mirrors/mdlayher-homelab
1
0
Fork 0
mirror of https://github.com/mdlayher/homelab.git synced 2024-12-14 11:47:32 +00:00
Code Activity

nixos/routnerr-2: cleanup nix variables

Browse source
This commit is contained in:
Matt Layher 2020-04-28 08:51:24 -04:00
parent ddafa50943
commit c0d51e5482
6 changed files with 61 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
nixos/routnerr-2/configuration.nix
View file

@ -39,7 +39,7 @@ in {
# Use the GRUB 2 boot loader with MBR. # Use the GRUB 2 boot loader with MBR.
boot = { boot = {
kernel = { kernel = {
sysctl = { sysctl = with vars.interfaces.wan0; {
# Forward on all interfaces. # Forward on all interfaces.
"net.ipv4.conf.all.forwarding" = true; "net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true; "net.ipv6.conf.all.forwarding" = true;
@ -50,9 +50,9 @@ in {
"net.ipv6.conf.all.use_tempaddr" = 0; "net.ipv6.conf.all.use_tempaddr" = 0;
# On WAN, allow IPv6 autoconfiguration and tempory address use. # On WAN, allow IPv6 autoconfiguration and tempory address use.
"net.ipv6.conf.${vars.interfaces.wan0.name}.accept_ra" = 2; "net.ipv6.conf.${name}.accept_ra" = 2;
"net.ipv6.conf.${vars.interfaces.wan0.name}.autoconf" = 1; "net.ipv6.conf.${name}.autoconf" = 1;
"net.ipv6.conf.${vars.interfaces.wan0.name}.use_tempaddr" = 1; "net.ipv6.conf.${name}.use_tempaddr" = 1;
}; };
}; };
# Use GRUB in MBR mode. # Use GRUB in MBR mode.
@ -93,8 +93,7 @@ in {
# Google Home and Chromecast. # Google Home and Chromecast.
avahi = { avahi = {
enable = true; enable = true;
interfaces = interfaces = with vars.interfaces; [ "${lan0.name}" "${iot0.name}" ];
[ "${vars.interfaces.lan0.name}" "${vars.interfaces.iot0.name}" ];
ipv4 = true; ipv4 = true;
ipv6 = true; ipv6 = true;
reflector = true; reflector = true;

21
nixos/routnerr-2/coredns.nix
View file

@ -1,22 +1,17 @@
{ lib, ... }: { lib, ... }:
let let vars = import ./vars.nix;
vars = import ./vars.nix;
domain = vars.domain;
lan0 = vars.interfaces.lan0;
wg0 = vars.interfaces.wg0;
in { in {
systemd.services.coredns = { systemd.services.coredns = with vars.interfaces.wg0; {
# Delay CoreDNS startup until after WireGuard tunnel device is created. # Delay CoreDNS startup until after WireGuard tunnel device is created.
requires = [ "wireguard-${wg0.name}.service" ]; requires = [ "wireguard-${name}.service" ];
after = [ "wireguard-${wg0.name}.service" ]; after = [ "wireguard-${name}.service" ];
}; };
services.coredns = { services.coredns = {
enable = true; enable = true;
config = '' config = with vars; ''
# Root zone. # Root zone.
. { . {
cache 3600 { cache 3600 {
@ -45,10 +40,10 @@ in {
${host.ipv6.ula} ${host.name}.ipv6.${domain} ${host.ipv6.ula} ${host.name}.ipv6.${domain}
'' else '' else
""} ""}
'') (vars.hosts.servers ++ vars.hosts.infra ++ [{ '') (hosts.servers ++ hosts.infra ++ [{
name = "routnerr-2"; name = "routnerr-2";
ipv4 = lan0.ipv4; ipv4 = interfaces.lan0.ipv4;
ipv6.ula = lan0.ipv6.ula; ipv6.ula = interfaces.lan0.ipv6.ula;
}]) }])
} }
} }

37
nixos/routnerr-2/dhcpd4.nix
View file

@ -3,11 +3,6 @@
let let
vars = import ./vars.nix; vars = import ./vars.nix;
guest0 = vars.interfaces.guest0;
iot0 = vars.interfaces.iot0;
lab0 = vars.interfaces.lab0;
lan0 = vars.interfaces.lan0;
# Produces a compatible object for the dhcpd4 machines array. # Produces a compatible object for the dhcpd4 machines array.
mkHost = (host: { mkHost = (host: {
hostName = host.name; hostName = host.name;
@ -17,37 +12,47 @@ let
in { in {
services.dhcpd4 = { services.dhcpd4 = {
interfaces = interfaces = with vars.interfaces; [
[ "${lan0.name}" "${guest0.name}" "${iot0.name}" "${lab0.name}" ]; "${lan0.name}"
"${guest0.name}"
"${iot0.name}"
"${lab0.name}"
];
enable = true; enable = true;
machines = lib.forEach (vars.hosts.infra ++ vars.hosts.servers) mkHost; machines = with vars.hosts; lib.forEach (infra ++ servers) mkHost;
extraConfig = '' extraConfig = ''
ddns-update-style none; ddns-update-style none;
default-lease-time 86400; default-lease-time 86400;
max-lease-time 86400; max-lease-time 86400;
${lib.concatMapStrings (ifi: ${with vars.interfaces;
lib.concatMapStrings (ifi:
# Since dhcpd4 doesn't speak CIDR notation, trim off the final octet of # Since dhcpd4 doesn't speak CIDR notation, trim off the final octet of
# the router's address for our "/24" prefix. # the router's address for our "/24" prefix.
let pfx = lib.removeSuffix ".1" ifi.ipv4; let
pfx = lib.removeSuffix ".1" ipv4;
ipv4 = ifi.ipv4;
in '' in ''
subnet ${pfx}.0 netmask 255.255.255.0 { subnet ${pfx}.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0; option subnet-mask 255.255.255.0;
option broadcast-address ${pfx}.255; option broadcast-address ${pfx}.255;
option routers ${ifi.ipv4}; option routers ${ipv4};
option domain-name-servers ${ifi.ipv4}; option domain-name-servers ${ipv4};
range ${pfx}.20 ${pfx}.240; range ${pfx}.20 ${pfx}.240;
allow booting; allow booting;
next-server ${ifi.ipv4}; next-server ${ipv4};
option bootfile-name "netboot.xyz.kpxe"; option bootfile-name "netboot.xyz.kpxe";
${ ${
let
domain = vars.domain;
# Configure additional options for the primary internal LAN. # Configure additional options for the primary internal LAN.
if ifi.internal_domain then '' in if ifi.internal_domain then ''
option domain-search "${vars.domain}"; option domain-search "${domain}";
option domain-name "${vars.domain}"; option domain-name "${domain}";
'' else '' else
"" ""
} }

26
nixos/routnerr-2/dhcpd6.nix
View file

@ -1,16 +1,15 @@
{ lib, ... }: { lib, ... }:
let let vars = import ./vars.nix;
vars = import ./vars.nix;
guest0 = vars.interfaces.guest0;
iot0 = vars.interfaces.iot0;
lab0 = vars.interfaces.lab0;
lan0 = vars.interfaces.lan0;
in { in {
services.dhcpd6 = { services.dhcpd6 = {
interfaces = interfaces = with vars.interfaces; [
[ "${lan0.name}" "${guest0.name}" "${iot0.name}" "${lab0.name}" ]; "${lan0.name}"
"${guest0.name}"
"${iot0.name}"
"${lab0.name}"
];
enable = true; enable = true;
extraConfig = '' extraConfig = ''
ddns-update-style none; ddns-update-style none;
@ -22,19 +21,22 @@ in {
option dhcp6.rapid-commit; option dhcp6.rapid-commit;
${lib.concatMapStrings (ifi: ${with vars.interfaces;
lib.concatMapStrings (ifi:
# Router ULA addresses have a ::1 suffix, so trim the 1 from the # Router ULA addresses have a ::1 suffix, so trim the 1 from the
# router's address for our /64 prefix. # router's address for our /64 prefix.
let pfx = lib.removeSuffix "1" ifi.ipv6.ula; let
pfx = lib.removeSuffix "1" ifi.ipv6.ula;
ipv6 = ifi.ipv6.ula;
in '' in ''
subnet6 ${pfx}/64 { subnet6 ${pfx}/64 {
range6 ${pfx}ffff:1000 ${pfx}ffff:ffff; range6 ${pfx}ffff:1000 ${pfx}ffff:ffff;
range6 ${pfx} temporary; range6 ${pfx} temporary;
option dhcp6.name-servers ${ifi.ipv6.ula}; option dhcp6.name-servers ${ipv6};
# TODO: find a working IPv6 TFTP implementation and enable. # TODO: find a working IPv6 TFTP implementation and enable.
# option dhcp6.bootfile-url "tftp://[${ifi.ipv6.ula}]/netboot.xyz.kpxe"; # option dhcp6.bootfile-url "tftp://[${ipv6}]/netboot.xyz.kpxe";
${ ${
# Configure additional options for the primary internal LAN. # Configure additional options for the primary internal LAN.

33
nixos/routnerr-2/networking.nix
View file

@ -3,13 +3,6 @@
let let
vars = import ./vars.nix; vars = import ./vars.nix;
guest0 = vars.interfaces.guest0;
iot0 = vars.interfaces.iot0;
lab0 = vars.interfaces.lab0;
lan0 = vars.interfaces.lan0;
wan0 = vars.interfaces.wan0;
wg0 = vars.interfaces.wg0;
# Produces the configuration for a LAN interface. # Produces the configuration for a LAN interface.
mkInterface = (ifi: { mkInterface = (ifi: {
ipv4.addresses = [{ ipv4.addresses = [{
@ -33,14 +26,14 @@ in {
# LAN interface. # LAN interface.
networking = { networking = {
hostName = "routnerr-2"; hostName = "routnerr-2";
nameservers = [ "${vars.localhost.ipv4}" "${vars.localhost.ipv6}" ]; nameservers = with vars.localhost; [ "${ipv4}" "${ipv6}" ];
dhcpcd = { dhcpcd = {
enable = true; enable = true;
# Do not remove interface configuration on shutdown. # Do not remove interface configuration on shutdown.
persistent = true; persistent = true;
allowInterfaces = [ "${wan0.name}" ]; allowInterfaces = [ "${vars.interfaces.wan0.name}" ];
extraConfig = '' extraConfig = with vars.interfaces; ''
noipv6rs noipv6rs
interface ${wan0.name} interface ${wan0.name}
ipv6rs ipv6rs
@ -55,14 +48,14 @@ in {
''; '';
}; };
interfaces = { interfaces = with vars.interfaces; {
${lan0.name} = mkInterface lan0; ${lan0.name} = mkInterface lan0;
${lab0.name} = mkInterface lab0; ${lab0.name} = mkInterface lab0;
${guest0.name} = mkInterface guest0; ${guest0.name} = mkInterface guest0;
${iot0.name} = mkInterface iot0; ${iot0.name} = mkInterface iot0;
}; };
vlans = { vlans = with vars.interfaces; {
${lab0.name} = { ${lab0.name} = {
id = 2; id = 2;
interface = "${lan0.name}"; interface = "${lan0.name}";
@ -77,25 +70,21 @@ in {
}; };
}; };
wireguard = { wireguard = with vars.interfaces.wg0; {
enable = true; enable = true;
interfaces = { interfaces = {
${wg0.name} = { ${name} = {
listenPort = 51820; listenPort = 51820;
ips = [ ips =
"${wg0.ipv4}/24" [ "${ipv4}/24" "${ipv6.gua}/64" "${ipv6.ula}/64" "${ipv6.lla}/64" ];
"${wg0.ipv6.gua}/64" privateKeyFile = "/var/lib/wireguard/${name}.key";
"${wg0.ipv6.ula}/64"
"${wg0.ipv6.lla}/64"
];
privateKeyFile = "/var/lib/wireguard/wg0.key";
peers = [ peers = [
# mdlayher-fastly # mdlayher-fastly
{ {
publicKey = "VWRsPtbdGtcNyaQ+cFAZfZnYL05uj+XINQS6yQY5gQ8="; publicKey = "VWRsPtbdGtcNyaQ+cFAZfZnYL05uj+XINQS6yQY5gQ8=";
allowedIPs = [ allowedIPs = [
"192.168.20.0/24" "192.168.20.0/24"
"2600:6c4a:787f:d120::/64" "2600:6c4a:7880:3220::/64"
"fd9e:1a04:f01d:20::/64" "fd9e:1a04:f01d:20::/64"
"fe80::10/128" "fe80::10/128"
]; ];

2
nixos/routnerr-2/vars.nix
View file

@ -109,7 +109,7 @@ in {
ipv4 = "192.168.20.1"; ipv4 = "192.168.20.1";
ipv6 = { ipv6 = {
# TODO try to get prefix delegation ordering working. # TODO try to get prefix delegation ordering working.
gua = "2600:6c4a:7880:3202::1"; gua = "2600:6c4a:7880:3220::1";
lla = "fe80::"; lla = "fe80::";
ula = "fd9e:1a04:f01d:20::1"; ula = "fd9e:1a04:f01d:20::1";
}; };