1
0
Fork 0
mirror of https://github.com/mdlayher/homelab.git synced 2024-12-14 11:47:32 +00:00

nixos/routnerr-2: cleanup nix variables

This commit is contained in:
Matt Layher 2020-04-28 08:51:24 -04:00
parent ddafa50943
commit c0d51e5482
6 changed files with 61 additions and 71 deletions

View file

@ -39,7 +39,7 @@ in {
# Use the GRUB 2 boot loader with MBR.
boot = {
kernel = {
sysctl = {
sysctl = with vars.interfaces.wan0; {
# Forward on all interfaces.
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
@ -50,9 +50,9 @@ in {
"net.ipv6.conf.all.use_tempaddr" = 0;
# On WAN, allow IPv6 autoconfiguration and tempory address use.
"net.ipv6.conf.${vars.interfaces.wan0.name}.accept_ra" = 2;
"net.ipv6.conf.${vars.interfaces.wan0.name}.autoconf" = 1;
"net.ipv6.conf.${vars.interfaces.wan0.name}.use_tempaddr" = 1;
"net.ipv6.conf.${name}.accept_ra" = 2;
"net.ipv6.conf.${name}.autoconf" = 1;
"net.ipv6.conf.${name}.use_tempaddr" = 1;
};
};
# Use GRUB in MBR mode.
@ -93,8 +93,7 @@ in {
# Google Home and Chromecast.
avahi = {
enable = true;
interfaces =
[ "${vars.interfaces.lan0.name}" "${vars.interfaces.iot0.name}" ];
interfaces = with vars.interfaces; [ "${lan0.name}" "${iot0.name}" ];
ipv4 = true;
ipv6 = true;
reflector = true;

View file

@ -1,22 +1,17 @@
{ lib, ... }:
let
vars = import ./vars.nix;
domain = vars.domain;
lan0 = vars.interfaces.lan0;
wg0 = vars.interfaces.wg0;
let vars = import ./vars.nix;
in {
systemd.services.coredns = {
systemd.services.coredns = with vars.interfaces.wg0; {
# Delay CoreDNS startup until after WireGuard tunnel device is created.
requires = [ "wireguard-${wg0.name}.service" ];
after = [ "wireguard-${wg0.name}.service" ];
requires = [ "wireguard-${name}.service" ];
after = [ "wireguard-${name}.service" ];
};
services.coredns = {
enable = true;
config = ''
config = with vars; ''
# Root zone.
. {
cache 3600 {
@ -45,10 +40,10 @@ in {
${host.ipv6.ula} ${host.name}.ipv6.${domain}
'' else
""}
'') (vars.hosts.servers ++ vars.hosts.infra ++ [{
'') (hosts.servers ++ hosts.infra ++ [{
name = "routnerr-2";
ipv4 = lan0.ipv4;
ipv6.ula = lan0.ipv6.ula;
ipv4 = interfaces.lan0.ipv4;
ipv6.ula = interfaces.lan0.ipv6.ula;
}])
}
}

View file

@ -3,11 +3,6 @@
let
vars = import ./vars.nix;
guest0 = vars.interfaces.guest0;
iot0 = vars.interfaces.iot0;
lab0 = vars.interfaces.lab0;
lan0 = vars.interfaces.lan0;
# Produces a compatible object for the dhcpd4 machines array.
mkHost = (host: {
hostName = host.name;
@ -17,37 +12,47 @@ let
in {
services.dhcpd4 = {
interfaces =
[ "${lan0.name}" "${guest0.name}" "${iot0.name}" "${lab0.name}" ];
interfaces = with vars.interfaces; [
"${lan0.name}"
"${guest0.name}"
"${iot0.name}"
"${lab0.name}"
];
enable = true;
machines = lib.forEach (vars.hosts.infra ++ vars.hosts.servers) mkHost;
machines = with vars.hosts; lib.forEach (infra ++ servers) mkHost;
extraConfig = ''
ddns-update-style none;
default-lease-time 86400;
max-lease-time 86400;
${lib.concatMapStrings (ifi:
${with vars.interfaces;
lib.concatMapStrings (ifi:
# Since dhcpd4 doesn't speak CIDR notation, trim off the final octet of
# the router's address for our "/24" prefix.
let pfx = lib.removeSuffix ".1" ifi.ipv4;
let
pfx = lib.removeSuffix ".1" ipv4;
ipv4 = ifi.ipv4;
in ''
subnet ${pfx}.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address ${pfx}.255;
option routers ${ifi.ipv4};
option domain-name-servers ${ifi.ipv4};
option routers ${ipv4};
option domain-name-servers ${ipv4};
range ${pfx}.20 ${pfx}.240;
allow booting;
next-server ${ifi.ipv4};
next-server ${ipv4};
option bootfile-name "netboot.xyz.kpxe";
${
# Configure additional options for the primary internal LAN.
if ifi.internal_domain then ''
option domain-search "${vars.domain}";
option domain-name "${vars.domain}";
let
domain = vars.domain;
# Configure additional options for the primary internal LAN.
in if ifi.internal_domain then ''
option domain-search "${domain}";
option domain-name "${domain}";
'' else
""
}

View file

@ -1,16 +1,15 @@
{ lib, ... }:
let
vars = import ./vars.nix;
let vars = import ./vars.nix;
guest0 = vars.interfaces.guest0;
iot0 = vars.interfaces.iot0;
lab0 = vars.interfaces.lab0;
lan0 = vars.interfaces.lan0;
in {
services.dhcpd6 = {
interfaces =
[ "${lan0.name}" "${guest0.name}" "${iot0.name}" "${lab0.name}" ];
interfaces = with vars.interfaces; [
"${lan0.name}"
"${guest0.name}"
"${iot0.name}"
"${lab0.name}"
];
enable = true;
extraConfig = ''
ddns-update-style none;
@ -22,19 +21,22 @@ in {
option dhcp6.rapid-commit;
${lib.concatMapStrings (ifi:
${with vars.interfaces;
lib.concatMapStrings (ifi:
# Router ULA addresses have a ::1 suffix, so trim the 1 from the
# router's address for our /64 prefix.
let pfx = lib.removeSuffix "1" ifi.ipv6.ula;
let
pfx = lib.removeSuffix "1" ifi.ipv6.ula;
ipv6 = ifi.ipv6.ula;
in ''
subnet6 ${pfx}/64 {
range6 ${pfx}ffff:1000 ${pfx}ffff:ffff;
range6 ${pfx} temporary;
option dhcp6.name-servers ${ifi.ipv6.ula};
option dhcp6.name-servers ${ipv6};
# TODO: find a working IPv6 TFTP implementation and enable.
# option dhcp6.bootfile-url "tftp://[${ifi.ipv6.ula}]/netboot.xyz.kpxe";
# option dhcp6.bootfile-url "tftp://[${ipv6}]/netboot.xyz.kpxe";
${
# Configure additional options for the primary internal LAN.

View file

@ -3,13 +3,6 @@
let
vars = import ./vars.nix;
guest0 = vars.interfaces.guest0;
iot0 = vars.interfaces.iot0;
lab0 = vars.interfaces.lab0;
lan0 = vars.interfaces.lan0;
wan0 = vars.interfaces.wan0;
wg0 = vars.interfaces.wg0;
# Produces the configuration for a LAN interface.
mkInterface = (ifi: {
ipv4.addresses = [{
@ -33,14 +26,14 @@ in {
# LAN interface.
networking = {
hostName = "routnerr-2";
nameservers = [ "${vars.localhost.ipv4}" "${vars.localhost.ipv6}" ];
nameservers = with vars.localhost; [ "${ipv4}" "${ipv6}" ];
dhcpcd = {
enable = true;
# Do not remove interface configuration on shutdown.
persistent = true;
allowInterfaces = [ "${wan0.name}" ];
extraConfig = ''
allowInterfaces = [ "${vars.interfaces.wan0.name}" ];
extraConfig = with vars.interfaces; ''
noipv6rs
interface ${wan0.name}
ipv6rs
@ -55,14 +48,14 @@ in {
'';
};
interfaces = {
interfaces = with vars.interfaces; {
${lan0.name} = mkInterface lan0;
${lab0.name} = mkInterface lab0;
${guest0.name} = mkInterface guest0;
${iot0.name} = mkInterface iot0;
};
vlans = {
vlans = with vars.interfaces; {
${lab0.name} = {
id = 2;
interface = "${lan0.name}";
@ -77,25 +70,21 @@ in {
};
};
wireguard = {
wireguard = with vars.interfaces.wg0; {
enable = true;
interfaces = {
${wg0.name} = {
${name} = {
listenPort = 51820;
ips = [
"${wg0.ipv4}/24"
"${wg0.ipv6.gua}/64"
"${wg0.ipv6.ula}/64"
"${wg0.ipv6.lla}/64"
];
privateKeyFile = "/var/lib/wireguard/wg0.key";
ips =
[ "${ipv4}/24" "${ipv6.gua}/64" "${ipv6.ula}/64" "${ipv6.lla}/64" ];
privateKeyFile = "/var/lib/wireguard/${name}.key";
peers = [
# mdlayher-fastly
{
publicKey = "VWRsPtbdGtcNyaQ+cFAZfZnYL05uj+XINQS6yQY5gQ8=";
allowedIPs = [
"192.168.20.0/24"
"2600:6c4a:787f:d120::/64"
"2600:6c4a:7880:3220::/64"
"fd9e:1a04:f01d:20::/64"
"fe80::10/128"
];

View file

@ -109,7 +109,7 @@ in {
ipv4 = "192.168.20.1";
ipv6 = {
# TODO try to get prefix delegation ordering working.
gua = "2600:6c4a:7880:3202::1";
gua = "2600:6c4a:7880:3220::1";
lla = "fe80::";
ula = "fd9e:1a04:f01d:20::1";
};