dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/colony: Add darts VM

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-11-11 15:56:27 +00:00
parent 9df8a450e8
commit 14f1f5b575
5 changed files with 58 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/constants.nix
View File

@ -64,6 +64,10 @@
v4 = "94.142.241.227/32";
v6 = subnet 8 0 cust.v6;
};
darts = {
v4 = "94.142.242.255/32";
v6 = subnet 8 1 cust.v6;
};
vip1 = "94.142.241.224/30";
vip2 = "94.142.242.254/31";

25
nixos/boxes/colony/default.nix
View File

@ -276,6 +276,29 @@ in
}
];
};
"90-vm-darts" = {
matchConfig.Name = "vm-darts";
address = [
(net.cidr.subnet 8 2 prefixes.cust.v4)
prefixes.darts.v6
];
networkConfig = {
IPv6AcceptRA = false;
IPv6SendRA = true;
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.darts.v6;
}
];
routes = map (r: { routeConfig = r; }) [
{
Destination = prefixes.darts.v4;
Scope = "link";
}
];
};
};
};
};
@ -307,7 +330,7 @@ in
firewall = {
trustedInterfaces = [ "vms" ];
extraRules = ''
define cust = { vm-mail }
define cust = { vm-mail, vm-darts }
table inet filter {
chain forward {
# Trust that the outer firewall has done the filtering!

21
nixos/boxes/colony/vms/default.nix
View File

@ -31,7 +31,8 @@
driver = "file";
#filename = "${systems.installer.configuration.config.my.buildAs.iso}/iso/nixos-installer-devplayer0.iso";
#filename = "/persist/home/dev/nixos-installer-devplayer0.iso";
filename = "/persist/home/dev/debian-12.1.0-amd64-netinst.iso";
#filename = "/persist/home/dev/debian-12.1.0-amd64-netinst.iso";
filename = "/persist/home/dev/ubuntu-22.04.3-live-server-amd64.iso";
read-only = "on";
};
format.driver = "raw";
@ -217,6 +218,24 @@
(vmLVM "mail" "data")
];
};
darts = {
uuid = "ee3882a9-5616-4fcb-83d7-89eb41a84d28";
cpu = "host,topoext";
smp = {
cpus = 4;
threads = 2;
};
memory = 16384;
networks.public = {
bridge = null;
mac = "52:54:00:a8:29:cd";
};
cleanShutdown.timeout = 120;
drives = [
(mkMerge [ (vmLVM "darts" "root") { frontendOpts.bootindex = 0; } ])
];
};
};
};
};

6
nixos/boxes/colony/vms/estuary/default.nix
View File

@ -315,6 +315,10 @@ in
Destination = prefixes.vip1;
Gateway = allAssignments.colony.routing.ipv4.address;
}
{
Destination = prefixes.darts.v4;
Gateway = allAssignments.colony.routing.ipv4.address;
}
{
Destination = prefixes.cust.v6;
Gateway = allAssignments.colony.internal.ipv6.address;
@ -429,7 +433,7 @@ in
return
}
chain filter-routing {
ip daddr ${prefixes.mail.v4} accept
ip daddr { ${prefixes.mail.v4}, ${prefixes.darts.v4} } accept
ip6 daddr ${prefixes.cust.v6} accept
tcp flags & (fin|syn|rst|ack) == syn ct state new jump routing-tcp

5
nixos/boxes/colony/vms/estuary/dns.nix
View File

@ -152,6 +152,9 @@ in
mail-vm IN A ${net.cidr.host 0 prefixes.mail.v4}
mail-vm IN AAAA ${net.cidr.host 1 prefixes.mail.v6}
darts-cust IN A ${net.cidr.host 0 prefixes.darts.v4}
darts-cust IN AAAA ${net.cidr.host 1 prefixes.darts.v6}
andrey-cust IN A ${allAssignments.kelder.estuary.ipv4.address}
$TTL 3
@ -202,6 +205,8 @@ in
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2 IN PTR mail.nul.ie.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.2 IN PTR darts-cust.${config.networking.domain}.
${lib.my.dns.ptr6Records {
inherit allAssignments names;
domain = config.networking.domain;