nixos: Add extra VIPs from ColoClue
This commit is contained in:
@@ -7,10 +7,20 @@
|
||||
home-manager = "mine-stable";
|
||||
|
||||
assignments = {
|
||||
routing = {
|
||||
name = "colony-routing";
|
||||
domain = lib.my.colony.domain;
|
||||
ipv4.address = "${lib.my.colony.start.base.v4}2";
|
||||
};
|
||||
internal = {
|
||||
altNames = [ "vm" ];
|
||||
domain = lib.my.colony.domain;
|
||||
ipv4.address = "${lib.my.colony.start.base.v4}2";
|
||||
ipv4 = {
|
||||
address = "${lib.my.colony.start.vip1}4";
|
||||
mask = 32;
|
||||
gateway = null;
|
||||
genPTR = false;
|
||||
};
|
||||
ipv6 = {
|
||||
iid = "::2";
|
||||
address = "${lib.my.colony.start.base.v6}2";
|
||||
@@ -145,7 +155,10 @@
|
||||
};
|
||||
|
||||
networks = {
|
||||
"80-base" = networkdAssignment "base" assignments.internal;
|
||||
"80-base" = mkMerge [
|
||||
(networkdAssignment "base" assignments.routing)
|
||||
(networkdAssignment "base" assignments.internal)
|
||||
];
|
||||
"80-base-dummy" = {
|
||||
matchConfig.Name = "base0";
|
||||
networkConfig.Bridge = "base";
|
||||
@@ -173,21 +186,29 @@
|
||||
];
|
||||
routes = map (r: { routeConfig = r; }) [
|
||||
{
|
||||
Gateway = allAssignments.shill.internal.ipv4.address;
|
||||
Destination = lib.my.colony.prefixes.ctrs.v4;
|
||||
Gateway = allAssignments.shill.routing.ipv4.address;
|
||||
}
|
||||
{
|
||||
Gateway = allAssignments.shill.internal.ipv6.address;
|
||||
Destination = lib.my.colony.prefixes.ctrs.v6;
|
||||
Gateway = allAssignments.shill.internal.ipv6.address;
|
||||
}
|
||||
{
|
||||
Destination = allAssignments.shill.internal.ipv4.address;
|
||||
Gateway = allAssignments.shill.routing.ipv4.address;
|
||||
}
|
||||
|
||||
{
|
||||
Gateway = allAssignments.whale2.internal.ipv4.address;
|
||||
Destination = lib.my.colony.prefixes.oci.v4;
|
||||
Gateway = allAssignments.whale2.routing.ipv4.address;
|
||||
}
|
||||
{
|
||||
Gateway = allAssignments.whale2.internal.ipv6.address;
|
||||
Destination = lib.my.colony.prefixes.oci.v6;
|
||||
Gateway = allAssignments.whale2.internal.ipv6.address;
|
||||
}
|
||||
{
|
||||
Destination = allAssignments.whale2.internal.ipv4.address;
|
||||
Gateway = allAssignments.whale2.routing.ipv4.address;
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
@@ -13,8 +13,12 @@ in
|
||||
# TODO: Clean up and modularise
|
||||
config = ''
|
||||
define OWNAS = 211024;
|
||||
|
||||
define CCVIP1 = ${lib.my.colony.prefixes.vip1};
|
||||
|
||||
define OWNIP4 = ${assignments.internal.ipv4.address};
|
||||
define OWNNETSET4 = [ ${assignments.internal.ipv4.address}/32 ];
|
||||
define CCNETSET4 = [ ${lib.my.colony.prefixes.vip1} ];
|
||||
|
||||
define INTNET6 = ${intnet6};
|
||||
define AMSNET6 = ${amsnet6};
|
||||
@@ -29,15 +33,14 @@ in
|
||||
define PREFIXP = 110;
|
||||
define PREFPEER = 120;
|
||||
|
||||
#function should_export6() {
|
||||
# return net ~ OWNNETSET6 || (transit && net ~ TRANSSET6);
|
||||
#}
|
||||
|
||||
filter bgp_import {
|
||||
if net !~ OWNNETSET6 then accept; else reject;
|
||||
if net !~ OWNNETSET4 && net !~ OWNNETSET6 then accept; else reject;
|
||||
}
|
||||
filter bgp_export {
|
||||
if net ~ OWNNETSET6 then accept; else reject;
|
||||
if net ~ OWNNETSET4 || net ~ OWNNETSET6 then accept; else reject;
|
||||
}
|
||||
filter bgp_export_cc {
|
||||
if net ~ OWNNETSET4 || net ~ OWNNETSET6 || net ~ CCNETSET4 then accept; else reject;
|
||||
}
|
||||
|
||||
router id from "wan";
|
||||
@@ -48,11 +51,20 @@ in
|
||||
ipv4;
|
||||
ipv6;
|
||||
}
|
||||
protocol static {
|
||||
protocol static static4 {
|
||||
route CCVIP1 via "base";
|
||||
|
||||
ipv4 {
|
||||
import all;
|
||||
export none;
|
||||
};
|
||||
}
|
||||
protocol static static6 {
|
||||
# Special case: We have to do the routing on behalf of this _internal_ next-hop
|
||||
route INTNET6 via "as211024";
|
||||
route AMSNET6 via "base";
|
||||
route HOMENET6 via DUB1IP6;
|
||||
|
||||
ipv6 {
|
||||
import all;
|
||||
export none;
|
||||
@@ -161,10 +173,12 @@ in
|
||||
protocol bgp upstream4_coloclue_eun2 from upstream_bgp4 {
|
||||
description "ColoClue euNetworks 2 (IPv4)";
|
||||
neighbor 94.142.240.253 as 8283;
|
||||
ipv4 { export filter bgp_export_cc; };
|
||||
}
|
||||
protocol bgp upstream4_coloclue_eun3 from upstream_bgp4 {
|
||||
description "ColoClue euNetworks 3 (IPv4)";
|
||||
neighbor 94.142.240.252 as 8283;
|
||||
ipv4 { export filter bgp_export_cc; };
|
||||
}
|
||||
|
||||
protocol bgp upstream6_coloclue_eun2 from upstream_bgp6 {
|
||||
|
||||
@@ -282,15 +282,20 @@ in
|
||||
}
|
||||
];
|
||||
routes = map (r: { routeConfig = r; }) (flatten
|
||||
([ ] ++
|
||||
([
|
||||
{
|
||||
Destination = lib.my.colony.prefixes.vip1;
|
||||
Gateway = allAssignments.colony.routing.ipv4.address;
|
||||
}
|
||||
] ++
|
||||
(map (pName: [
|
||||
{
|
||||
Gateway = allAssignments.colony.internal.ipv4.address;
|
||||
Gateway = allAssignments.colony.routing.ipv4.address;
|
||||
Destination = lib.my.colony.prefixes."${pName}".v4;
|
||||
}
|
||||
{
|
||||
Gateway = allAssignments.colony.internal.ipv6.address;
|
||||
Destination = lib.my.colony.prefixes."${pName}".v6;
|
||||
Gateway = allAssignments.colony.internal.ipv6.address;
|
||||
}
|
||||
]) [ "vms" "ctrs" "oci" ])));
|
||||
}
|
||||
|
||||
@@ -143,11 +143,11 @@ in
|
||||
allAssignments)))
|
||||
assignments)));
|
||||
|
||||
genFor = [ "internal" "base" "vms" "ctrs" ];
|
||||
genFor = [ "internal" "base" "vms" "ctrs" "routing" ];
|
||||
intRecords =
|
||||
genRecords genFor (a: ''
|
||||
${a.name} IN A ${a.ipv4.address}
|
||||
${a.name} IN AAAA ${a.ipv6.address}
|
||||
${optionalString (a.ipv6.address != null) "${a.name} IN AAAA ${a.ipv6.address}"}
|
||||
${concatMapStringsSep "\n" (alt: "${alt} IN CNAME ${a.name}") a.altNames}
|
||||
'');
|
||||
intPtrRecords =
|
||||
@@ -162,7 +162,7 @@ in
|
||||
genFor
|
||||
(a:
|
||||
optionalString
|
||||
a.ipv4.genPTR
|
||||
(a.ipv6.address != null && a.ipv6.genPTR)
|
||||
''@@PTR:${a.ipv6.address}:${toString ptrDots6}@@ IN PTR ${a.name}.${config.networking.domain}.'');
|
||||
|
||||
wildcardPtrDef = ''IN LUA PTR "createReverse('ip-%3%-%4%.${config.networking.domain}')"'';
|
||||
|
||||
@@ -6,11 +6,21 @@
|
||||
nixpkgs = "mine";
|
||||
|
||||
assignments = {
|
||||
routing = {
|
||||
name = "shill-vm-routing";
|
||||
domain = lib.my.colony.domain;
|
||||
ipv4.address = "${lib.my.colony.start.vms.v4}2";
|
||||
};
|
||||
internal = {
|
||||
name = "shill-vm";
|
||||
altNames = [ "ctr" ];
|
||||
domain = lib.my.colony.domain;
|
||||
ipv4.address = "${lib.my.colony.start.vms.v4}2";
|
||||
ipv4 = {
|
||||
address = "${lib.my.colony.start.vip1}5";
|
||||
mask = 32;
|
||||
gateway = null;
|
||||
genPTR = false;
|
||||
};
|
||||
ipv6 = {
|
||||
iid = "::2";
|
||||
address = "${lib.my.colony.start.vms.v6}2";
|
||||
@@ -99,7 +109,10 @@
|
||||
};
|
||||
|
||||
networks = {
|
||||
"80-vms" = networkdAssignment "vms" assignments.internal;
|
||||
"80-vms" = mkMerge [
|
||||
(networkdAssignment "vms" assignments.routing)
|
||||
(networkdAssignment "vms" assignments.internal)
|
||||
];
|
||||
"80-ctrs" = mkMerge [
|
||||
(networkdAssignment "ctrs" assignments.ctrs)
|
||||
{
|
||||
|
||||
@@ -8,11 +8,21 @@ in
|
||||
nixpkgs = "mine";
|
||||
|
||||
assignments = {
|
||||
routing = {
|
||||
name = "whale-vm-routing";
|
||||
domain = lib.my.colony.domain;
|
||||
ipv4.address = "${lib.my.colony.start.vms.v4}3";
|
||||
};
|
||||
internal = {
|
||||
name = "whale-vm";
|
||||
altNames = [ "oci" ];
|
||||
domain = lib.my.colony.domain;
|
||||
ipv4.address = "${lib.my.colony.start.vms.v4}3";
|
||||
ipv4 = {
|
||||
address = "${lib.my.colony.start.vip1}6";
|
||||
mask = 32;
|
||||
gateway = null;
|
||||
genPTR = false;
|
||||
};
|
||||
ipv6 = {
|
||||
iid = "::3";
|
||||
address = "${lib.my.colony.start.vms.v6}3";
|
||||
@@ -144,7 +154,10 @@ in
|
||||
};
|
||||
|
||||
networks = {
|
||||
"80-vms" = networkdAssignment "vms" assignments.internal;
|
||||
"80-vms" = mkMerge [
|
||||
(networkdAssignment "vms" assignments.routing)
|
||||
(networkdAssignment "vms" assignments.internal)
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user