dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/colony: Initial (attempt at) switch to ColoClue

Browse Source
This commit is contained in:
Jack O'Sullivan 2022-10-06 19:03:29 +01:00
parent c267640925
commit e8d6a702e6
4 changed files with 51 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/default.nix
View File

@ -201,11 +201,11 @@ rec {
dockerNetAssignment = dockerNetAssignment =
assignments: name: with assignments."${name}".internal; "ip=${ipv4.address},ip=${ipv6.address}"; assignments: name: with assignments."${name}".internal; "ip=${ipv4.address},ip=${ipv6.address}";
colony = rec { colony = rec {
domain = "fra1.int.${pubDomain}"; domain = "ams1.int.${pubDomain}";
start = { start = {
all = { all = {
v4 = "10.100."; v4 = "10.100.";
v6 = "2a0e:97c0:4d1:1"; v6 = "2a0e:97c0:4d2:1";
}; };
base = { base = {
v4 = "${start.all.v4}0."; v4 = "${start.all.v4}0.";

63
nixos/boxes/colony/vms/default.nix
View File

@ -44,33 +44,33 @@
systemd = { systemd = {
network = { network = {
links = { links = {
"10-wan10g" = { #"10-wan10g" = {
matchConfig.Path = "pci-0000:2d:00.0"; # matchConfig.Path = "pci-0000:2d:00.0";
linkConfig.Name = "wan10g"; # linkConfig.Name = "wan10g";
}; #};
}; };
netdevs = { netdevs = {
"25-vm-wan10g" = { #"25-vm-wan10g" = {
netdevConfig = { # netdevConfig = {
Name = "vm-wan10g"; # Name = "vm-wan10g";
Kind = "macvtap"; # Kind = "macvtap";
}; # };
# TODO: Upstream this missing section # # TODO: Upstream this missing section
extraConfig = '' # extraConfig = ''
[MACVTAP] # [MACVTAP]
Mode=passthru # Mode=passthru
''; # '';
}; #};
}; };
networks = { networks = {
"75-wan10g" = { #"75-wan10g" = {
matchConfig.Name = "wan10g"; # matchConfig.Name = "wan10g";
networkConfig.MACVTAP = "vm-wan10g"; # networkConfig.MACVTAP = "vm-wan10g";
}; #};
"75-vm-wan10g" = { #"75-vm-wan10g" = {
matchConfig.Name = "vm-wan10g"; # matchConfig.Name = "vm-wan10g";
linkConfig.RequiredForOnline = "no"; # linkConfig.RequiredForOnline = "no";
}; #};
}; };
}; };
@ -98,14 +98,15 @@
}; };
memory = 3072; memory = 3072;
networks = { networks = {
wan = { # Mellanox ConnectX-2 hackery
ifname = "vm-wan10g"; #wan = {
bridge = null; # ifname = "vm-wan10g";
tapFD = 100; # bridge = null;
# Real hardware MAC # tapFD = 100;
mac = "00:02:c9:56:24:6e"; # # Real hardware MAC
waitOnline = false; # mac = "00:02:c9:56:24:6e";
}; # waitOnline = false;
#};
base = { base = {
waitOnline = "carrier"; waitOnline = "carrier";
mac = "52:54:00:15:1a:53"; mac = "52:54:00:15:1a:53";

27
nixos/boxes/colony/vms/estuary/default.nix
View File

@ -10,15 +10,15 @@
altNames = [ "fw" ]; altNames = [ "fw" ];
domain = lib.my.colony.domain; domain = lib.my.colony.domain;
ipv4 = { ipv4 = {
address = "212.83.51.97"; address = "94.142.240.44";
mask = 24; mask = 24;
gateway = "212.83.51.1"; gateway = "94.142.240.254";
genPTR = false; genPTR = false;
}; };
ipv6 = { ipv6 = {
address = "2a00:f48:103:2::10"; address = "2a02:898:0:20::329:1";
mask = 64; mask = 64;
gateway = "2a00:f48:103:2::1"; gateway = "2a02:898:0:20::1";
genPTR = false; genPTR = false;
}; };
}; };
@ -39,7 +39,7 @@
inherit (lib.my) networkdAssignment; inherit (lib.my) networkdAssignment;
in in
{ {
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./dns.nix ./bandwidth.nix ]; imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./dns.nix ];
config = mkMerge [ config = mkMerge [
{ {
@ -81,7 +81,7 @@
in in
{ {
description = "Frequent ICMP6 neighbour solicitations"; description = "Frequent ICMP6 neighbour solicitations";
enable = true; enable = false;
requires = [ waitOnline ]; requires = [ waitOnline ];
after = [ waitOnline ]; after = [ waitOnline ];
script = '' script = ''
@ -97,14 +97,15 @@
systemd.network = { systemd.network = {
links = { links = {
"10-phy1g0" = {
matchConfig.MACAddress = "d0:50:99:fa:a7:99";
linkConfig.Name = "phy1g0";
};
"10-wan" = { "10-wan" = {
matchConfig.MACAddress = "00:02:c9:56:24:6e"; matchConfig.MACAddress = "d0:50:99:fa:a7:99";
linkConfig.Name = "wan"; linkConfig.Name = "wan";
}; };
# Mellanox ConnectX-2
#"10-wan" = {
# matchConfig.MACAddress = "00:02:c9:56:24:6e";
# linkConfig.Name = "wan";
#};
"10-base" = { "10-base" = {
matchConfig.MACAddress = "52:54:00:15:1a:53"; matchConfig.MACAddress = "52:54:00:15:1a:53";
@ -126,8 +127,8 @@
]; ];
networkConfig = { networkConfig = {
# We're using an explicit gateway and Linux uses link local address for neighbour discovery, so we # We're using an explicit gateway and Linux uses link local address for neighbour discovery, so we
# get lost to the router... # get lost to the router... (this was true in 23M Frankfurt)
LinkLocalAddressing = "no"; #LinkLocalAddressing = "no";
IPv6AcceptRA = false; IPv6AcceptRA = false;
}; };
}; };

6
nixos/boxes/colony/vms/estuary/dns.nix
View File

@ -7,8 +7,8 @@ let
ptrDots = 2; ptrDots = 2;
reverseZone = "100.10.in-addr.arpa"; reverseZone = "100.10.in-addr.arpa";
ptrDots6 = 20; ptrDots6 = 20;
reverseZone6 = "1.d.4.0.0.c.7.9.e.0.a.2.ip6.arpa"; reverseZone6 = "2.d.4.0.0.c.7.9.e.0.a.2.ip6.arpa";
ptr6ValTrim = (stringLength "2a0e:97c0:4d1:") + 1; ptr6ValTrim = (stringLength "2a0e:97c0:4d2:") + 1;
authZones = attrNames config.my.pdns.auth.bind.zones; authZones = attrNames config.my.pdns.auth.bind.zones;
in in
@ -76,7 +76,7 @@ in
lua-dns-script = pkgs.writeText "pdns-script.lua" '' lua-dns-script = pkgs.writeText "pdns-script.lua" ''
function preresolve(dq) function preresolve(dq)
if dq.qname:equal("nix-cache.nul.ie") then if dq.qname:equal("nix-cache.nul.ie") then
dq:addAnswer(pdns.CNAME, "http.fra1.int.nul.ie.") dq:addAnswer(pdns.CNAME, "http.${config.networking.domain}.")
dq.rcode = 0 dq.rcode = 0
dq.followupFunction = "followCNAMERecords" dq.followupFunction = "followCNAMERecords"
return true return true