nixos/colony: Initial (attempt at) switch to ColoClue
This commit is contained in:
@@ -201,11 +201,11 @@ rec {
|
|||||||
dockerNetAssignment =
|
dockerNetAssignment =
|
||||||
assignments: name: with assignments."${name}".internal; "ip=${ipv4.address},ip=${ipv6.address}";
|
assignments: name: with assignments."${name}".internal; "ip=${ipv4.address},ip=${ipv6.address}";
|
||||||
colony = rec {
|
colony = rec {
|
||||||
domain = "fra1.int.${pubDomain}";
|
domain = "ams1.int.${pubDomain}";
|
||||||
start = {
|
start = {
|
||||||
all = {
|
all = {
|
||||||
v4 = "10.100.";
|
v4 = "10.100.";
|
||||||
v6 = "2a0e:97c0:4d1:1";
|
v6 = "2a0e:97c0:4d2:1";
|
||||||
};
|
};
|
||||||
base = {
|
base = {
|
||||||
v4 = "${start.all.v4}0.";
|
v4 = "${start.all.v4}0.";
|
||||||
|
|||||||
@@ -44,33 +44,33 @@
|
|||||||
systemd = {
|
systemd = {
|
||||||
network = {
|
network = {
|
||||||
links = {
|
links = {
|
||||||
"10-wan10g" = {
|
#"10-wan10g" = {
|
||||||
matchConfig.Path = "pci-0000:2d:00.0";
|
# matchConfig.Path = "pci-0000:2d:00.0";
|
||||||
linkConfig.Name = "wan10g";
|
# linkConfig.Name = "wan10g";
|
||||||
};
|
#};
|
||||||
};
|
};
|
||||||
netdevs = {
|
netdevs = {
|
||||||
"25-vm-wan10g" = {
|
#"25-vm-wan10g" = {
|
||||||
netdevConfig = {
|
# netdevConfig = {
|
||||||
Name = "vm-wan10g";
|
# Name = "vm-wan10g";
|
||||||
Kind = "macvtap";
|
# Kind = "macvtap";
|
||||||
};
|
# };
|
||||||
# TODO: Upstream this missing section
|
# # TODO: Upstream this missing section
|
||||||
extraConfig = ''
|
# extraConfig = ''
|
||||||
[MACVTAP]
|
# [MACVTAP]
|
||||||
Mode=passthru
|
# Mode=passthru
|
||||||
'';
|
# '';
|
||||||
};
|
#};
|
||||||
};
|
};
|
||||||
networks = {
|
networks = {
|
||||||
"75-wan10g" = {
|
#"75-wan10g" = {
|
||||||
matchConfig.Name = "wan10g";
|
# matchConfig.Name = "wan10g";
|
||||||
networkConfig.MACVTAP = "vm-wan10g";
|
# networkConfig.MACVTAP = "vm-wan10g";
|
||||||
};
|
#};
|
||||||
"75-vm-wan10g" = {
|
#"75-vm-wan10g" = {
|
||||||
matchConfig.Name = "vm-wan10g";
|
# matchConfig.Name = "vm-wan10g";
|
||||||
linkConfig.RequiredForOnline = "no";
|
# linkConfig.RequiredForOnline = "no";
|
||||||
};
|
#};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -98,14 +98,15 @@
|
|||||||
};
|
};
|
||||||
memory = 3072;
|
memory = 3072;
|
||||||
networks = {
|
networks = {
|
||||||
wan = {
|
# Mellanox ConnectX-2 hackery
|
||||||
ifname = "vm-wan10g";
|
#wan = {
|
||||||
bridge = null;
|
# ifname = "vm-wan10g";
|
||||||
tapFD = 100;
|
# bridge = null;
|
||||||
# Real hardware MAC
|
# tapFD = 100;
|
||||||
mac = "00:02:c9:56:24:6e";
|
# # Real hardware MAC
|
||||||
waitOnline = false;
|
# mac = "00:02:c9:56:24:6e";
|
||||||
};
|
# waitOnline = false;
|
||||||
|
#};
|
||||||
base = {
|
base = {
|
||||||
waitOnline = "carrier";
|
waitOnline = "carrier";
|
||||||
mac = "52:54:00:15:1a:53";
|
mac = "52:54:00:15:1a:53";
|
||||||
|
|||||||
@@ -10,15 +10,15 @@
|
|||||||
altNames = [ "fw" ];
|
altNames = [ "fw" ];
|
||||||
domain = lib.my.colony.domain;
|
domain = lib.my.colony.domain;
|
||||||
ipv4 = {
|
ipv4 = {
|
||||||
address = "212.83.51.97";
|
address = "94.142.240.44";
|
||||||
mask = 24;
|
mask = 24;
|
||||||
gateway = "212.83.51.1";
|
gateway = "94.142.240.254";
|
||||||
genPTR = false;
|
genPTR = false;
|
||||||
};
|
};
|
||||||
ipv6 = {
|
ipv6 = {
|
||||||
address = "2a00:f48:103:2::10";
|
address = "2a02:898:0:20::329:1";
|
||||||
mask = 64;
|
mask = 64;
|
||||||
gateway = "2a00:f48:103:2::1";
|
gateway = "2a02:898:0:20::1";
|
||||||
genPTR = false;
|
genPTR = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@@ -39,7 +39,7 @@
|
|||||||
inherit (lib.my) networkdAssignment;
|
inherit (lib.my) networkdAssignment;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./dns.nix ./bandwidth.nix ];
|
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./dns.nix ];
|
||||||
|
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
{
|
{
|
||||||
@@ -81,7 +81,7 @@
|
|||||||
in
|
in
|
||||||
{
|
{
|
||||||
description = "Frequent ICMP6 neighbour solicitations";
|
description = "Frequent ICMP6 neighbour solicitations";
|
||||||
enable = true;
|
enable = false;
|
||||||
requires = [ waitOnline ];
|
requires = [ waitOnline ];
|
||||||
after = [ waitOnline ];
|
after = [ waitOnline ];
|
||||||
script = ''
|
script = ''
|
||||||
@@ -97,14 +97,15 @@
|
|||||||
|
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
links = {
|
links = {
|
||||||
"10-phy1g0" = {
|
|
||||||
matchConfig.MACAddress = "d0:50:99:fa:a7:99";
|
|
||||||
linkConfig.Name = "phy1g0";
|
|
||||||
};
|
|
||||||
"10-wan" = {
|
"10-wan" = {
|
||||||
matchConfig.MACAddress = "00:02:c9:56:24:6e";
|
matchConfig.MACAddress = "d0:50:99:fa:a7:99";
|
||||||
linkConfig.Name = "wan";
|
linkConfig.Name = "wan";
|
||||||
};
|
};
|
||||||
|
# Mellanox ConnectX-2
|
||||||
|
#"10-wan" = {
|
||||||
|
# matchConfig.MACAddress = "00:02:c9:56:24:6e";
|
||||||
|
# linkConfig.Name = "wan";
|
||||||
|
#};
|
||||||
|
|
||||||
"10-base" = {
|
"10-base" = {
|
||||||
matchConfig.MACAddress = "52:54:00:15:1a:53";
|
matchConfig.MACAddress = "52:54:00:15:1a:53";
|
||||||
@@ -126,8 +127,8 @@
|
|||||||
];
|
];
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
# We're using an explicit gateway and Linux uses link local address for neighbour discovery, so we
|
# We're using an explicit gateway and Linux uses link local address for neighbour discovery, so we
|
||||||
# get lost to the router...
|
# get lost to the router... (this was true in 23M Frankfurt)
|
||||||
LinkLocalAddressing = "no";
|
#LinkLocalAddressing = "no";
|
||||||
IPv6AcceptRA = false;
|
IPv6AcceptRA = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -7,8 +7,8 @@ let
|
|||||||
ptrDots = 2;
|
ptrDots = 2;
|
||||||
reverseZone = "100.10.in-addr.arpa";
|
reverseZone = "100.10.in-addr.arpa";
|
||||||
ptrDots6 = 20;
|
ptrDots6 = 20;
|
||||||
reverseZone6 = "1.d.4.0.0.c.7.9.e.0.a.2.ip6.arpa";
|
reverseZone6 = "2.d.4.0.0.c.7.9.e.0.a.2.ip6.arpa";
|
||||||
ptr6ValTrim = (stringLength "2a0e:97c0:4d1:") + 1;
|
ptr6ValTrim = (stringLength "2a0e:97c0:4d2:") + 1;
|
||||||
|
|
||||||
authZones = attrNames config.my.pdns.auth.bind.zones;
|
authZones = attrNames config.my.pdns.auth.bind.zones;
|
||||||
in
|
in
|
||||||
@@ -76,7 +76,7 @@ in
|
|||||||
lua-dns-script = pkgs.writeText "pdns-script.lua" ''
|
lua-dns-script = pkgs.writeText "pdns-script.lua" ''
|
||||||
function preresolve(dq)
|
function preresolve(dq)
|
||||||
if dq.qname:equal("nix-cache.nul.ie") then
|
if dq.qname:equal("nix-cache.nul.ie") then
|
||||||
dq:addAnswer(pdns.CNAME, "http.fra1.int.nul.ie.")
|
dq:addAnswer(pdns.CNAME, "http.${config.networking.domain}.")
|
||||||
dq.rcode = 0
|
dq.rcode = 0
|
||||||
dq.followupFunction = "followCNAMERecords"
|
dq.followupFunction = "followCNAMERecords"
|
||||||
return true
|
return true
|
||||||
|
|||||||
Reference in New Issue
Block a user