From 953e43fa4af4a068059c21cbaf129df65878ccd4 Mon Sep 17 00:00:00 2001 From: Astro Date: Sun, 4 Apr 2021 22:55:40 +0200 Subject: [PATCH] nixos-module/container/mgmt-gw: init --- nix/lib/config/legacy.nix | 16 +++++++++++++++- nix/nixos-module/container/mgmt-gw.nix | 10 ++++++++++ nix/nixos-module/default.nix | 3 +++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 nix/nixos-module/container/mgmt-gw.nix diff --git a/nix/lib/config/legacy.nix b/nix/lib/config/legacy.nix index c6ea8d8..2c16014 100644 --- a/nix/lib/config/legacy.nix +++ b/nix/lib/config/legacy.nix @@ -59,7 +59,21 @@ in config.site.hosts = lib.mkMerge ( [ (builtins.foldl' (result: hostName: result // { - "${hostName}".role = "server"; + "${hostName}" = { + role = "server"; + interfaces = builtins.mapAttrs (net: _: { + type = "phys"; + } // lib.optionalAttrs (net == "core") { + gw4 = "mgmt-gw"; + gw6 = "mgmt-gw"; + }) ( + lib.filterAttrs (_: hosts: hosts ? ${hostName}) ( + pillar.hosts-inet // ( + builtins.foldl' (result: hosts: result // hosts) {} (builtins.attrValues pillar.hosts-inet6) + ) + ) + ); + }; }) {} mainServers) (builtins.mapAttrs (_: switch: { diff --git a/nix/nixos-module/container/mgmt-gw.nix b/nix/nixos-module/container/mgmt-gw.nix new file mode 100644 index 000000000..d5b3705 --- /dev/null +++ b/nix/nixos-module/container/mgmt-gw.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + networking.nat = { + enable = true; + externalInterface = "core"; + }; + + # TODO: firewall +} diff --git a/nix/nixos-module/default.nix b/nix/nixos-module/default.nix index aeef922..e65d686 100644 --- a/nix/nixos-module/default.nix +++ b/nix/nixos-module/default.nix @@ -31,5 +31,8 @@ in { builtins.match "upstream.*" hostName != null ) [ ./container/upstream.nix + ] + ++ optionals (hostName == "mgmt-gw") [ + ./container/mgmt-gw.nix ]; }