dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos: Add extra VIPs from ColoClue

Browse Source
This commit is contained in:
Jack O'Sullivan 2022-11-21 01:21:50 +00:00
parent 48566d2ef9
commit f9ed1d49a2
8 changed files with 94 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/default.nix
View File

@ -109,7 +109,7 @@ rec {
matchConfig.Name = iface; matchConfig.Name = iface;
address = address =
[ "${a.ipv4.address}/${toString a.ipv4.mask}" ] ++ [ "${a.ipv4.address}/${toString a.ipv4.mask}" ] ++
(optional (a.ipv6.iid == null) "${a.ipv6.address}/${toString a.ipv6.mask}"); (optional (a.ipv6.address != null && a.ipv6.iid == null) "${a.ipv6.address}/${toString a.ipv6.mask}");
gateway = gateway =
(optional (a.ipv4.gateway != null) a.ipv4.gateway) ++ (optional (a.ipv4.gateway != null) a.ipv4.gateway) ++
(optional (a.ipv6.gateway != null) a.ipv6.gateway); (optional (a.ipv6.gateway != null) a.ipv6.gateway);
@ -223,6 +223,7 @@ rec {
v4 = "${start.all.v4}3."; v4 = "${start.all.v4}3.";
v6 = "${start.all.v6}3::"; v6 = "${start.all.v6}3::";
}; };
vip1 = "94.142.241.22";
}; };
prefixes = { prefixes = {
all = { all = {
@ -242,6 +243,7 @@ rec {
v4 = "${start.oci.v4}0/24"; v4 = "${start.oci.v4}0/24";
v6 = "${start.oci.v6}/64"; v6 = "${start.oci.v6}/64";
}; };
vip1 = "${start.vip1}4/30";
}; };
}; };
sshKeyFiles = { sshKeyFiles = {

33
nixos/boxes/colony/default.nix
View File

@ -7,10 +7,20 @@
home-manager = "mine-stable"; home-manager = "mine-stable";
assignments = { assignments = {
routing = {
name = "colony-routing";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.base.v4}2";
};
internal = { internal = {
altNames = [ "vm" ]; altNames = [ "vm" ];
domain = lib.my.colony.domain; domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.base.v4}2"; ipv4 = {
address = "${lib.my.colony.start.vip1}4";
mask = 32;
gateway = null;
genPTR = false;
};
ipv6 = { ipv6 = {
iid = "::2"; iid = "::2";
address = "${lib.my.colony.start.base.v6}2"; address = "${lib.my.colony.start.base.v6}2";
@ -145,7 +155,10 @@
}; };
networks = { networks = {
"80-base" = networkdAssignment "base" assignments.internal; "80-base" = mkMerge [
(networkdAssignment "base" assignments.routing)
(networkdAssignment "base" assignments.internal)
];
"80-base-dummy" = { "80-base-dummy" = {
matchConfig.Name = "base0"; matchConfig.Name = "base0";
networkConfig.Bridge = "base"; networkConfig.Bridge = "base";
@ -173,21 +186,29 @@
]; ];
routes = map (r: { routeConfig = r; }) [ routes = map (r: { routeConfig = r; }) [
{ {
Gateway = allAssignments.shill.internal.ipv4.address;
Destination = lib.my.colony.prefixes.ctrs.v4; Destination = lib.my.colony.prefixes.ctrs.v4;
Gateway = allAssignments.shill.routing.ipv4.address;
} }
{ {
Gateway = allAssignments.shill.internal.ipv6.address;
Destination = lib.my.colony.prefixes.ctrs.v6; Destination = lib.my.colony.prefixes.ctrs.v6;
Gateway = allAssignments.shill.internal.ipv6.address;
}
{
Destination = allAssignments.shill.internal.ipv4.address;
Gateway = allAssignments.shill.routing.ipv4.address;
} }
{ {
Gateway = allAssignments.whale2.internal.ipv4.address;
Destination = lib.my.colony.prefixes.oci.v4; Destination = lib.my.colony.prefixes.oci.v4;
Gateway = allAssignments.whale2.routing.ipv4.address;
} }
{ {
Gateway = allAssignments.whale2.internal.ipv6.address;
Destination = lib.my.colony.prefixes.oci.v6; Destination = lib.my.colony.prefixes.oci.v6;
Gateway = allAssignments.whale2.internal.ipv6.address;
}
{
Destination = allAssignments.whale2.internal.ipv4.address;
Gateway = allAssignments.whale2.routing.ipv4.address;
} }
]; ];
} }

28
nixos/boxes/colony/vms/estuary/bgp.nix
View File

@ -13,8 +13,12 @@ in
# TODO: Clean up and modularise # TODO: Clean up and modularise
config = '' config = ''
define OWNAS = 211024; define OWNAS = 211024;
define CCVIP1 = ${lib.my.colony.prefixes.vip1};
define OWNIP4 = ${assignments.internal.ipv4.address}; define OWNIP4 = ${assignments.internal.ipv4.address};
define OWNNETSET4 = [ ${assignments.internal.ipv4.address}/32 ]; define OWNNETSET4 = [ ${assignments.internal.ipv4.address}/32 ];
define CCNETSET4 = [ ${lib.my.colony.prefixes.vip1} ];
define INTNET6 = ${intnet6}; define INTNET6 = ${intnet6};
define AMSNET6 = ${amsnet6}; define AMSNET6 = ${amsnet6};
@ -29,15 +33,14 @@ in
define PREFIXP = 110; define PREFIXP = 110;
define PREFPEER = 120; define PREFPEER = 120;
#function should_export6() {
# return net ~ OWNNETSET6 || (transit && net ~ TRANSSET6);
#}
filter bgp_import { filter bgp_import {
if net !~ OWNNETSET6 then accept; else reject; if net !~ OWNNETSET4 && net !~ OWNNETSET6 then accept; else reject;
} }
filter bgp_export { filter bgp_export {
if net ~ OWNNETSET6 then accept; else reject; if net ~ OWNNETSET4 || net ~ OWNNETSET6 then accept; else reject;
}
filter bgp_export_cc {
if net ~ OWNNETSET4 || net ~ OWNNETSET6 || net ~ CCNETSET4 then accept; else reject;
} }
router id from "wan"; router id from "wan";
@ -48,11 +51,20 @@ in
ipv4; ipv4;
ipv6; ipv6;
} }
protocol static { protocol static static4 {
route CCVIP1 via "base";
ipv4 {
import all;
export none;
};
}
protocol static static6 {
# Special case: We have to do the routing on behalf of this _internal_ next-hop # Special case: We have to do the routing on behalf of this _internal_ next-hop
route INTNET6 via "as211024"; route INTNET6 via "as211024";
route AMSNET6 via "base"; route AMSNET6 via "base";
route HOMENET6 via DUB1IP6; route HOMENET6 via DUB1IP6;
ipv6 { ipv6 {
import all; import all;
export none; export none;
@ -161,10 +173,12 @@ in
protocol bgp upstream4_coloclue_eun2 from upstream_bgp4 { protocol bgp upstream4_coloclue_eun2 from upstream_bgp4 {
description "ColoClue euNetworks 2 (IPv4)"; description "ColoClue euNetworks 2 (IPv4)";
neighbor 94.142.240.253 as 8283; neighbor 94.142.240.253 as 8283;
ipv4 { export filter bgp_export_cc; };
} }
protocol bgp upstream4_coloclue_eun3 from upstream_bgp4 { protocol bgp upstream4_coloclue_eun3 from upstream_bgp4 {
description "ColoClue euNetworks 3 (IPv4)"; description "ColoClue euNetworks 3 (IPv4)";
neighbor 94.142.240.252 as 8283; neighbor 94.142.240.252 as 8283;
ipv4 { export filter bgp_export_cc; };
} }
protocol bgp upstream6_coloclue_eun2 from upstream_bgp6 { protocol bgp upstream6_coloclue_eun2 from upstream_bgp6 {

11
nixos/boxes/colony/vms/estuary/default.nix
View File

@ -282,15 +282,20 @@ in
} }
]; ];
routes = map (r: { routeConfig = r; }) (flatten routes = map (r: { routeConfig = r; }) (flatten
([ ] ++ ([
{
Destination = lib.my.colony.prefixes.vip1;
Gateway = allAssignments.colony.routing.ipv4.address;
}
] ++
(map (pName: [ (map (pName: [
{ {
Gateway = allAssignments.colony.internal.ipv4.address; Gateway = allAssignments.colony.routing.ipv4.address;
Destination = lib.my.colony.prefixes."${pName}".v4; Destination = lib.my.colony.prefixes."${pName}".v4;
} }
{ {
Gateway = allAssignments.colony.internal.ipv6.address;
Destination = lib.my.colony.prefixes."${pName}".v6; Destination = lib.my.colony.prefixes."${pName}".v6;
Gateway = allAssignments.colony.internal.ipv6.address;
} }
]) [ "vms" "ctrs" "oci" ]))); ]) [ "vms" "ctrs" "oci" ])));
} }

6
nixos/boxes/colony/vms/estuary/dns.nix
View File

@ -143,11 +143,11 @@ in
allAssignments))) allAssignments)))
assignments))); assignments)));
genFor = [ "internal" "base" "vms" "ctrs" ]; genFor = [ "internal" "base" "vms" "ctrs" "routing" ];
intRecords = intRecords =
genRecords genFor (a: '' genRecords genFor (a: ''
${a.name} IN A ${a.ipv4.address} ${a.name} IN A ${a.ipv4.address}
${a.name} IN AAAA ${a.ipv6.address} ${optionalString (a.ipv6.address != null) "${a.name} IN AAAA ${a.ipv6.address}"}
${concatMapStringsSep "\n" (alt: "${alt} IN CNAME ${a.name}") a.altNames} ${concatMapStringsSep "\n" (alt: "${alt} IN CNAME ${a.name}") a.altNames}
''); '');
intPtrRecords = intPtrRecords =
@ -162,7 +162,7 @@ in
genFor genFor
(a: (a:
optionalString optionalString
a.ipv4.genPTR (a.ipv6.address != null && a.ipv6.genPTR)
''@@PTR:${a.ipv6.address}:${toString ptrDots6}@@ IN PTR ${a.name}.${config.networking.domain}.''); ''@@PTR:${a.ipv6.address}:${toString ptrDots6}@@ IN PTR ${a.name}.${config.networking.domain}.'');
wildcardPtrDef = ''IN LUA PTR "createReverse('ip-%3%-%4%.${config.networking.domain}')"''; wildcardPtrDef = ''IN LUA PTR "createReverse('ip-%3%-%4%.${config.networking.domain}')"'';

17
nixos/boxes/colony/vms/shill/default.nix
View File

@ -6,11 +6,21 @@
nixpkgs = "mine"; nixpkgs = "mine";
assignments = { assignments = {
routing = {
name = "shill-vm-routing";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.vms.v4}2";
};
internal = { internal = {
name = "shill-vm"; name = "shill-vm";
altNames = [ "ctr" ]; altNames = [ "ctr" ];
domain = lib.my.colony.domain; domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.vms.v4}2"; ipv4 = {
address = "${lib.my.colony.start.vip1}5";
mask = 32;
gateway = null;
genPTR = false;
};
ipv6 = { ipv6 = {
iid = "::2"; iid = "::2";
address = "${lib.my.colony.start.vms.v6}2"; address = "${lib.my.colony.start.vms.v6}2";
@ -99,7 +109,10 @@
}; };
networks = { networks = {
"80-vms" = networkdAssignment "vms" assignments.internal; "80-vms" = mkMerge [
(networkdAssignment "vms" assignments.routing)
(networkdAssignment "vms" assignments.internal)
];
"80-ctrs" = mkMerge [ "80-ctrs" = mkMerge [
(networkdAssignment "ctrs" assignments.ctrs) (networkdAssignment "ctrs" assignments.ctrs)
{ {

17
nixos/boxes/colony/vms/whale2/default.nix
View File

@ -8,11 +8,21 @@ in
nixpkgs = "mine"; nixpkgs = "mine";
assignments = { assignments = {
routing = {
name = "whale-vm-routing";
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.vms.v4}3";
};
internal = { internal = {
name = "whale-vm"; name = "whale-vm";
altNames = [ "oci" ]; altNames = [ "oci" ];
domain = lib.my.colony.domain; domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.vms.v4}3"; ipv4 = {
address = "${lib.my.colony.start.vip1}6";
mask = 32;
gateway = null;
genPTR = false;
};
ipv6 = { ipv6 = {
iid = "::3"; iid = "::3";
address = "${lib.my.colony.start.vms.v6}3"; address = "${lib.my.colony.start.vms.v6}3";
@ -144,7 +154,10 @@ in
}; };
networks = { networks = {
"80-vms" = networkdAssignment "vms" assignments.internal; "80-vms" = mkMerge [
(networkdAssignment "vms" assignments.routing)
(networkdAssignment "vms" assignments.internal)
];
}; };
}; };

4
nixos/default.nix
View File

@ -107,7 +107,7 @@ let
genPTR = mkBoolOpt' true "Whether to generate a PTR record."; genPTR = mkBoolOpt' true "Whether to generate a PTR record.";
}; };
ipv6 = { ipv6 = {
address = mkOpt' str null "IPv6 address."; address = mkOpt' (nullOr str) null "IPv6 address.";
mask = mkOpt' ints.u8 64 "Network mask."; mask = mkOpt' ints.u8 64 "Network mask.";
iid = mkOpt' (nullOr str) null "SLAAC static address."; iid = mkOpt' (nullOr str) null "SLAAC static address.";
gateway = mkOpt' (nullOr str) null "IPv6 gateway."; gateway = mkOpt' (nullOr str) null "IPv6 gateway.";
@ -193,7 +193,7 @@ in
(map (map
(as: (as:
map map
(a: [ a.ipv4.address a.ipv6.address ]) (a: [ a.ipv4.address ] ++ (optional (a.ipv6.address != null) a.ipv6.address) )
(attrValues as)) (attrValues as))
(attrValues allAssignments)); (attrValues allAssignments));
dupIPs = duplicates assignedIPs; dupIPs = duplicates assignedIPs;