dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/estuary: Announce and route internal / home prefixes

Browse Source
This commit is contained in:
Jack O'Sullivan
2022-10-16 19:07:41 +01:00
parent 681ad3fe9f
commit 02395acaf1
2 changed files with 44 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
nixos/boxes/colony/vms/estuary/default.nix
View File

@@ -1,4 +1,21 @@
{ lib, ... }: {
{ lib, ... }:
let
pubV4 = "94.142.240.44";
in
{
nixos = {
vpns = {
l2 = {
as211024 = {
vni = 211024;
peers = {
estuary.addr = pubV4;
home.addr = "109.255.1.83";
};
};
};
};
};
nixos.systems.estuary = {
system = "x86_64-linux";
nixpkgs = "mine";
@@ -10,7 +27,7 @@
altNames = [ "fw" ];
domain = lib.my.colony.domain;
ipv4 = {
address = "94.142.240.44";
address = pubV4;
mask = 24;
gateway = "94.142.240.254";
genPTR = false;
@@ -31,6 +48,13 @@
};
ipv6.address = "${lib.my.colony.start.base.v6}1";
};
as211024 = {
ipv4 = {
address = "10.255.3.1";
gateway = null;
};
ipv6.address = "2a0e:97c0:4df:0:3::1";
};
};
configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }:
@@ -180,6 +204,14 @@
]) [ "vms" "ctrs" "oci" ])));
}
];
"90-l2mesh-as211024" = {
address = with assignments.as211024; [
(with ipv4; "${address}/${toString mask}")
(with ipv6; "${address}/${toString mask}")
];
networkConfig.IPv6AcceptRA = false;
};
};
};
@@ -189,7 +221,7 @@
server.enable = true;
firewall = {
trustedInterfaces = [ "base" ];
trustedInterfaces = [ "base" "as211024" ];
udp.allowed = [ 5353 ];
tcp.allowed = [ 5353 ];
nat = {
@@ -250,6 +282,7 @@
}
chain forward {
iifname wan oifname base jump filter-routing
oifname as211024 accept
}
}
table inet nat {