mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat: add static microvm networking; allow cidrv4 and cidrv6 to be

Browse source 
specified explicitly on wireguard networks to allow for
  simple access by other modules.
This commit is contained in:
oddlama 2023-05-20 00:55:48 +02:00
parent 78cdcd3c69
commit 6d8f8ab2e3
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
4 changed files with 168 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

58
hosts/ward/default.nix
View file

@ -28,7 +28,6 @@
extra.microvms = {
vms.test = {
id = 11;
host = "test.local";
system = "x86_64-linux";
autostart = true;
zfs = {
@ -39,61 +38,4 @@
};
};
};
#services.authelia.instances.main = {
# enable = true;
# settings = {
# theme = "dark";
# log = {
# level = "info";
# format = "text";
# };
# server = {
# host = "127.0.0.1";
# port = 9091;
# };
# session = {
# name = "session";
# domain = "pas.sh";
# };
# authentication_backend.ldap = {
# implementation = "custom";
# url = "ldap://127.0.0.1:3890";
# base_dn = "dc=pas,dc=sh";
# username_attribute = "uid";
# additional_users_dn = "ou=people";
# users_filter = "(&({username_attribute}={input})(objectclass=person))";
# additional_groups_dn = "ou=groups";
# groups_filter = "(member={dn})";
# group_name_attribute = "cn";
# mail_attribute = "mail";
# display_name_attribute = "uid";
# user = "uid=authelia,ou=people,dc=pas,dc=sh";
# };
# storage.local = {
# path = "/var/lib/authelia-${cfg.name}/db.sqlite3";
# };
# access_control = {
# default_policy = "deny";
# };
# notifier.smtp = rec {
# host = "smtp.fastmail.com";
# port = 587;
# username = "a@example.com";
# sender = "noreply@example.com";
# startup_check_address = sender;
# disable_html_emails = true;
# };
# identity_providers.oidc = {
# cors.allowed_origins_from_client_redirect_uris = true;
# cors.endpoints = [
# "authorization"
# "introspection"
# "revocation"
# "token"
# "userinfo"
# ];
# };
# };
#};
}

24
hosts/ward/net.nix
View file

@ -6,8 +6,8 @@
}: let
inherit (config.lib.net) ip cidr;
net.lan.ipv4cidr = "192.168.100.1/24";
net.lan.ipv6cidr = "fd00::1/64";
lanCidrv4 = "192.168.100.0/24";
lanCidrv6 = "fd00::/64";
in {
networking.hostId = nodeSecrets.networking.hostId;
@ -55,7 +55,10 @@ in {
linkConfig.RequiredForOnline = "routable";
};
"20-lan-self" = {
address = [net.lan.ipv4cidr net.lan.ipv6cidr];
address = [
(cidr.hostCidr 1 lanCidrv4)
(cidr.hostCidr 1 lanCidrv6)
];
matchConfig.Name = "lan-self";
networkConfig = {
IPForward = "yes";
@ -64,7 +67,7 @@ in {
};
# Announce a static prefix
ipv6Prefixes = [
{ipv6PrefixConfig.Prefix = cidr.canonicalize net.lan.ipv6cidr;}
{ipv6PrefixConfig.Prefix = lanCidrv6;}
];
# Delegate prefix from wan
#dhcpPrefixDelegationConfig = {
@ -76,7 +79,7 @@ in {
ipv6SendRAConfig = {
EmitDNS = true;
# TODO change to self later
#DNS = cidr.ip net.lan.ipv6cidr;
#DNS = cidr.host 1 net.lan.ipv6cidr;
DNS = ["2606:4700:4700::1111" "2001:4860:4860::8888"];
};
linkConfig.RequiredForOnline = "routable";
@ -160,14 +163,14 @@ in {
subnet4 = [
{
interface = "lan-self";
subnet = cidr.canonicalize net.lan.ipv4cidr;
subnet = lanCidrv4;
pools = [
{pool = "${cidr.host 20 net.lan.ipv4cidr} - ${cidr.host (-6) net.lan.ipv4cidr}";}
{pool = "${cidr.host 20 lanCidrv4} - ${cidr.host (-6) lanCidrv4}";}
];
option-data = [
{
name = "routers";
data = cidr.ip net.lan.ipv4cidr;
data = cidr.host 1 lanCidrv4;
}
];
}
@ -180,7 +183,10 @@ in {
extra.microvms.networking = {
baseMac = nodeSecrets.networking.interfaces.lan.mac;
host = cidr.ip net.lan.ipv4cidr;
macvtapInterface = "lan";
static = {
baseCidrv4 = lanCidrv4;
baseCidrv6 = lanCidrv6;
};
};
}