From 575561a33084dfbc75a196358ec068dd645e5bb8 Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Tue, 31 May 2022 21:58:29 +0100 Subject: [PATCH] nixos: Avoid hardcoding any IP prefixes --- lib.nix | 34 ++++++++++++++----- nixos/boxes/colony/default.nix | 15 ++++---- nixos/boxes/colony/vms/estuary/default.nix | 10 +++--- .../colony/vms/shill/containers/middleman.nix | 8 ++--- .../vms/shill/containers/vaultwarden.nix | 8 ++--- nixos/boxes/colony/vms/shill/default.nix | 12 +++---- 6 files changed, 50 insertions(+), 37 deletions(-) diff --git a/lib.nix b/lib.nix index b8c7b97..f8c9ca2 100644 --- a/lib.nix +++ b/lib.nix @@ -158,19 +158,37 @@ rec { colony = rec { domain = "test.int.nul.ie"; - prefixes = { + start = { all = { - v4 = "10.100.0.0/16"; - v6 = "2a0e:97c0:4d0:bbb0::/60"; + v4 = "10.100."; + v6 = "2a0e:97c0:4d0:bbb"; + }; + base = { + v4 = "${start.all.v4}0."; + v6 = "${start.all.v6}0::"; }; - base.v6 = "2a0e:97c0:4d0:bbb0::/64"; vms = { - v4 = "10.100.1.0/24"; - v6 = "2a0e:97c0:4d0:bbb1::/64"; + v4 = "${start.all.v4}1."; + v6 = "${start.all.v6}1::"; }; ctrs = { - v4 = "10.100.2.0/24"; - v6 = "2a0e:97c0:4d0:bbb2::/64"; + v4 = "${start.all.v4}2."; + v6 = "${start.all.v6}2::"; + }; + }; + prefixes = { + all = { + v4 = "${start.base.v4}0/16"; + v6 = "${start.base.v6}/60"; + }; + base.v6 = "${start.base.v6}/64"; + vms = { + v4 = "${start.vms.v4}0/24"; + v6 = "${start.vms.v6}/64"; + }; + ctrs = { + v4 = "${start.ctrs.v4}0/24"; + v6 = "${start.ctrs.v6}/64"; }; }; }; diff --git a/nixos/boxes/colony/default.nix b/nixos/boxes/colony/default.nix index 605e495..4ab1ab5 100644 --- a/nixos/boxes/colony/default.nix +++ b/nixos/boxes/colony/default.nix @@ -1,4 +1,4 @@ -{ +{ lib, ... }: { imports = [ ./vms ]; nixos.systems.colony = { @@ -9,20 +9,18 @@ assignments = { internal = { altNames = [ "vm" ]; - ipv4.address = "10.100.0.2"; - #ipv6.address = "2a0e:97c0:4d1:0::2"; - ipv6 = rec { + ipv4.address = "${lib.my.colony.start.base.v4}2"; + ipv6 = { iid = "::2"; - address = "2a0e:97c0:4d0:bbb0${iid}"; + address = "${lib.my.colony.start.base.v6}2"; }; }; vms = { ipv4 = { - address = "10.100.1.1"; + address = "${lib.my.colony.start.vms.v4}1"; gateway = null; }; - #ipv6.address = "2a0e:97c0:4d1:1::1"; - ipv6.address = "2a0e:97c0:4d0:bbb1::1"; + ipv6.address = "${lib.my.colony.start.vms.v6}1"; }; }; @@ -108,7 +106,6 @@ }; ipv6Prefixes = [ { - #ipv6PrefixConfig.Prefix = "2a0e:97c0:4d1:1::/64"; ipv6PrefixConfig.Prefix = lib.my.colony.prefixes.vms.v6; } ]; diff --git a/nixos/boxes/colony/vms/estuary/default.nix b/nixos/boxes/colony/vms/estuary/default.nix index bed7d76..6bb258d 100644 --- a/nixos/boxes/colony/vms/estuary/default.nix +++ b/nixos/boxes/colony/vms/estuary/default.nix @@ -1,4 +1,4 @@ -{ +{ lib, ... }: { nixos.systems.estuary = { system = "x86_64-linux"; nixpkgs = "mine"; @@ -9,7 +9,7 @@ name = "estuary-vm"; altNames = [ "fw" ]; ipv4 = { - address = "188.141.14.6"; + address = "80.111.124.10"; gateway = null; }; ipv6 = { @@ -19,11 +19,10 @@ }; base = { ipv4 = { - address = "10.100.0.1"; + address = "${lib.my.colony.start.base.v4}1"; gateway = null; }; - #ipv6.address = "2a0e:97c0:4d1:0::1"; - ipv6.address = "2a0e:97c0:4d0:bbb0::1"; + ipv6.address = "${lib.my.colony.start.base.v6}1"; }; }; @@ -105,7 +104,6 @@ }; ipv6Prefixes = [ { - #ipv6PrefixConfig.Prefix = "2a0e:97c0:4d1:0::/64"; ipv6PrefixConfig.Prefix = lib.my.colony.prefixes.base.v6; } ]; diff --git a/nixos/boxes/colony/vms/shill/containers/middleman.nix b/nixos/boxes/colony/vms/shill/containers/middleman.nix index 1a015a7..f3b281d 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman.nix @@ -1,4 +1,4 @@ -{ +{ lib, ...}: { nixos.systems.middleman = { system = "x86_64-linux"; nixpkgs = "mine"; @@ -7,10 +7,10 @@ internal = { name = "middleman-ctr"; altNames = [ "http" ]; - ipv4.address = "10.100.2.2"; - ipv6 = rec { + ipv4.address = "${lib.my.colony.start.ctrs.v4}2"; + ipv6 = { iid = "::2"; - address = "2a0e:97c0:4d0:bbb2${iid}"; + address = "${lib.my.colony.start.ctrs.v6}2"; }; }; }; diff --git a/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix b/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix index 4360907..ebaa32f 100644 --- a/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix +++ b/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix @@ -1,4 +1,4 @@ -{ +{ lib, ...}: { nixos.systems.vaultwarden = { system = "x86_64-linux"; nixpkgs = "mine"; @@ -6,10 +6,10 @@ assignments = { internal = { name = "vaultwarden-ctr"; - ipv4.address = "10.100.2.3"; - ipv6 = rec { + ipv4.address = "${lib.my.colony.start.ctrs.v4}3"; + ipv6 = { iid = "::3"; - address = "2a0e:97c0:4d0:bbb2${iid}"; + address = "${lib.my.colony.start.ctrs.v6}3"; }; }; }; diff --git a/nixos/boxes/colony/vms/shill/default.nix b/nixos/boxes/colony/vms/shill/default.nix index ddb57e3..63cf955 100644 --- a/nixos/boxes/colony/vms/shill/default.nix +++ b/nixos/boxes/colony/vms/shill/default.nix @@ -1,4 +1,4 @@ -{ +{ lib, ... }: { imports = [ ./containers ]; nixos.systems.shill = { @@ -9,18 +9,18 @@ internal = { name = "shill-vm"; altNames = [ "ctr" ]; - ipv4.address = "10.100.1.2"; - ipv6 = rec { + ipv4.address = "${lib.my.colony.start.vms.v4}2"; + ipv6 = { iid = "::2"; - address = "2a0e:97c0:4d0:bbb1${iid}"; + address = "${lib.my.colony.start.vms.v6}2"; }; }; ctrs = { ipv4 = { - address = "10.100.2.1"; + address = "${lib.my.colony.start.ctrs.v4}1"; gateway = null; }; - ipv6.address = "2a0e:97c0:4d0:bbb2::1"; + ipv6.address = "${lib.my.colony.start.ctrs.v6}1"; }; };