dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/routing-common: Working DHCP
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 18m48s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-12-16 18:50:51 +00:00
parent 9cec5051bf
commit 490413c24b
9 changed files with 182 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/constants.nix
View File

@ -10,12 +10,14 @@ rec {
gitea-runner = 401; gitea-runner = 401;
jellyseerr = 402; jellyseerr = 402;
atticd = 403; atticd = 403;
kea = 404;
}; };
gids = { gids = {
matrix-syncv3 = 400; matrix-syncv3 = 400;
gitea-runner = 401; gitea-runner = 401;
jellyseerr = 402; jellyseerr = 402;
atticd = 403; atticd = 403;
kea = 404;
}; };
}; };

34
nixos/boxes/castle/default.nix
View File

@ -22,18 +22,6 @@ in
address = net.cidr.host (65536*3+1) prefixes.hi.v6; address = net.cidr.host (65536*3+1) prefixes.hi.v6;
}; };
}; };
lo = {
inherit domain;
ipv4 = {
address = net.cidr.host 40 prefixes.lo.v4;
mask = 21;
gateway = null;
};
ipv6 = {
iid = "::3:1";
address = net.cidr.host (65536*3+1) prefixes.lo.v6;
};
};
}; };
configuration = { lib, pkgs, modulesPath, config, systems, assignments, allAssignments, ... }: configuration = { lib, pkgs, modulesPath, config, systems, assignments, allAssignments, ... }:
@ -116,7 +104,13 @@ in
blueman.enable = true; blueman.enable = true;
}; };
programs.virt-manager.enable = true; programs = {
virt-manager.enable = true;
wireshark = {
enable = true;
package = pkgs.wireshark-qt;
};
};
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
networking = { networking = {
@ -155,7 +149,6 @@ in
wait-online.enable = false; wait-online.enable = false;
netdevs = mkMerge [ netdevs = mkMerge [
(mkVLAN "lan-hi" vlans.hi) (mkVLAN "lan-hi" vlans.hi)
(mkVLAN "lan-lo" vlans.lo)
]; ];
links = { links = {
"10-et2.5g" = { "10-et2.5g" = {
@ -177,28 +170,23 @@ in
networks = { networks = {
"50-lan" = { "50-lan" = {
matchConfig.Name = "et2.5g"; matchConfig.Name = "et2.5g";
DHCP = "yes"; DHCP = "no";
address = [ "10.16.7.1/16" ];
}; };
"50-et100g" = { "50-et100g" = {
matchConfig.Name = "et100g"; matchConfig.Name = "et100g";
vlan = [ "lan-hi" "lan-lo" ]; vlan = [ "lan-hi" ];
networkConfig.IPv6AcceptRA = false; networkConfig.IPv6AcceptRA = false;
}; };
"60-lan-hi" = mkMerge [ "60-lan-hi" = mkMerge [
(networkdAssignment "lan-hi" assignments.hi) (networkdAssignment "lan-hi" assignments.hi)
{ {
DHCP = "yes";
matchConfig.Name = "lan-hi"; matchConfig.Name = "lan-hi";
linkConfig.MTUBytes = "9000"; linkConfig.MTUBytes = "9000";
} }
]; ];
"60-lan-lo" = mkMerge [
(networkdAssignment "lan-lo" assignments.lo)
{
matchConfig.Name = "lan-lo";
linkConfig.MTUBytes = "1500";
}
];
}; };
}; };
}; };

1
nixos/boxes/home/routing-common/default.nix
View File

@ -109,6 +109,7 @@ in
./keepalived.nix ./keepalived.nix
./dns.nix ./dns.nix
./radvd.nix ./radvd.nix
./kea.nix
]; ];
config = { config = {

17
nixos/boxes/home/routing-common/dns.nix
View File

@ -47,13 +47,8 @@ in
settings = { settings = {
query-local-address = [ query-local-address = [
# TODO: IPv6
"0.0.0.0" "0.0.0.0"
"::" "::"
# TODO: Dynamic IPv4 WAN address?
# assignments.internal.ipv4.address
# assignments.internal.ipv6.address
# assignments.hi.ipv6.address
]; ];
forward-zones = map (z: "${z}=127.0.0.1:5353") authZones; forward-zones = map (z: "${z}=127.0.0.1:5353") authZones;
@ -73,9 +68,10 @@ in
pdns.serviceConfig.RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK"; pdns.serviceConfig.RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
}; };
# For rec_control
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# For rec_control
pdns-recursor pdns-recursor
sqlite
]; ];
my.pdns.auth = { my.pdns.auth = {
@ -98,6 +94,10 @@ in
webserver = true; webserver = true;
webserver-address = "::"; webserver-address = "::";
webserver-allow-from = [ "127.0.0.1" "::1" ]; webserver-allow-from = [ "127.0.0.1" "::1" ];
dnsupdate = true;
launch = [ "gsqlite3" ];
gsqlite3-database = "/var/lib/pdns/dynamic.sqlite3";
}; };
bind.zones = bind.zones =
@ -136,6 +136,11 @@ in
ns1 IN ALIAS ${elemAt routers 0}.${config.networking.domain}. ns1 IN ALIAS ${elemAt routers 0}.${config.networking.domain}.
ns2 IN ALIAS ${elemAt routers 1}.${config.networking.domain}. ns2 IN ALIAS ${elemAt routers 1}.${config.networking.domain}.
dyn IN NS ns1.dyn.h.nul.ie.
dyn IN NS ns2.dyn.h.nul.ie.
ns1.dyn.h.nul.ie. IN ALIAS ${elemAt routers 0}.${config.networking.domain}.
ns2.dyn.h.nul.ie. IN ALIAS ${elemAt routers 1}.${config.networking.domain}.
jim-core IN A ${net.cidr.host 10 prefixes.core.v4} jim-core IN A ${net.cidr.host 10 prefixes.core.v4}
jim IN A ${net.cidr.host 10 prefixes.hi.v4} jim IN A ${net.cidr.host 10 prefixes.hi.v4}
jim IN AAAA ${net.cidr.host (65536+1) prefixes.hi.v6} jim IN AAAA ${net.cidr.host (65536+1) prefixes.hi.v6}

141
nixos/boxes/home/routing-common/kea.nix Normal file
View File

@ -0,0 +1,141 @@
index: { lib, pkgs, assignments, ... }:
let
inherit (lib) mkForce;
inherit (lib.my) net;
inherit (lib.my.c.home) domain prefixes vips;
dns-servers = [
{
ip-address = net.cidr.host 1 prefixes.core.v4;
port = 5353;
}
{
ip-address = net.cidr.host 2 prefixes.core.v4;
port = 5353;
}
];
in
{
users = with lib.my.c.ids; {
users.kea= {
isSystemUser = true;
uid = uids.kea;
group = "kea";
};
groups.kea.gid = gids.kea;
};
systemd.services = {
kea-dhcp4-server.serviceConfig.DynamicUser = mkForce false;
kea-dhcp-ddns-server.serviceConfig.DynamicUser = mkForce false;
};
services = {
kea = {
dhcp4 = {
enable = true;
settings = {
interfaces-config = {
interfaces = [
"lan-hi/${assignments.hi.ipv4.address}"
"lan-lo/${assignments.lo.ipv4.address}"
"lan-untrusted/${assignments.untrusted.ipv4.address}"
];
};
lease-database = {
type = "memfile";
persist = true;
name = "/var/lib/kea/dhcp.leases";
};
option-data = [
{
name = "domain-name";
data = domain;
}
{
name = "domain-search";
data = "${domain}, dyn.${domain}";
always-send = true;
}
];
subnet4 = [
{
id = 1;
subnet = prefixes.hi.v4;
interface = "lan-hi";
option-data = [
{
name = "routers";
data = vips.hi.v4;
}
{
name = "domain-name-servers";
data = "${net.cidr.host 1 prefixes.hi.v4}, ${net.cidr.host 2 prefixes.hi.v4}";
}
];
pools = [
{
pool = "192.168.68.120 - 192.168.71.240";
}
];
reservations = [
{
# castle
hw-address = "24:8a:07:a8:fe:3a";
ip-address = net.cidr.host 40 prefixes.hi.v4;
}
];
}
{
id = 2;
subnet = prefixes.lo.v4;
interface = "lan-lo";
option-data = [
{
name = "routers";
data = vips.lo.v4;
}
{
name = "domain-name-servers";
data = "${net.cidr.host 1 prefixes.lo.v4}, ${net.cidr.host 2 prefixes.lo.v4}";
}
];
pools = [
{
pool = "192.168.72.120 - 192.168.79.240";
}
];
reservations = [
{
# castle
hw-address = "24:8a:07:a8:fe:3a";
ip-address = net.cidr.host 40 prefixes.lo.v4;
}
];
}
];
ddns-send-updates = true;
ddns-replace-client-name = "when-not-present";
ddns-qualifying-suffix = "dyn.${domain}";
ddns-generated-prefix = "ip";
ddns-update-on-renew = true;
dhcp-ddns.enable-updates = true;
};
};
dhcp-ddns = {
enable = true;
settings = {
forward-ddns.ddns-domains = [
{
name = "dyn.${domain}.";
inherit dns-servers;
}
];
};
};
};
};
}

2
nixos/modules/common.nix
View File

@ -125,7 +125,6 @@ in
environment.systemPackages = with pkgs; mkMerge [ environment.systemPackages = with pkgs; mkMerge [
[ [
bash-completion bash-completion
vim
git git
unzip unzip
] ]
@ -138,6 +137,7 @@ in
fish.enable = mkDefault true; fish.enable = mkDefault true;
# TODO: This is expecting to look up the channel for the database... # TODO: This is expecting to look up the channel for the database...
command-not-found.enable = mkDefault false; command-not-found.enable = mkDefault false;
vim.defaultEditor = true;
}; };
services = { services = {

3
nixos/modules/pdns.nix
View File

@ -268,6 +268,9 @@ in
# For pdns_control etc # For pdns_control etc
systemPackages = with pkgs; [ systemPackages = with pkgs; [
pdns pdns
(pkgs.writeShellScriptBin "pu" ''
${pdns}/bin/pdnsutil --config-dir /run/pdns "$@"
'')
pdns-file-record pdns-file-record
]; ];

10
nixos/modules/tmproot.nix
View File

@ -466,6 +466,16 @@ in
(mkIf config.virtualisation.libvirtd.enable { (mkIf config.virtualisation.libvirtd.enable {
my.tmproot.persistence.config.directories = [ "/var/lib/libvirt" ]; my.tmproot.persistence.config.directories = [ "/var/lib/libvirt" ];
}) })
(mkIf (with config.services.kea; (dhcp4.enable || dhcp6.enable || dhcp-ddns.enable)) {
my.tmproot.persistence.config.directories = [
{
directory = "/var/lib/kea";
mode = "0750";
user = "kea";
group = "kea";
}
];
})
])) ]))
]); ]);

3
nixos/modules/user.nix
View File

@ -37,7 +37,8 @@ in
extraGroups = extraGroups =
[ "wheel" "kvm" "dialout" ] ++ [ "wheel" "kvm" "dialout" ] ++
(optional config.networking.networkmanager.enable "networkmanager") ++ (optional config.networking.networkmanager.enable "networkmanager") ++
(optional config.virtualisation.libvirtd.enable "libvirtd"); (optional config.virtualisation.libvirtd.enable "libvirtd") ++
(optional config.programs.wireshark.enable "wireshark");
password = mkIf (cfg.passwordSecret == null) (mkDefault "hunter2"); password = mkIf (cfg.passwordSecret == null) (mkDefault "hunter2");
shell = shell =
let shell = cfg.homeConfig.my.shell; let shell = cfg.homeConfig.my.shell;