etheroute-lon01: export QuadV net
This commit is contained in:
parent
da0717b02c
commit
41c85d898b
1 changed files with 53 additions and 0 deletions
|
@ -6,6 +6,43 @@
|
||||||
let
|
let
|
||||||
inherit (depot.ops) secrets;
|
inherit (depot.ops) secrets;
|
||||||
machineSecrets = secrets.machineSpecific.etheroute-lon01;
|
machineSecrets = secrets.machineSpecific.etheroute-lon01;
|
||||||
|
|
||||||
|
makeIPIPInterface = {
|
||||||
|
name,
|
||||||
|
underlayDevice,
|
||||||
|
localIP,
|
||||||
|
remoteIP
|
||||||
|
}: {
|
||||||
|
description = "IPIP interface ${name}";
|
||||||
|
wantedBy = [ "network-setup.service" "sys-subsystem-net-devices-${underlayDevice}.device" ];
|
||||||
|
bindsTo = [ "${underlayDevice}-netdev.service" "sys-subsystem-net-devices-${underlayDevice}.device" ];
|
||||||
|
partOf = [ "network-setup.service" ];
|
||||||
|
after = [ "network-pre.target" "sys-subsystem-net-devices-${underlayDevice}.device" "network-addresses-${underlayDevice}.service" ];
|
||||||
|
before = [ "network-setup.service" ];
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
serviceConfig.RemainAfterExit = true;
|
||||||
|
path = [ pkgs.iproute2 ];
|
||||||
|
|
||||||
|
script = ''
|
||||||
|
echo "Removing old interface"
|
||||||
|
ip link show "${name}" >/dev/null 2>&1 && ip link del "${name}"
|
||||||
|
|
||||||
|
echo "Adding interface"
|
||||||
|
ip link add name "${name}" type ipip local "${localIP}" remote "${remoteIP}"
|
||||||
|
|
||||||
|
echo "Bringing up interface"
|
||||||
|
ip link set "${name}" up
|
||||||
|
'';
|
||||||
|
preStop = ''
|
||||||
|
echo "Removing interface"
|
||||||
|
ip link set "${name}" down || true
|
||||||
|
ip link del "${name}" || true
|
||||||
|
'';
|
||||||
|
reload = ''
|
||||||
|
ip link set dev "${name}" type ipip local "${localIP}" remote "${remoteIP}"
|
||||||
|
'';
|
||||||
|
reloadIfChanged = true;
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../lib/bgp.nix
|
../lib/bgp.nix
|
||||||
|
@ -38,6 +75,10 @@ in {
|
||||||
"ip=83.97.19.68::83.97.19.65:255.255.255.224:etheroute-lon01:eno1:none"
|
"ip=83.97.19.68::83.97.19.65:255.255.255.224:etheroute-lon01:eno1:none"
|
||||||
];
|
];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
"net.ipv4.conf.all.forwarding" = true;
|
||||||
|
"net.ipv4.conf.default.forwarding" = true;
|
||||||
|
};
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
@ -95,10 +136,21 @@ in {
|
||||||
ipv4.addresses = [{ address = "83.97.19.68"; prefixLength = 27; }];
|
ipv4.addresses = [{ address = "83.97.19.68"; prefixLength = 27; }];
|
||||||
ipv6.addresses = [{ address = "2a07:242:800:64::68"; prefixLength = 64; }];
|
ipv6.addresses = [{ address = "2a07:242:800:64::68"; prefixLength = 64; }];
|
||||||
};
|
};
|
||||||
|
interfaces.quadv1-4 = {
|
||||||
|
ipv4.addresses = [{ address = "92.118.31.254"; prefixLength = 24; }];
|
||||||
|
virtual = true;
|
||||||
|
};
|
||||||
firewall.allowedTCPPorts = [ 80 443 ];
|
firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
};
|
};
|
||||||
my.ip.tailscale = "100.111.191.21";
|
my.ip.tailscale = "100.111.191.21";
|
||||||
|
|
||||||
|
systemd.services.quadv1-4 = makeIPIPInterface {
|
||||||
|
name = "quadv1-4";
|
||||||
|
underlayDevice = "eno1";
|
||||||
|
localIP = "83.97.19.68";
|
||||||
|
remoteIP = "92.118.30.254"; # Dummy for now
|
||||||
|
};
|
||||||
|
|
||||||
services.openssh.hostKeys = [
|
services.openssh.hostKeys = [
|
||||||
{
|
{
|
||||||
path = "/persist/etc/ssh/ssh_host_ed25519_key";
|
path = "/persist/etc/ssh/ssh_host_ed25519_key";
|
||||||
|
@ -123,6 +175,7 @@ in {
|
||||||
local = {
|
local = {
|
||||||
routerID = "83.97.19.68";
|
routerID = "83.97.19.68";
|
||||||
};
|
};
|
||||||
|
export.v4 = [ "92.118.31.0/24" ];
|
||||||
peering = {
|
peering = {
|
||||||
etheroute = {
|
etheroute = {
|
||||||
local = local // {
|
local = local // {
|
||||||
|
|
Loading…
Reference in a new issue