dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos: Add actual IP / CIDR calculation

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-05-27 16:57:28 +01:00
parent 1fa718c20a
commit 75fc5ae163
14 changed files with 1458 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
lib/default.nix
View File

@ -8,6 +8,9 @@ let
inherit (lib.flake) defaultSystems; inherit (lib.flake) defaultSystems;
in in
rec { rec {
attrsToNVList = mapAttrsToList nameValuePair;
inherit (import ./net.nix { inherit lib; }) net;
# Yoinked from nixpkgs/nixos/modules/services/networking/nat.nix # Yoinked from nixpkgs/nixos/modules/services/networking/nat.nix
isIPv6 = ip: length (lib.splitString ":" ip) > 2; isIPv6 = ip: length (lib.splitString ":" ip) > 2;
parseIPPort = ipp: parseIPPort = ipp:
@ -22,8 +25,6 @@ rec {
ip = checked (elemAt m 0); ip = checked (elemAt m 0);
ports = checked (elemAt m 1); ports = checked (elemAt m 1);
}; };
naiveIPv4Gateway = ip: "${head (elemAt (split ''([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+'' ip) 1)}.1";
attrsToNVList = mapAttrsToList nameValuePair;
mkDefaultSystemsPkgs = path: args': genAttrs defaultSystems (system: import path ((args' system) // { inherit system; })); mkDefaultSystemsPkgs = path: args': genAttrs defaultSystems (system: import path ((args' system) // { inherit system; }));
mkApp = program: { type = "app"; inherit program; }; mkApp = program: { type = "app"; inherit program; };
@ -209,50 +210,30 @@ rec {
pubDomain = "nul.ie"; pubDomain = "nul.ie";
dockerNetAssignment = dockerNetAssignment =
assignments: name: with assignments."${name}".internal; "ip=${ipv4.address},ip=${ipv6.address}"; assignments: name: with assignments."${name}".internal; "ip=${ipv4.address},ip=${ipv6.address}";
colony = rec { colony = {
domain = "ams1.int.${pubDomain}"; domain = "ams1.int.${pubDomain}";
start = { prefixes = with net.cidr; rec {
all = { all = {
v4 = "10.100."; v4 = "10.100.0.0/16";
v6 = "2a0e:97c0:4d2:1"; v6 = "2a0e:97c0:4d2:10::/60";
}; };
base = { base = {
v4 = "${start.all.v4}0."; v4 = subnet 8 0 all.v4;
v6 = "${start.all.v6}0::"; v6 = subnet 4 0 all.v6;
}; };
vms = { vms = {
v4 = "${start.all.v4}1."; v4 = subnet 8 1 all.v4;
v6 = "${start.all.v6}1::"; v6 = subnet 4 1 all.v6;
}; };
ctrs = { ctrs = {
v4 = "${start.all.v4}2."; v4 = subnet 8 2 all.v4;
v6 = "${start.all.v6}2::"; v6 = subnet 4 2 all.v6;
}; };
oci = { oci = {
v4 = "${start.all.v4}3."; v4 = subnet 8 3 all.v4;
v6 = "${start.all.v6}3::"; v6 = subnet 4 3 all.v6;
}; };
vip1 = "94.142.241.22"; vip1 = "94.142.241.224/30";
};
prefixes = {
all = {
v4 = "${start.base.v4}0/16";
v6 = "${start.base.v6}/60";
};
base.v6 = "${start.base.v6}/64";
vms = {
v4 = "${start.vms.v4}0/24";
v6 = "${start.vms.v6}/64";
};
ctrs = {
v4 = "${start.ctrs.v4}0/24";
v6 = "${start.ctrs.v6}/64";
};
oci = {
v4 = "${start.oci.v4}0/24";
v6 = "${start.oci.v6}/64";
};
vip1 = "${start.vip1}4/30";
}; };
fstrimConfig = { fstrimConfig = {
enable = true; enable = true;

1322
lib/net.nix Normal file
View File

File diff suppressed because it is too large Load Diff

23
nixos/boxes/colony/default.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: { { lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
imports = [ ./vms ]; imports = [ ./vms ];
nixos.systems.colony = { nixos.systems.colony = {
@ -9,31 +14,31 @@
assignments = { assignments = {
routing = { routing = {
name = "colony-routing"; name = "colony-routing";
domain = lib.my.colony.domain; inherit domain;
ipv4.address = "${lib.my.colony.start.base.v4}2"; ipv4.address = net.cidr.host 2 prefixes.base.v4;
}; };
internal = { internal = {
altNames = [ "vm" ]; altNames = [ "vm" ];
domain = lib.my.colony.domain; inherit domain;
ipv4 = { ipv4 = {
address = "${lib.my.colony.start.vip1}4"; address = net.cidr.host 0 prefixes.vip1;
mask = 32; mask = 32;
gateway = null; gateway = null;
genPTR = false; genPTR = false;
}; };
ipv6 = { ipv6 = {
iid = "::2"; iid = "::2";
address = "${lib.my.colony.start.base.v6}2"; address = net.cidr.host 2 prefixes.base.v6;
}; };
}; };
vms = { vms = {
name = "colony-vms"; name = "colony-vms";
domain = lib.my.colony.domain; inherit domain;
ipv4 = { ipv4 = {
address = "${lib.my.colony.start.vms.v4}1"; address = net.cidr.host 1 prefixes.vms.v4;
gateway = null; gateway = null;
}; };
ipv6.address = "${lib.my.colony.start.vms.v6}1"; ipv6.address = net.cidr.host 1 prefixes.vms.v6;
}; };
}; };

11
nixos/boxes/colony/vms/estuary/default.nix
View File

@ -1,5 +1,8 @@
{ lib, ... }: { lib, ... }:
let let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
pubV4 = "94.142.240.44"; pubV4 = "94.142.240.44";
in in
{ {
@ -25,7 +28,7 @@ in
internal = { internal = {
name = "estuary-vm"; name = "estuary-vm";
altNames = [ "fw" ]; altNames = [ "fw" ];
domain = lib.my.colony.domain; inherit domain;
ipv4 = { ipv4 = {
address = pubV4; address = pubV4;
mask = 24; mask = 24;
@ -41,12 +44,12 @@ in
}; };
base = { base = {
name = "estuary-vm-base"; name = "estuary-vm-base";
domain = lib.my.colony.domain; inherit domain;
ipv4 = { ipv4 = {
address = "${lib.my.colony.start.base.v4}1"; address = net.cidr.host 1 prefixes.base.v4;
gateway = null; gateway = null;
}; };
ipv6.address = "${lib.my.colony.start.base.v6}1"; ipv6.address = net.cidr.host 1 prefixes.base.v6;
}; };
as211024 = { as211024 = {
ipv4 = { ipv4 = {

13
nixos/boxes/colony/vms/shill/containers/chatterbox.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: { { lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.chatterbox = { nixos.systems.chatterbox = {
system = "x86_64-linux"; system = "x86_64-linux";
nixpkgs = "mine"; nixpkgs = "mine";
@ -6,11 +11,11 @@
assignments = { assignments = {
internal = { internal = {
name = "chatterbox-ctr"; name = "chatterbox-ctr";
domain = lib.my.colony.domain; inherit domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}5"; ipv4.address = net.cidr.host 5 prefixes.ctrs.v4;
ipv6 = { ipv6 = {
iid = "::5"; iid = "::5";
address = "${lib.my.colony.start.ctrs.v6}5"; address = net.cidr.host 5 prefixes.ctrs.v6;
}; };
}; };
}; };

13
nixos/boxes/colony/vms/shill/containers/colony-psql.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: { { lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.colony-psql = { nixos.systems.colony-psql = {
system = "x86_64-linux"; system = "x86_64-linux";
nixpkgs = "mine"; nixpkgs = "mine";
@ -7,11 +12,11 @@
internal = { internal = {
name = "colony-psql-ctr"; name = "colony-psql-ctr";
altNames = [ "colony-psql" ]; altNames = [ "colony-psql" ];
domain = lib.my.colony.domain; inherit domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}4"; ipv4.address = net.cidr.host 4 prefixes.ctrs.v4;
ipv6 = { ipv6 = {
iid = "::4"; iid = "::4";
address = "${lib.my.colony.start.ctrs.v6}4"; address = net.cidr.host 4 prefixes.ctrs.v6;
}; };
}; };
}; };

13
nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: { { lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.jackflix = { nixos.systems.jackflix = {
system = "x86_64-linux"; system = "x86_64-linux";
nixpkgs = "mine"; nixpkgs = "mine";
@ -6,11 +11,11 @@
assignments = { assignments = {
internal = { internal = {
name = "jackflix-ctr"; name = "jackflix-ctr";
domain = lib.my.colony.domain; inherit domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}6"; ipv4.address = net.cidr.host 6 prefixes.ctrs.v4;
ipv6 = { ipv6 = {
iid = "::6"; iid = "::6";
address = "${lib.my.colony.start.ctrs.v6}6"; address = net.cidr.host 6 prefixes.ctrs.v6;
}; };
}; };
}; };

13
nixos/boxes/colony/vms/shill/containers/middleman/default.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: { { lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.middleman = { nixos.systems.middleman = {
system = "x86_64-linux"; system = "x86_64-linux";
nixpkgs = "mine"; nixpkgs = "mine";
@ -6,11 +11,11 @@
assignments = { assignments = {
internal = { internal = {
name = "middleman-ctr"; name = "middleman-ctr";
domain = lib.my.colony.domain; inherit domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}2"; ipv4.address = net.cidr.host 2 prefixes.ctrs.v4;
ipv6 = { ipv6 = {
iid = "::2"; iid = "::2";
address = "${lib.my.colony.start.ctrs.v6}2"; address = net.cidr.host 2 prefixes.ctrs.v6;
}; };
}; };
}; };

13
nixos/boxes/colony/vms/shill/containers/object.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: { { lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.object = { nixos.systems.object = {
system = "x86_64-linux"; system = "x86_64-linux";
nixpkgs = "mine"; nixpkgs = "mine";
@ -6,11 +11,11 @@
assignments = { assignments = {
internal = { internal = {
name = "object-ctr"; name = "object-ctr";
domain = lib.my.colony.domain; inherit domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}7"; ipv4.address = net.cidr.host 7 prefixes.ctrs.v4;
ipv6 = { ipv6 = {
iid = "::7"; iid = "::7";
address = "${lib.my.colony.start.ctrs.v6}7"; address = net.cidr.host 7 prefixes.ctrs.v6;
}; };
}; };
}; };

13
nixos/boxes/colony/vms/shill/containers/toot.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: { { lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.toot = { nixos.systems.toot = {
system = "x86_64-linux"; system = "x86_64-linux";
nixpkgs = "mine"; nixpkgs = "mine";
@ -6,11 +11,11 @@
assignments = { assignments = {
internal = { internal = {
name = "toot-ctr"; name = "toot-ctr";
domain = lib.my.colony.domain; inherit domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}8"; ipv4.address = net.cidr.host 8 prefixes.ctrs.v4;
ipv6 = { ipv6 = {
iid = "::8"; iid = "::8";
address = "${lib.my.colony.start.ctrs.v6}8"; address = net.cidr.host 8 prefixes.ctrs.v6;
}; };
}; };
}; };

13
nixos/boxes/colony/vms/shill/containers/vaultwarden.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: { { lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
nixos.systems.vaultwarden = { nixos.systems.vaultwarden = {
system = "x86_64-linux"; system = "x86_64-linux";
nixpkgs = "mine"; nixpkgs = "mine";
@ -6,11 +11,11 @@
assignments = { assignments = {
internal = { internal = {
name = "vaultwarden-ctr"; name = "vaultwarden-ctr";
domain = lib.my.colony.domain; inherit domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}3"; ipv4.address = net.cidr.host 3 prefixes.ctrs.v4;
ipv6 = { ipv6 = {
iid = "::3"; iid = "::3";
address = "${lib.my.colony.start.ctrs.v6}3"; address = net.cidr.host 3 prefixes.ctrs.v6;
}; };
}; };
}; };

23
nixos/boxes/colony/vms/shill/default.nix
View File

@ -1,4 +1,9 @@
{ lib, ... }: { { lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in
{
imports = [ ./containers ]; imports = [ ./containers ];
nixos.systems.shill = { nixos.systems.shill = {
@ -8,32 +13,32 @@
assignments = { assignments = {
routing = { routing = {
name = "shill-vm-routing"; name = "shill-vm-routing";
domain = lib.my.colony.domain; inherit domain;
ipv4.address = "${lib.my.colony.start.vms.v4}2"; ipv4.address = net.cidr.host 2 prefixes.vms.v4;
}; };
internal = { internal = {
name = "shill-vm"; name = "shill-vm";
altNames = [ "ctr" ]; altNames = [ "ctr" ];
domain = lib.my.colony.domain; inherit domain;
ipv4 = { ipv4 = {
address = "${lib.my.colony.start.vip1}5"; address = net.cidr.host 1 prefixes.vip1;
mask = 32; mask = 32;
gateway = null; gateway = null;
genPTR = false; genPTR = false;
}; };
ipv6 = { ipv6 = {
iid = "::2"; iid = "::2";
address = "${lib.my.colony.start.vms.v6}2"; address = net.cidr.host 2 prefixes.vms.v6;
}; };
}; };
ctrs = { ctrs = {
name = "shill-vm-ctrs"; name = "shill-vm-ctrs";
domain = lib.my.colony.domain; inherit domain;
ipv4 = { ipv4 = {
address = "${lib.my.colony.start.ctrs.v4}1"; address = net.cidr.host 1 prefixes.ctrs.v4;
gateway = null; gateway = null;
}; };
ipv6.address = "${lib.my.colony.start.ctrs.v6}1"; ipv6.address = net.cidr.host 1 prefixes.ctrs.v6;
}; };
}; };

33
nixos/boxes/colony/vms/whale2/default.nix
View File

@ -1,7 +1,8 @@
{ lib, ... }: { lib, ... }:
let let
inherit (builtins) mapAttrs; inherit (builtins) mapAttrs;
inherit (lib) mkForce; inherit (lib.my) net;
inherit (lib.my.colony) domain prefixes;
in in
{ {
nixos.systems.whale2 = { nixos.systems.whale2 = {
@ -11,41 +12,41 @@ in
assignments = { assignments = {
routing = { routing = {
name = "whale-vm-routing"; name = "whale-vm-routing";
domain = lib.my.colony.domain; inherit domain;
ipv4.address = "${lib.my.colony.start.vms.v4}3"; ipv4.address = net.cidr.host 3 prefixes.vms.v4;
}; };
internal = { internal = {
name = "whale-vm"; name = "whale-vm";
altNames = [ "oci" ]; altNames = [ "oci" ];
domain = lib.my.colony.domain; inherit domain;
ipv4 = { ipv4 = {
address = "${lib.my.colony.start.vip1}6"; address = net.cidr.host 2 prefixes.vip1;
mask = 32; mask = 32;
gateway = null; gateway = null;
genPTR = false; genPTR = false;
}; };
ipv6 = { ipv6 = {
iid = "::3"; iid = "::3";
address = "${lib.my.colony.start.vms.v6}3"; address = net.cidr.host 3 prefixes.vms.v6;
}; };
}; };
oci = { oci = {
name = "whale-vm-oci"; name = "whale-vm-oci";
domain = lib.my.colony.domain; inherit domain;
ipv4 = { ipv4 = {
address = "${lib.my.colony.start.oci.v4}1"; address = net.cidr.host 1 prefixes.oci.v4;
gateway = null; gateway = null;
}; };
ipv6.address = "${lib.my.colony.start.oci.v6}1"; ipv6.address = net.cidr.host 1 prefixes.oci.v6;
}; };
}; };
extraAssignments = mapAttrs (n: i: { extraAssignments = mapAttrs (n: i: {
internal = { internal = {
name = n; name = n;
domain = lib.my.colony.domain; inherit domain;
ipv4.address = "${lib.my.colony.start.oci.v4}${toString i}"; ipv4.address = net.cidr.host i prefixes.oci.v4;
ipv6.address = "${lib.my.colony.start.oci.v6}${toString i}"; ipv6.address = net.cidr.host i prefixes.oci.v6;
}; };
}) { }) {
valheim-oci = 2; valheim-oci = 2;
@ -130,14 +131,14 @@ in
ranges = [ ranges = [
[ [
{ {
subnet = lib.my.colony.prefixes.oci.v4; subnet = prefixes.oci.v4;
gateway = lib.my.colony.start.oci.v4 + "1"; gateway = net.cidr.host 1 prefixes.oci.v4;
} }
] ]
[ [
{ {
subnet = lib.my.colony.prefixes.oci.v6; subnet = prefixes.oci.v6;
gateway = lib.my.colony.start.oci.v6 + "1"; gateway = net.cidr.host 1 prefixes.oci.v6;
} }
] ]
]; ];

9
nixos/default.nix
View File

@ -4,7 +4,7 @@ let
inherit (lib) inherit (lib)
substring flatten optional optionals mkIf mkDefault mkForce mkOption mkOptionType foldAttrs mapAttrsToList; substring flatten optional optionals mkIf mkDefault mkForce mkOption mkOptionType foldAttrs mapAttrsToList;
inherit (lib.my) inherit (lib.my)
naiveIPv4Gateway homeStateVersion mkOpt' mkBoolOpt' mkDefault' commonOpts inlineModule' applyAssertions duplicates; homeStateVersion mkOpt' mkBoolOpt' mkDefault' commonOpts inlineModule' applyAssertions duplicates net;
cfg = config.nixos; cfg = config.nixos;
@ -101,13 +101,14 @@ let
visible = mkBoolOpt' true "Whether or not this assignment should be visible."; visible = mkBoolOpt' true "Whether or not this assignment should be visible.";
domain = mkOpt' (nullOr str) null "Domain for this assignment."; domain = mkOpt' (nullOr str) null "Domain for this assignment.";
ipv4 = { ipv4 = {
address = mkOpt' str null "IPv4 address."; address = mkOpt' net.types.ipv4 null "IPv4 address.";
mask = mkOpt' ints.u8 24 "Network mask."; mask = mkOpt' ints.u8 24 "Network mask.";
gateway = mkOpt' (nullOr str) (naiveIPv4Gateway config.ipv4.address) "IPv4 gateway."; gateway =
mkOpt' (nullOr str) (net.cidr.host 1 "${config.ipv4.address}/${toString config.ipv4.mask}") "IPv4 gateway.";
genPTR = mkBoolOpt' true "Whether to generate a PTR record."; genPTR = mkBoolOpt' true "Whether to generate a PTR record.";
}; };
ipv6 = { ipv6 = {
address = mkOpt' (nullOr str) null "IPv6 address."; address = mkOpt' (nullOr net.types.ipv6) null "IPv6 address.";
mask = mkOpt' ints.u8 64 "Network mask."; mask = mkOpt' ints.u8 64 "Network mask.";
iid = mkOpt' (nullOr str) null "SLAAC static address."; iid = mkOpt' (nullOr str) null "SLAAC static address.";
gateway = mkOpt' (nullOr str) null "IPv6 gateway."; gateway = mkOpt' (nullOr str) null "IPv6 gateway.";