nixos: Add working container VM (w/ vaultwarden)

Also improve IPv6 addressing / routing
2022-05-29 03:30:40 +01:00
parent 38e8827487
commit 00493bf30f
15 changed files with 351 additions and 113 deletions
--- a/nixos/boxes/colony/vms/estuary/default.nix
+++ b/nixos/boxes/colony/vms/estuary/default.nix
@@ -25,7 +25,7 @@

        config = mkMerge [
          {
-            networking.domain = lib.my.colonyDomain;
+            networking.domain = lib.my.colony.domain;

            boot.kernelParams = [ "console=ttyS0,115200n8" ];
            fileSystems = {
@@ -94,7 +94,26 @@
                    ipv6Prefixes = [
                      {
                        #ipv6PrefixConfig.Prefix = "2a0e:97c0:4d1:0::/64";
-                        ipv6PrefixConfig.Prefix = "2a0e:97c0:4d0:bbb0::/64";
+                        ipv6PrefixConfig.Prefix = lib.my.colony.prefixes.base.v6;
+                      }
+                    ];
+                    routes = map (r: { routeConfig = r; }) [
+                      {
+                        Gateway = allAssignments.colony.internal.ipv4.address;
+                        Destination = lib.my.colony.prefixes.vms.v4;
+                      }
+                      {
+                        Gateway = allAssignments.colony.internal.ipv6.address;
+                        Destination = lib.my.colony.prefixes.vms.v6;
+                      }
+
+                      {
+                        Gateway = allAssignments.colony.internal.ipv4.address;
+                        Destination = lib.my.colony.prefixes.ctrs.v4;
+                      }
+                      {
+                        Gateway = allAssignments.colony.internal.ipv6.address;
+                        Destination = lib.my.colony.prefixes.ctrs.v6;
                      }
                    ];
                  }
@@ -138,7 +157,7 @@
                      iifname wan meta l4proto { udp, tcp } th dport domain redirect to :5353
                    }
                    chain postrouting {
-                      ip saddr 10.100.0.0/16 masquerade
+                      ip saddr ${lib.my.colony.prefixes.all.v4} masquerade
                    }
                  }
                '';
--- a/nixos/boxes/colony/vms/estuary/dns.nix
+++ b/nixos/boxes/colony/vms/estuary/dns.nix
@@ -21,9 +21,7 @@ in
        ];
        allowFrom = [
          "127.0.0.0/8" "::1/128"
-          "10.100.0.0/16" "2a0e:97c0:4d1::/48"
-          # TODO: Remove when moving to proper net!
-          "2a0e:97c0:4d0::/48"
+          lib.my.colony.prefixes.all.v4 lib.my.colony.prefixes.all.v6
        ];
      };
      forwardZones = genAttrs authZones (_: "127.0.0.1:5353");