./container/bird.nix