From d72df0d9d578f05eea678b7768f0679b2f7084c8 Mon Sep 17 00:00:00 2001 From: Matt Layher Date: Fri, 24 Jan 2020 11:36:50 -0500 Subject: [PATCH] nixos: add network infrastructure to hosts --- nixos/coredns.nix | 16 ++++++++-------- nixos/dhcpd4.nix | 36 ++++++++---------------------------- nixos/nftables.nix | 5 ++++- nixos/vars.nix | 30 +++++++++++++++++++++++++++++- 4 files changed, 49 insertions(+), 38 deletions(-) diff --git a/nixos/coredns.nix b/nixos/coredns.nix index 139043c..d4bdf88 100644 --- a/nixos/coredns.nix +++ b/nixos/coredns.nix @@ -59,16 +59,16 @@ in { ${lan0.ipv6.ula} routnerr-2.${domain} ${ + # Write out internal DNS records for each of the configured hosts. + # If the host does not have an IPv6 ULA address, omit it. lib.concatMapStrings (host: '' - ${host.ipv4} ${host.name}.${domain} - ${host.ipv6.ula} ${host.name}.${domain} - '') vars.hosts.servers + ${host.ipv4} ${host.name}.${domain} + ${if host.ipv6.ula != "" then '' + ${host.ipv6.ula} ${host.name}.${domain} + '' else + ""} + '') (vars.hosts.servers ++ vars.hosts.infra) } - - 192.168.1.2 switch-livingroom01.${domain} - 192.168.1.3 switch-office01.${domain} - 192.168.1.5 ap-livingroom01.${domain} - 192.168.1.8 hdhomerun.${domain} } } ''; diff --git a/nixos/dhcpd4.nix b/nixos/dhcpd4.nix index 8c454cc..53514f8 100644 --- a/nixos/dhcpd4.nix +++ b/nixos/dhcpd4.nix @@ -8,39 +8,19 @@ let lab0 = vars.interfaces.lab0; lan0 = vars.interfaces.lan0; + # Produces a compatible object for the dhcpd4 machines array. + mkHost = (host: { + hostName = host.name; + ethernetAddress = host.mac; + ipAddress = host.ipv4; + }); + in { services.dhcpd4 = { interfaces = [ "${lan0.name}" "${guest0.name}" "${iot0.name}" "${lab0.name}" ]; enable = true; - machines = [ - { - hostName = "switch-livingroom01"; - ethernetAddress = "f0:9f:c2:0b:28:ca"; - ipAddress = "192.168.1.2"; - } - { - hostName = "switch-office01"; - ethernetAddress = "f0:9f:c2:ce:7e:e1"; - ipAddress = "192.168.1.3"; - } - { - hostName = "ap-livingroom01"; - ethernetAddress = "44:d9:e7:02:2a:56"; - ipAddress = "192.168.1.5"; - } - { - hostName = "hdhomerun"; - ethernetAddress = "00:18:dd:32:52:c0"; - ipAddress = "192.168.1.8"; - } - ] ++ lib.forEach vars.hosts.servers (host: - { - hostName = host.name; - ethernetAddress = host.mac; - ipAddress = host.ipv4; - } - ); + machines = lib.forEach (vars.hosts.infra ++ vars.hosts.servers) mkHost; extraConfig = '' ddns-update-style none; diff --git a/nixos/nftables.nix b/nixos/nftables.nix index ee6510b..0d792ff 100644 --- a/nixos/nftables.nix +++ b/nixos/nftables.nix @@ -263,7 +263,10 @@ in { # SSH for internal machines. ip6 daddr { - ${lib.concatMapStrings (host: "${host.ipv6.gua}, ") vars.hosts.servers} + ${ + lib.concatMapStrings (host: "${host.ipv6.gua}, ") + vars.hosts.servers + } } tcp dport ${ports.ssh} counter accept comment "IPv6 SSH" # Plex running on server. diff --git a/nixos/vars.nix b/nixos/vars.nix index 75f97ef..800593f 100644 --- a/nixos/vars.nix +++ b/nixos/vars.nix @@ -3,7 +3,7 @@ let server_ipv4 = "192.168.1.4"; server_ipv6 = "2600:6c4a:787f:d100:4cb:90ff:fe4d:a259"; -# Configuration variables which are used to build out configs elsewhere. + # Configuration variables which are used to build out configs elsewhere. in { server_ipv4 = server_ipv4; server_ipv6 = server_ipv6; @@ -40,6 +40,34 @@ in { mac = "06:cb:90:4d:a2:59"; } ]; + # Machines which are considered network infrastructure and not exposed + # externally. + infra = [ + { + name = "switch-livingroom01"; + ipv4 = "192.168.1.2"; + ipv6.ula = "fd9e:1a04:f01d:0:f29f:c2ff:fe0b:28ca"; + mac = "f0:9f:c2:0b:28:ca"; + } + { + name = "switch-office01"; + ipv4 = "192.168.1.3"; + ipv6.ula = "fd9e:1a04:f01d:0:f29f:c2ff:fece:7ee1"; + mac = "f0:9f:c2:ce:7e:e1"; + } + { + name = "ap-livingroom01"; + ipv4 = "192.168.1.5"; + ipv6.ula = "fd9e:1a04:f01d::46d9:e7ff:fe02:2a56"; + mac = "44:d9:e7:02:2a:56"; + } + { + name = "hdhomerun"; + ipv4 = "192.168.1.8"; + ipv6.ula = ""; # No IPv6 support unfortunately. + mac = "00:18:dd:32:52:c0"; + } + ]; }; interfaces = { wan0 = {