nixos-module/container/mgmt-gw: init

2021-04-04 22:55:40 +02:00 · 2021-04-04 22:55:40 +02:00 · 953e43fa4a
parent afad6f46b8
commit 953e43fa4a
3 changed files with 28 additions and 1 deletions
--- a/nix/lib/config/legacy.nix
+++ b/nix/lib/config/legacy.nix
@ -59,7 +59,21 @@ in
  config.site.hosts = lib.mkMerge (
    [
      (builtins.foldl' (result: hostName: result // {
-        "${hostName}".role = "server";
+        "${hostName}" = {
+          role = "server";
+          interfaces = builtins.mapAttrs (net: _: {
+            type = "phys";
+          } // lib.optionalAttrs (net == "core") {
+            gw4 = "mgmt-gw";
+            gw6 = "mgmt-gw";
+          }) (
+            lib.filterAttrs (_: hosts: hosts ? ${hostName}) (
+              pillar.hosts-inet // (
+                builtins.foldl' (result: hosts: result // hosts) {} (builtins.attrValues pillar.hosts-inet6)
+              )
+            )
+          );
+        };
      }) {} mainServers)

      (builtins.mapAttrs (_: switch: {
--- a/nix/nixos-module/container/mgmt-gw.nix
+++ b/nix/nixos-module/container/mgmt-gw.nix
@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  networking.nat = {
+    enable = true;
+    externalInterface = "core";
+  };
+
+  # TODO: firewall
+}
--- a/nix/nixos-module/default.nix
+++ b/nix/nixos-module/default.nix
@ -31,5 +31,8 @@ in {
    builtins.match "upstream.*" hostName != null
  ) [
    ./container/upstream.nix
+  ]
+  ++ optionals (hostName == "mgmt-gw") [
+    ./container/mgmt-gw.nix
  ];
 }