dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos: Add actual IP / CIDR calculation

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-05-27 16:57:28 +01:00
parent 1fa718c20a
commit 75fc5ae163
14 changed files with 1458 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
lib/default.nix
View File

@ -8,6 +8,9 @@ let
inherit (lib.flake) defaultSystems;
in
rec {
attrsToNVList = mapAttrsToList nameValuePair;
inherit (import ./net.nix { inherit lib; }) net;
# Yoinked from nixpkgs/nixos/modules/services/networking/nat.nix
isIPv6 = ip: length (lib.splitString ":" ip) > 2;
parseIPPort = ipp:
@ -22,8 +25,6 @@ rec {
ip = checked (elemAt m 0);
ports = checked (elemAt m 1);
};
naiveIPv4Gateway = ip: "${head (elemAt (split ''([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+'' ip) 1)}.1";
attrsToNVList = mapAttrsToList nameValuePair;
mkDefaultSystemsPkgs = path: args': genAttrs defaultSystems (system: import path ((args' system) // { inherit system; }));
mkApp = program: { type = "app"; inherit program; };
@ -209,50 +210,30 @@ rec {
pubDomain = "nul.ie";
dockerNetAssignment =
assignments: name: with assignments."${name}".internal; "ip=${ipv4.address},ip=${ipv6.address}";
colony = rec {
colony = {
domain = "ams1.int.${pubDomain}";
start = {
prefixes = with net.cidr; rec {
all = {
v4 = "10.100.";
v6 = "2a0e:97c0:4d2:1";
v4 = "10.100.0.0/16";
v6 = "2a0e:97c0:4d2:10::/60";
};
base = {
v4 = "${start.all.v4}0.";
v6 = "${start.all.v6}0::";
v4 = subnet 8 0 all.v4;
v6 = subnet 4 0 all.v6;
};
vms = {
v4 = "${start.all.v4}1.";
v6 = "${start.all.v6}1::";
v4 = subnet 8 1 all.v4;
v6 = subnet 4 1 all.v6;
};
ctrs = {
v4 = "${start.all.v4}2.";
v6 = "${start.all.v6}2::";
v4 = subnet 8 2 all.v4;
v6 = subnet 4 2 all.v6;
};
oci = {
v4 = "${start.all.v4}3.";
v6 = "${start.all.v6}3::";
v4 = subnet 8 3 all.v4;
v6 = subnet 4 3 all.v6;
};
vip1 = "94.142.241.22";
};
prefixes = {
all = {
v4 = "${start.base.v4}0/16";
v6 = "${start.base.v6}/60";
};
base.v6 = "${start.base.v6}/64";
vms = {
v4 = "${start.vms.v4}0/24";
v6 = "${start.vms.v6}/64";
};
ctrs = {
v4 = "${start.ctrs.v4}0/24";
v6 = "${start.ctrs.v6}/64";
};
oci = {
v4 = "${start.oci.v4}0/24";
v6 = "${start.oci.v6}/64";
};
vip1 = "${start.vip1}4/30";
vip1 = "94.142.241.224/30";
};
fstrimConfig = {
enable = true;

1322
lib/net.nix Normal file
View File

File diff suppressed because it is too large Load Diff

23
nixos/boxes/colony/default.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: {
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
imports = [ ./vms ];
nixos.systems.colony = {
@ -9,31 +14,31 @@
assignments = {
routing = {
name = "colony-routing";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.base.v4}2";
inherit domain;
ipv4.address = net.cidr.host 2 prefixes.base.v4;
};
internal = {
altNames = [ "vm" ];
domain = lib.my.colony.domain;
inherit domain;
ipv4 = {
address = "${lib.my.colony.start.vip1}4";
address = net.cidr.host 0 prefixes.vip1;
mask = 32;
gateway = null;
genPTR = false;
};
ipv6 = {
iid = "::2";
address = "${lib.my.colony.start.base.v6}2";
address = net.cidr.host 2 prefixes.base.v6;
};
};
vms = {
name = "colony-vms";
domain = lib.my.colony.domain;
inherit domain;
ipv4 = {
address = "${lib.my.colony.start.vms.v4}1";
address = net.cidr.host 1 prefixes.vms.v4;
gateway = null;
};
ipv6.address = "${lib.my.colony.start.vms.v6}1";
ipv6.address = net.cidr.host 1 prefixes.vms.v6;
};
};

11
nixos/boxes/colony/vms/estuary/default.nix
View File

@ -1,5 +1,8 @@
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
pubV4 = "94.142.240.44";
in
{
@ -25,7 +28,7 @@ in
internal = {
name = "estuary-vm";
altNames = [ "fw" ];
domain = lib.my.colony.domain;
inherit domain;
ipv4 = {
address = pubV4;
mask = 24;
@ -41,12 +44,12 @@ in
};
base = {
name = "estuary-vm-base";
domain = lib.my.colony.domain;
inherit domain;
ipv4 = {
address = "${lib.my.colony.start.base.v4}1";
address = net.cidr.host 1 prefixes.base.v4;
gateway = null;
};
ipv6.address = "${lib.my.colony.start.base.v6}1";
ipv6.address = net.cidr.host 1 prefixes.base.v6;
};
as211024 = {
ipv4 = {

13
nixos/boxes/colony/vms/shill/containers/chatterbox.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: {
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.chatterbox = {
system = "x86_64-linux";
nixpkgs = "mine";
@ -6,11 +11,11 @@
assignments = {
internal = {
name = "chatterbox-ctr";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}5";
inherit domain;
ipv4.address = net.cidr.host 5 prefixes.ctrs.v4;
ipv6 = {
iid = "::5";
address = "${lib.my.colony.start.ctrs.v6}5";
address = net.cidr.host 5 prefixes.ctrs.v6;
};
};
};

13
nixos/boxes/colony/vms/shill/containers/colony-psql.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: {
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.colony-psql = {
system = "x86_64-linux";
nixpkgs = "mine";
@ -7,11 +12,11 @@
internal = {
name = "colony-psql-ctr";
altNames = [ "colony-psql" ];
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}4";
inherit domain;
ipv4.address = net.cidr.host 4 prefixes.ctrs.v4;
ipv6 = {
iid = "::4";
address = "${lib.my.colony.start.ctrs.v6}4";
address = net.cidr.host 4 prefixes.ctrs.v6;
};
};
};

13
nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: {
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.jackflix = {
system = "x86_64-linux";
nixpkgs = "mine";
@ -6,11 +11,11 @@
assignments = {
internal = {
name = "jackflix-ctr";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}6";
inherit domain;
ipv4.address = net.cidr.host 6 prefixes.ctrs.v4;
ipv6 = {
iid = "::6";
address = "${lib.my.colony.start.ctrs.v6}6";
address = net.cidr.host 6 prefixes.ctrs.v6;
};
};
};

13
nixos/boxes/colony/vms/shill/containers/middleman/default.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: {
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.middleman = {
system = "x86_64-linux";
nixpkgs = "mine";
@ -6,11 +11,11 @@
assignments = {
internal = {
name = "middleman-ctr";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}2";
inherit domain;
ipv4.address = net.cidr.host 2 prefixes.ctrs.v4;
ipv6 = {
iid = "::2";
address = "${lib.my.colony.start.ctrs.v6}2";
address = net.cidr.host 2 prefixes.ctrs.v6;
};
};
};

13
nixos/boxes/colony/vms/shill/containers/object.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: {
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.object = {
system = "x86_64-linux";
nixpkgs = "mine";
@ -6,11 +11,11 @@
assignments = {
internal = {
name = "object-ctr";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}7";
inherit domain;
ipv4.address = net.cidr.host 7 prefixes.ctrs.v4;
ipv6 = {
iid = "::7";
address = "${lib.my.colony.start.ctrs.v6}7";
address = net.cidr.host 7 prefixes.ctrs.v6;
};
};
};

13
nixos/boxes/colony/vms/shill/containers/toot.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: {
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.toot = {
system = "x86_64-linux";
nixpkgs = "mine";
@ -6,11 +11,11 @@
assignments = {
internal = {
name = "toot-ctr";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}8";
inherit domain;
ipv4.address = net.cidr.host 8 prefixes.ctrs.v4;
ipv6 = {
iid = "::8";
address = "${lib.my.colony.start.ctrs.v6}8";
address = net.cidr.host 8 prefixes.ctrs.v6;
};
};
};

13
nixos/boxes/colony/vms/shill/containers/vaultwarden.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: {
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.vaultwarden = {
system = "x86_64-linux";
nixpkgs = "mine";
@ -6,11 +11,11 @@
assignments = {
internal = {
name = "vaultwarden-ctr";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}3";
inherit domain;
ipv4.address = net.cidr.host 3 prefixes.ctrs.v4;
ipv6 = {
iid = "::3";
address = "${lib.my.colony.start.ctrs.v6}3";
address = net.cidr.host 3 prefixes.ctrs.v6;
};
};
};

23
nixos/boxes/colony/vms/shill/default.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: {
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
imports = [ ./containers ];
nixos.systems.shill = {
@ -8,32 +13,32 @@
assignments = {
routing = {
name = "shill-vm-routing";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.vms.v4}2";
inherit domain;
ipv4.address = net.cidr.host 2 prefixes.vms.v4;
};
internal = {
name = "shill-vm";
altNames = [ "ctr" ];
domain = lib.my.colony.domain;
inherit domain;
ipv4 = {
address = "${lib.my.colony.start.vip1}5";
address = net.cidr.host 1 prefixes.vip1;
mask = 32;
gateway = null;
genPTR = false;
};
ipv6 = {
iid = "::2";
address = "${lib.my.colony.start.vms.v6}2";
address = net.cidr.host 2 prefixes.vms.v6;
};
};
ctrs = {
name = "shill-vm-ctrs";
domain = lib.my.colony.domain;
inherit domain;
ipv4 = {
address = "${lib.my.colony.start.ctrs.v4}1";
address = net.cidr.host 1 prefixes.ctrs.v4;
gateway = null;
};
ipv6.address = "${lib.my.colony.start.ctrs.v6}1";
ipv6.address = net.cidr.host 1 prefixes.ctrs.v6;
};
};

33
nixos/boxes/colony/vms/whale2/default.nix
View File

@ -1,7 +1,8 @@
{ lib, ... }:
let
inherit (builtins) mapAttrs;
inherit (lib) mkForce;
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.whale2 = {
@ -11,41 +12,41 @@ in
assignments = {
routing = {
name = "whale-vm-routing";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.vms.v4}3";
inherit domain;
ipv4.address = net.cidr.host 3 prefixes.vms.v4;
};
internal = {
name = "whale-vm";
altNames = [ "oci" ];
domain = lib.my.colony.domain;
inherit domain;
ipv4 = {
address = "${lib.my.colony.start.vip1}6";
address = net.cidr.host 2 prefixes.vip1;
mask = 32;
gateway = null;
genPTR = false;
};
ipv6 = {
iid = "::3";
address = "${lib.my.colony.start.vms.v6}3";
address = net.cidr.host 3 prefixes.vms.v6;
};
};
oci = {
name = "whale-vm-oci";
domain = lib.my.colony.domain;
inherit domain;
ipv4 = {
address = "${lib.my.colony.start.oci.v4}1";
address = net.cidr.host 1 prefixes.oci.v4;
gateway = null;
};
ipv6.address = "${lib.my.colony.start.oci.v6}1";
ipv6.address = net.cidr.host 1 prefixes.oci.v6;
};
};
extraAssignments = mapAttrs (n: i: {
internal = {
name = n;
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.oci.v4}${toString i}";
ipv6.address = "${lib.my.colony.start.oci.v6}${toString i}";
inherit domain;
ipv4.address = net.cidr.host i prefixes.oci.v4;
ipv6.address = net.cidr.host i prefixes.oci.v6;
};
}) {
valheim-oci = 2;
@ -130,14 +131,14 @@ in
ranges = [
[
{
subnet = lib.my.colony.prefixes.oci.v4;
gateway = lib.my.colony.start.oci.v4 + "1";
subnet = prefixes.oci.v4;
gateway = net.cidr.host 1 prefixes.oci.v4;
}
]
[
{
subnet = lib.my.colony.prefixes.oci.v6;
gateway = lib.my.colony.start.oci.v6 + "1";
subnet = prefixes.oci.v6;
gateway = net.cidr.host 1 prefixes.oci.v6;
}
]
];

9
nixos/default.nix
View File

@ -4,7 +4,7 @@ let
inherit (lib)
substring flatten optional optionals mkIf mkDefault mkForce mkOption mkOptionType foldAttrs mapAttrsToList;
inherit (lib.my)
naiveIPv4Gateway homeStateVersion mkOpt' mkBoolOpt' mkDefault' commonOpts inlineModule' applyAssertions duplicates;
homeStateVersion mkOpt' mkBoolOpt' mkDefault' commonOpts inlineModule' applyAssertions duplicates net;
cfg = config.nixos;
@ -101,13 +101,14 @@ let
visible = mkBoolOpt' true "Whether or not this assignment should be visible.";
domain = mkOpt' (nullOr str) null "Domain for this assignment.";
ipv4 = {
address = mkOpt' str null "IPv4 address.";
address = mkOpt' net.types.ipv4 null "IPv4 address.";
mask = mkOpt' ints.u8 24 "Network mask.";
gateway = mkOpt' (nullOr str) (naiveIPv4Gateway config.ipv4.address) "IPv4 gateway.";
gateway =
mkOpt' (nullOr str) (net.cidr.host 1 "${config.ipv4.address}/${toString config.ipv4.mask}") "IPv4 gateway.";
genPTR = mkBoolOpt' true "Whether to generate a PTR record.";
};
ipv6 = {
address = mkOpt' (nullOr str) null "IPv6 address.";
address = mkOpt' (nullOr net.types.ipv6) null "IPv6 address.";
mask = mkOpt' ints.u8 64 "Network mask.";
iid = mkOpt' (nullOr str) null "SLAAC static address.";
gateway = mkOpt' (nullOr str) null "IPv6 gateway.";