Split constants into separate lib file
This commit is contained in:
@@ -14,12 +14,12 @@ in
|
||||
config = ''
|
||||
define OWNAS = 211024;
|
||||
|
||||
define CCVIP1 = ${lib.my.colony.prefixes.vip1};
|
||||
define CCVIP2 = ${lib.my.colony.prefixes.vip2};
|
||||
define CCVIP1 = ${lib.my.c.colony.prefixes.vip1};
|
||||
define CCVIP2 = ${lib.my.c.colony.prefixes.vip2};
|
||||
|
||||
define OWNIP4 = ${assignments.internal.ipv4.address};
|
||||
define OWNNETSET4 = [ ${assignments.internal.ipv4.address}/32 ];
|
||||
define CCNETSET4 = [ ${lib.my.colony.prefixes.vip1}, ${lib.my.colony.prefixes.vip2} ];
|
||||
define CCNETSET4 = [ ${lib.my.c.colony.prefixes.vip1}, ${lib.my.c.colony.prefixes.vip2} ];
|
||||
|
||||
define INTNET6 = ${intnet6};
|
||||
define AMSNET6 = ${amsnet6};
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib.my) net;
|
||||
inherit (lib.my.colony) domain prefixes;
|
||||
inherit (lib.my.c.colony) domain prefixes;
|
||||
|
||||
pubV4 = "94.142.240.44";
|
||||
in
|
||||
@@ -95,7 +95,7 @@ in
|
||||
};
|
||||
|
||||
services = {
|
||||
fstrim = lib.my.colony.fstrimConfig;
|
||||
fstrim = lib.my.c.colony.fstrimConfig;
|
||||
lvm = {
|
||||
dmeventd.enable = true;
|
||||
};
|
||||
@@ -182,7 +182,7 @@ in
|
||||
};
|
||||
wireguardConfig = {
|
||||
PrivateKeyFile = config.age.secrets."estuary/kelder-wg.key".path;
|
||||
ListenPort = lib.my.kelder.vpn.port;
|
||||
ListenPort = lib.my.c.kelder.vpn.port;
|
||||
};
|
||||
wireguardPeers = [
|
||||
{
|
||||
@@ -306,27 +306,27 @@ in
|
||||
};
|
||||
ipv6Prefixes = [
|
||||
{
|
||||
ipv6PrefixConfig.Prefix = lib.my.colony.prefixes.base.v6;
|
||||
ipv6PrefixConfig.Prefix = prefixes.base.v6;
|
||||
}
|
||||
];
|
||||
routes = map (r: { routeConfig = r; }) (flatten
|
||||
([
|
||||
{
|
||||
Destination = lib.my.colony.prefixes.vip1;
|
||||
Destination = prefixes.vip1;
|
||||
Gateway = allAssignments.colony.routing.ipv4.address;
|
||||
}
|
||||
{
|
||||
Destination = lib.my.colony.prefixes.cust.v6;
|
||||
Destination = prefixes.cust.v6;
|
||||
Gateway = allAssignments.colony.internal.ipv6.address;
|
||||
}
|
||||
] ++
|
||||
(map (pName: [
|
||||
{
|
||||
Gateway = allAssignments.colony.routing.ipv4.address;
|
||||
Destination = lib.my.colony.prefixes."${pName}".v4;
|
||||
Destination = prefixes."${pName}".v4;
|
||||
}
|
||||
{
|
||||
Destination = lib.my.colony.prefixes."${pName}".v6;
|
||||
Destination = prefixes."${pName}".v6;
|
||||
Gateway = allAssignments.colony.internal.ipv6.address;
|
||||
}
|
||||
]) [ "vms" "ctrs" "oci" ])));
|
||||
@@ -356,7 +356,6 @@ in
|
||||
};
|
||||
|
||||
my = {
|
||||
#deploy.generate.system.mode = "boot";
|
||||
secrets = {
|
||||
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9up7pXu6M/OWCKufTOfSiGcxMUk4VqUe7fLuatNFFA";
|
||||
files = {
|
||||
@@ -369,7 +368,7 @@ in
|
||||
|
||||
firewall = {
|
||||
trustedInterfaces = [ "as211024" ];
|
||||
udp.allowed = [ 5353 lib.my.kelder.vpn.port ];
|
||||
udp.allowed = [ 5353 lib.my.c.kelder.vpn.port ];
|
||||
tcp.allowed = [ 5353 "bgp" ];
|
||||
nat = {
|
||||
enable = true;
|
||||
@@ -458,7 +457,7 @@ in
|
||||
${matchInet "meta l4proto { udp, tcp } th dport domain redirect to :5353" "estuary"}
|
||||
}
|
||||
chain postrouting {
|
||||
ip saddr ${lib.my.colony.prefixes.all.v4} snat to ${assignments.internal.ipv4.address}
|
||||
ip saddr ${prefixes.all.v4} snat to ${assignments.internal.ipv4.address}
|
||||
}
|
||||
}
|
||||
'';
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
{ lib, pkgs, config, assignments, allAssignments, ... }:
|
||||
let
|
||||
inherit (builtins) attrNames;
|
||||
inherit (lib.my) net;
|
||||
inherit (lib.my.c.colony) prefixes;
|
||||
|
||||
authZones = attrNames config.my.pdns.auth.bind.zones;
|
||||
in
|
||||
@@ -49,7 +51,7 @@ in
|
||||
];
|
||||
allowFrom = [
|
||||
"127.0.0.0/8" "::1/128"
|
||||
lib.my.colony.prefixes.all.v4 lib.my.colony.prefixes.all.v6
|
||||
prefixes.all.v4 prefixes.all.v6
|
||||
];
|
||||
};
|
||||
|
||||
@@ -147,8 +149,8 @@ in
|
||||
valheim IN A ${assignments.internal.ipv4.address}
|
||||
valheim IN AAAA ${allAssignments.valheim-oci.internal.ipv6.address}
|
||||
|
||||
mail-vm IN A ${lib.my.net.cidr.host 0 lib.my.colony.prefixes.mail.v4}
|
||||
mail-vm IN AAAA ${lib.my.net.cidr.host 1 lib.my.colony.prefixes.mail.v6}
|
||||
mail-vm IN A ${net.cidr.host 0 prefixes.mail.v4}
|
||||
mail-vm IN AAAA ${net.cidr.host 1 prefixes.mail.v6}
|
||||
|
||||
andrey-cust IN A ${allAssignments.kelder.estuary.ipv4.address}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user