nixos/estuary: Make public IP be internal assignment

2022-05-29 15:48:26 +01:00
parent baed6f24f6
commit 62c00b8b22
5 changed files with 28 additions and 25 deletions
--- a/nixos/boxes/colony/default.nix
+++ b/nixos/boxes/colony/default.nix
@@ -103,7 +103,7 @@
                    IPv6SendRA = true;
                  };
                  ipv6SendRAConfig = {
-                    DNS = [ allAssignments.estuary.internal.ipv6.address ];
+                    DNS = [ allAssignments.estuary.base.ipv6.address ];
                    Domains = [ config.networking.domain ];
                  };
                  ipv6Prefixes = [
--- a/nixos/boxes/colony/vms/estuary/default.nix
+++ b/nixos/boxes/colony/vms/estuary/default.nix
@@ -4,15 +4,27 @@
    nixpkgs = "mine";
    home-manager = "mine";

-    assignments.internal = {
-      name = "estuary-vm";
-      altNames = [ "fw" ];
-      ipv4 = {
-        address = "10.100.0.1";
-        gateway = null;
+    assignments = {
+      internal = {
+        name = "estuary-vm";
+        altNames = [ "fw" ];
+        ipv4 = {
+          address = "188.141.14.6";
+          gateway = null;
+        };
+        ipv6 = {
+          address = "2a0e:97c0:4d0:bbbf::1";
+          gateway = "fe80::215:17ff:fe4b:494a";
+        };
+      };
+      base = {
+        ipv4 = {
+          address = "10.100.0.1";
+          gateway = null;
+        };
+        #ipv6.address = "2a0e:97c0:4d1:0::1";
+        ipv6.address = "2a0e:97c0:4d0:bbb0::1";
      };
-      #ipv6.address = "2a0e:97c0:4d1:0::1";
-      ipv6.address = "2a0e:97c0:4d0:bbb0::1";
    };

    configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }:
@@ -71,15 +83,15 @@
                    UseHostname = false;
                  };
                  address = [
-                    "2a0e:97c0:4d0:bbbf::1/64"
+                    (with assignments.internal.ipv6; "${address}/${toString mask}")
                  ];
                  gateway = [
-                    "fe80::215:17ff:fe4b:494a"
+                    assignments.internal.ipv6.gateway
                  ];
                  networkConfig.IPv6AcceptRA = false;
                };
                "80-base" = mkMerge [
-                  (networkdAssignment "base" assignments.internal)
+                  (networkdAssignment "base" assignments.base)
                  {
                    dns = [ "127.0.0.1" "::1" ];
                    domains = [ config.networking.domain ];
@@ -88,7 +100,7 @@
                      IPv6SendRA = true;
                    };
                    ipv6SendRAConfig = {
-                      DNS = [ assignments.internal.ipv6.address ];
+                      DNS = [ assignments.base.ipv6.address ];
                      Domains = [ config.networking.domain ];
                    };
                    ipv6Prefixes = [
--- a/nixos/boxes/colony/vms/estuary/dns.nix
+++ b/nixos/boxes/colony/vms/estuary/dns.nix
@@ -17,7 +17,7 @@ in
      dns = {
        address = [
          "127.0.0.1" "::1"
-          assignments.internal.ipv4.address assignments.internal.ipv6.address
+          assignments.base.ipv4.address assignments.base.ipv6.address
        ];
        allowFrom = [
          "127.0.0.0/8" "::1/128"
@@ -85,8 +85,7 @@ in
              )

            @ IN NS ns
-            ns IN A 188.141.14.6
-            ns IN AAAA 2a0e:97c0:4d0:bbbf::1
+            ns IN ALIAS ${config.networking.fqdn}.

            @ IN ALIAS ${config.networking.fqdn}.

--- a/nixos/boxes/colony/vms/shill/default.nix
+++ b/nixos/boxes/colony/vms/shill/default.nix
@@ -75,7 +75,7 @@
                      IPv6SendRA = true;
                    };
                    ipv6SendRAConfig = {
-                      DNS = [ allAssignments.estuary.internal.ipv6.address ];
+                      DNS = [ allAssignments.estuary.base.ipv6.address ];
                      Domains = [ config.networking.domain ];
                    };
                    ipv6Prefixes = [