nixos: Add initial britway

2023-12-19 14:30:27 +00:00
parent f321a039f3
commit eda0cdbe0e
51 changed files with 927 additions and 794 deletions
--- a/nixos/boxes/britway/default.nix
+++ b/nixos/boxes/britway/default.nix
@@ -0,0 +1,114 @@
+{ lib, ... }:
+let
+  inherit (lib.my) net;
+  inherit (lib.my.c.britway) prefixes domain pubV4;
+in
+{
+  nixos.systems.britway = {
+    system = "x86_64-linux";
+    nixpkgs = "mine";
+
+    assignments = {
+      vultr = {
+        inherit domain;
+        ipv4 = {
+          address = pubV4;
+          mask = 23;
+          gateway = "45.76.140.1";
+        };
+        ipv6 = {
+          iid = "::1";
+          address = "2001:19f0:7402:128b::1";
+        };
+      };
+      as211024 = {
+        ipv4 = {
+          address = net.cidr.host 5 prefixes.as211024.v4;
+          gateway = null;
+        };
+        ipv6.address = net.cidr.host ((2*65536*65536*65536) + 1) prefixes.as211024.v6;
+      };
+    };
+
+    configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }:
+      let
+        inherit (lib) mkMerge mkForce;
+        inherit (lib.my) networkdAssignment;
+      in
+      {
+        imports = [
+          "${modulesPath}/profiles/qemu-guest.nix"
+        ];
+
+        config = mkMerge [
+          {
+            boot = {
+              initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "sr_mod" ];
+              loader = {
+                systemd-boot.enable = false;
+                grub = {
+                  enable = true;
+                  device = "/dev/vda";
+                };
+              };
+            };
+
+            fileSystems = {
+              "/boot" = {
+                device = "/dev/disk/by-partuuid/c557ef12-da44-41d1-84f5-d32a711feefd";
+                fsType = "ext4";
+              };
+              "/nix" = {
+                device = "/dev/disk/by-partuuid/d42d0853-b054-4104-8afd-6d36287c7ca3";
+                fsType = "ext4";
+              };
+              "/persist" = {
+                device = "/dev/disk/by-partuuid/f14fbcf4-5242-456b-a4db-ef15d053d62e";
+                fsType = "ext4";
+                neededForBoot = true;
+              };
+            };
+
+            services = { };
+
+            systemd.network = {
+              links = {
+                "10-veth0" = {
+                  matchConfig.PermanentMACAddress = "56:00:04:ac:6e:06";
+                  linkConfig.Name = "veth0";
+                };
+              };
+
+              networks = {
+                "20-veth0" = networkdAssignment "veth0" assignments.vultr;
+                "90-l2mesh-as211024" = mkMerge [
+                  (networkdAssignment "as211024" assignments.as211024)
+                  {
+                    matchConfig.Name = "as211024";
+                    networkConfig.IPv6AcceptRA = mkForce false;
+                  }
+                ];
+              };
+            };
+
+            my = {
+              server.enable = true;
+              secrets = {
+                key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmXC9egI46Qtaiifhq2I+rv2s1yPyzTlO4BHzUb+3Su";
+                files = {
+                  "l2mesh/as211024.key" = {};
+                };
+              };
+              vpns = {
+                l2.pskFiles = {
+                  as211024 = config.age.secrets."l2mesh/as211024.key".path;
+                };
+              };
+
+              firewall = { };
+            };
+          }
+        ];
+      };
+  };
+}
--- a/nixos/boxes/colony/vms/estuary/default.nix
+++ b/nixos/boxes/colony/vms/estuary/default.nix
@@ -15,6 +15,7 @@ in
            estuary.addr = pubV4;
            river.addr = elemAt lib.my.c.home.routersPubV4 0;
            stream.addr = elemAt lib.my.c.home.routersPubV4 1;
+            britway.addr = lib.my.c.britway.pubV4;
          };
        };
      };