From e8d6a702e6c270ad4ac6533a0054263cb56d145c Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Thu, 6 Oct 2022 19:03:29 +0100 Subject: [PATCH] nixos/colony: Initial (attempt at) switch to ColoClue --- lib/default.nix | 4 +- nixos/boxes/colony/vms/default.nix | 63 +++++++++++----------- nixos/boxes/colony/vms/estuary/default.nix | 27 +++++----- nixos/boxes/colony/vms/estuary/dns.nix | 6 +-- 4 files changed, 51 insertions(+), 49 deletions(-) diff --git a/lib/default.nix b/lib/default.nix index 1c42c97..65edd68 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -201,11 +201,11 @@ rec { dockerNetAssignment = assignments: name: with assignments."${name}".internal; "ip=${ipv4.address},ip=${ipv6.address}"; colony = rec { - domain = "fra1.int.${pubDomain}"; + domain = "ams1.int.${pubDomain}"; start = { all = { v4 = "10.100."; - v6 = "2a0e:97c0:4d1:1"; + v6 = "2a0e:97c0:4d2:1"; }; base = { v4 = "${start.all.v4}0."; diff --git a/nixos/boxes/colony/vms/default.nix b/nixos/boxes/colony/vms/default.nix index 46dd901..e1506b9 100644 --- a/nixos/boxes/colony/vms/default.nix +++ b/nixos/boxes/colony/vms/default.nix @@ -44,33 +44,33 @@ systemd = { network = { links = { - "10-wan10g" = { - matchConfig.Path = "pci-0000:2d:00.0"; - linkConfig.Name = "wan10g"; - }; + #"10-wan10g" = { + # matchConfig.Path = "pci-0000:2d:00.0"; + # linkConfig.Name = "wan10g"; + #}; }; netdevs = { - "25-vm-wan10g" = { - netdevConfig = { - Name = "vm-wan10g"; - Kind = "macvtap"; - }; - # TODO: Upstream this missing section - extraConfig = '' - [MACVTAP] - Mode=passthru - ''; - }; + #"25-vm-wan10g" = { + # netdevConfig = { + # Name = "vm-wan10g"; + # Kind = "macvtap"; + # }; + # # TODO: Upstream this missing section + # extraConfig = '' + # [MACVTAP] + # Mode=passthru + # ''; + #}; }; networks = { - "75-wan10g" = { - matchConfig.Name = "wan10g"; - networkConfig.MACVTAP = "vm-wan10g"; - }; - "75-vm-wan10g" = { - matchConfig.Name = "vm-wan10g"; - linkConfig.RequiredForOnline = "no"; - }; + #"75-wan10g" = { + # matchConfig.Name = "wan10g"; + # networkConfig.MACVTAP = "vm-wan10g"; + #}; + #"75-vm-wan10g" = { + # matchConfig.Name = "vm-wan10g"; + # linkConfig.RequiredForOnline = "no"; + #}; }; }; @@ -98,14 +98,15 @@ }; memory = 3072; networks = { - wan = { - ifname = "vm-wan10g"; - bridge = null; - tapFD = 100; - # Real hardware MAC - mac = "00:02:c9:56:24:6e"; - waitOnline = false; - }; + # Mellanox ConnectX-2 hackery + #wan = { + # ifname = "vm-wan10g"; + # bridge = null; + # tapFD = 100; + # # Real hardware MAC + # mac = "00:02:c9:56:24:6e"; + # waitOnline = false; + #}; base = { waitOnline = "carrier"; mac = "52:54:00:15:1a:53"; diff --git a/nixos/boxes/colony/vms/estuary/default.nix b/nixos/boxes/colony/vms/estuary/default.nix index 786db77..f0929de 100644 --- a/nixos/boxes/colony/vms/estuary/default.nix +++ b/nixos/boxes/colony/vms/estuary/default.nix @@ -10,15 +10,15 @@ altNames = [ "fw" ]; domain = lib.my.colony.domain; ipv4 = { - address = "212.83.51.97"; + address = "94.142.240.44"; mask = 24; - gateway = "212.83.51.1"; + gateway = "94.142.240.254"; genPTR = false; }; ipv6 = { - address = "2a00:f48:103:2::10"; + address = "2a02:898:0:20::329:1"; mask = 64; - gateway = "2a00:f48:103:2::1"; + gateway = "2a02:898:0:20::1"; genPTR = false; }; }; @@ -39,7 +39,7 @@ inherit (lib.my) networkdAssignment; in { - imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./dns.nix ./bandwidth.nix ]; + imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./dns.nix ]; config = mkMerge [ { @@ -81,7 +81,7 @@ in { description = "Frequent ICMP6 neighbour solicitations"; - enable = true; + enable = false; requires = [ waitOnline ]; after = [ waitOnline ]; script = '' @@ -97,14 +97,15 @@ systemd.network = { links = { - "10-phy1g0" = { - matchConfig.MACAddress = "d0:50:99:fa:a7:99"; - linkConfig.Name = "phy1g0"; - }; "10-wan" = { - matchConfig.MACAddress = "00:02:c9:56:24:6e"; + matchConfig.MACAddress = "d0:50:99:fa:a7:99"; linkConfig.Name = "wan"; }; + # Mellanox ConnectX-2 + #"10-wan" = { + # matchConfig.MACAddress = "00:02:c9:56:24:6e"; + # linkConfig.Name = "wan"; + #}; "10-base" = { matchConfig.MACAddress = "52:54:00:15:1a:53"; @@ -126,8 +127,8 @@ ]; networkConfig = { # We're using an explicit gateway and Linux uses link local address for neighbour discovery, so we - # get lost to the router... - LinkLocalAddressing = "no"; + # get lost to the router... (this was true in 23M Frankfurt) + #LinkLocalAddressing = "no"; IPv6AcceptRA = false; }; }; diff --git a/nixos/boxes/colony/vms/estuary/dns.nix b/nixos/boxes/colony/vms/estuary/dns.nix index 34c9bd8..1c51ee7 100644 --- a/nixos/boxes/colony/vms/estuary/dns.nix +++ b/nixos/boxes/colony/vms/estuary/dns.nix @@ -7,8 +7,8 @@ let ptrDots = 2; reverseZone = "100.10.in-addr.arpa"; ptrDots6 = 20; - reverseZone6 = "1.d.4.0.0.c.7.9.e.0.a.2.ip6.arpa"; - ptr6ValTrim = (stringLength "2a0e:97c0:4d1:") + 1; + reverseZone6 = "2.d.4.0.0.c.7.9.e.0.a.2.ip6.arpa"; + ptr6ValTrim = (stringLength "2a0e:97c0:4d2:") + 1; authZones = attrNames config.my.pdns.auth.bind.zones; in @@ -76,7 +76,7 @@ in lua-dns-script = pkgs.writeText "pdns-script.lua" '' function preresolve(dq) if dq.qname:equal("nix-cache.nul.ie") then - dq:addAnswer(pdns.CNAME, "http.fra1.int.nul.ie.") + dq:addAnswer(pdns.CNAME, "http.${config.networking.domain}.") dq.rcode = 0 dq.followupFunction = "followCNAMERecords" return true