rexxar: init

No BGP yet.
This commit is contained in:
Luke Granger-Brown 2024-03-25 19:13:05 +00:00
parent 9aece1027e
commit e7a1cf462c
8 changed files with 245 additions and 63 deletions

View file

@ -50,6 +50,7 @@ let
"kerrigan" "kerrigan"
"cofractal-ams01" "cofractal-ams01"
"laputa" "laputa"
"rexxar"
]; ];
rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; })); rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; }));
systemCfgs = lib.genAttrs systems systemCfgs = lib.genAttrs systems

View file

@ -13,7 +13,7 @@ in {
isoImage.isoName = lib.mkForce "nixos-${depot.version}-${pkgs.stdenv.hostPlatform.system}.iso"; isoImage.isoName = lib.mkForce "nixos-${depot.version}-${pkgs.stdenv.hostPlatform.system}.iso";
isoImage.storeContents = [ isoImage.storeContents = [
depot.ops.nixos.systems.nausicaa depot.ops.nixos.systems.rexxar
]; ];
system.disableInstallerTools = false; system.disableInstallerTools = false;

View file

@ -21,5 +21,4 @@ $INCLUDE tmpl.ns
3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR lukegb01.ring.nlnog.net. 3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR lukegb01.ring.nlnog.net.
4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR alps22tag.quadv.com. 4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR alps22tag.quadv.com.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR gw.public.as205479.net. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR gw.public.as205479.net.
e.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR blade-paris.public.as205479.net. f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR rexxar.public.as205479.net.
f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR blade-tuvok.public.as205479.net.

View file

@ -260,6 +260,6 @@ $INCLUDE tmpl.ns
250 600 IN PTR 92-118-28-250.ptr.as205479.net. 250 600 IN PTR 92-118-28-250.ptr.as205479.net.
251 600 IN PTR 92-118-28-251.ptr.as205479.net. 251 600 IN PTR 92-118-28-251.ptr.as205479.net.
252 600 IN PTR wg-gw.public.as205479.net. 252 600 IN PTR wg-gw.public.as205479.net.
253 600 IN PTR blade-paris.public.as205479.net. 253 600 IN PTR 92-118-28-253.ptr.as205479.net.
254 600 IN PTR blade-tuvok.public.as205479.net. 254 600 IN PTR rexxar.public.as205479.net.
255 600 IN PTR 92-118-28-255.ptr.as205479.net. 255 600 IN PTR 92-118-28-255.ptr.as205479.net.

View file

@ -3,7 +3,7 @@
; SPDX-License-Identifier: Apache-2.0 ; SPDX-License-Identifier: Apache-2.0
; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL ; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL
@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 57 600 450 3600 300 @ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 58 600 450 3600 300
; NB: this are also glue records in Google Domains. ; NB: this are also glue records in Google Domains.
$INCLUDE tmpl.ns $INCLUDE tmpl.ns
@ -70,22 +70,16 @@ cofractal-ams01 3600 IN AAAA 2a09:a446:1337:ffff::10
cofractal-ams01.int 3600 IN A 100.83.36.130 cofractal-ams01.int 3600 IN A 100.83.36.130
cofractal-ams01.int 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6253:2482 cofractal-ams01.int 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6253:2482
blade-tuvok 3600 IN A 195.74.55.21 rexxar 3600 IN A 195.74.55.21
blade-tuvok 3600 IN AAAA 2a03:ee40:8080:9:1::2 rexxar 3600 IN AAAA 2a03:ee40:8080:9:1::2
blade-tuvok.int 3600 IN A 100.119.123.33 velox1.rexxar 3600 IN A 195.74.55.21
blade-tuvok.int 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6277:7b21 velox1.rexxar 3600 IN AAAA 2a03:ee40:8080:9:1::2
rexxar 3600 IN A 195.74.55.23
blade-paris 3600 IN A 195.74.55.23 rexxar 3600 IN AAAA 2a03:ee40:8080:9:2::2
blade-paris 3600 IN AAAA 2a03:ee40:8080:9:2::2 velox2.rexxar 3600 IN A 195.74.55.23
blade-paris.int 3600 IN A 100.81.131.61 velox2.rexxar 3600 IN AAAA 2a03:ee40:8080:9:2::2
blade-paris.int 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6251:833d rexxar.int 3600 IN A 100.97.110.48
rexxar.int 3600 IN AAAA fd7a:115c:a1e0::3a01:6e30
blade-torres.int 3600 IN A 100.92.118.36
blade-torres.int 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:625c:7624
blade-kim.int 3600 IN A 100.84.36.62
blade-janeway.int 3600 IN A 100.121.116.85
blade-janeway.int 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6279:7455
blade-chakotay.int 3600 IN A 100.121.11.7
bvm-nixosmgmt.int 3600 IN A 100.65.226.19 bvm-nixosmgmt.int 3600 IN A 100.65.226.19
bvm-nixosmgmt.int 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6241:e213 bvm-nixosmgmt.int 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6241:e213
@ -146,36 +140,6 @@ mldn-rd 3600 IN AAAA 2a09:a443::1
eduroam.mldn-rd 3600 IN A 92.118.30.253 eduroam.mldn-rd 3600 IN A 92.118.30.253
eduroam.mldn-rd 3600 IN AAAA 2a09:a443:2::1 eduroam.mldn-rd 3600 IN AAAA 2a09:a443:2::1
; blade internal
blade-oa.blade 3600 IN A 10.100.1.200
blade-vcenet1.blade 3600 IN A 10.100.1.201
blade-vcenet2.blade 3600 IN A 10.100.1.202
blade-vcm.blade 3600 IN A 10.100.1.203
blade-kim.blade 3600 IN A 10.100.0.101
blade-kim-ilo.blade 3600 IN A 10.100.1.101
blade-kim.storage.blade 3600 IN A 10.100.2.101
blade-paris.blade 3600 IN A 10.100.0.102
blade-paris-ilo.blade 3600 IN A 10.100.1.102
blade-paris.storage.blade 3600 IN A 10.100.2.102
blade-janeway.blade 3600 IN A 10.100.0.103
blade-janeway-ilo.blade 3600 IN A 10.100.1.103
blade-janeway.storage.blade 3600 IN A 10.100.2.103
blade-chakotay.blade 3600 IN A 10.100.0.105
blade-chakotay-ilo.blade 3600 IN A 10.100.1.105
blade-chakotay.storage.blade 3600 IN A 10.100.2.105
blade-tuvok.blade 3600 IN A 10.100.0.106
blade-tuvok-ilo.blade 3600 IN A 10.100.1.106
blade-tuvok.storage.blade 3600 IN A 10.100.2.106
blade-torres.blade 3600 IN A 10.100.0.108
blade-torres-ilo.blade 3600 IN A 10.100.1.108
blade-torres.storage.blade 3600 IN A 10.100.2.108
bvm-nixosmgmt.blade 3600 IN A 10.100.0.200 bvm-nixosmgmt.blade 3600 IN A 10.100.0.200
bvm-twitterchiver.blade 3600 IN A 10.100.0.201 bvm-twitterchiver.blade 3600 IN A 10.100.0.201
bvm-prosody.blade 3600 IN A 10.100.0.202 bvm-prosody.blade 3600 IN A 10.100.0.202
@ -190,23 +154,14 @@ bvm-logger.blade 3600 IN A 10.100.0.209
bvm-paperless.blade 3600 IN A 10.100.0.211 bvm-paperless.blade 3600 IN A 10.100.0.211
; services ; services
; ceph-mon: blade-tuvok, blade-janeway, blade-paris
ceph-mon.storage.blade 60 IN A 10.100.2.106
ceph-mon.storage.blade 60 IN A 10.100.2.103
ceph-mon.storage.blade 60 IN A 10.100.2.102
_ceph-mon._tcp.storage.blade 60 IN SRV 10 10 6789 blade-tuvok.storage.blade.as205479.net.
_ceph-mon._tcp.storage.blade 60 IN SRV 10 10 6789 blade-janeway.storage.blade.as205479.net.
_ceph-mon._tcp.storage.blade 60 IN SRV 10 10 6789 blade-paris.storage.blade.as205479.net.
; public ; public
gw.public 3600 IN A 92.118.28.1 gw.public 3600 IN A 92.118.28.1
gw.public 3600 IN AAAA 2a09:a441::1 gw.public 3600 IN AAAA 2a09:a441::1
wg-gw.public 3600 IN A 92.118.28.252 wg-gw.public 3600 IN A 92.118.28.252
wg-gw.public 3600 IN AAAA 2a09:a441::f00f wg-gw.public 3600 IN AAAA 2a09:a441::f00f
blade-tuvok.public 3600 IN A 92.118.28.254 rexxar.public 3600 IN A 92.118.28.254
blade-tuvok.public 3600 IN AAAA 2a09:a441::ffff rexxar.public 3600 IN AAAA 2a09:a441::ffff
blade-paris.public 3600 IN A 92.118.28.253
blade-paris.public 3600 IN AAAA 2a09:a441::fffe
bvm-korobi.public 3600 IN CNAME bvm-korobi.as205479.net. bvm-korobi.public 3600 IN CNAME bvm-korobi.as205479.net.
bvm-korobi 3600 IN A 92.118.28.2 bvm-korobi 3600 IN A 92.118.28.2

View file

@ -0,0 +1,11 @@
<!--
SPDX-FileCopyrightText: 2023 Luke Granger-Brown <depot@lukegb.com>
SPDX-License-Identifier: Apache-2.0
-->
# rexxar.as205479.net
Dedicated host running NixOS.
TODO(lukegb): all of this.

View file

@ -0,0 +1,215 @@
# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, config, ... }:
{
imports = [
../lib/zfs.nix
../lib/bgp.nix
];
# Otherwise _this_ machine won't enumerate things properly.
boot.zfs.devNodes = "/dev/disk/by-id";
boot.initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
"sr_mod"
];
};
boot.kernelModules = [ "kvm-amd" ];
hardware.cpu.amd.updateMicrocode = true;
boot.kernelParams = [
"nomodeset"
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
services.zfs.rollbackOnBoot = {
enable = true;
snapshot = "zboot/local/root@blank";
};
fileSystems = let
zfs = device: {
device = device;
fsType = "zfs";
};
in {
"/" = zfs "zboot/local/root";
"/nix" = zfs "zboot/local/nix";
"/persist" = zfs "zboot/safe/persist";
"/store" = zfs "zu2/safe/store";
"/home" = (zfs "zu2/safe/home") // { neededForBoot = true; };
"/boot" = {
device = "/dev/disk/by-label/ESP";
fsType = "vfat";
};
"/boot2" = {
device = "/dev/disk/by-label/ESP2";
fsType = "vfat";
};
};
boot.loader.systemd-boot.extraInstallCommands = ''
rsync -a /boot/ /boot2/
'';
nix.settings.max-jobs = lib.mkDefault 8;
# Networking!
networking = {
hostName = "rexxar";
domain = "as205479.net";
hostId = "b46c2ae9";
useNetworkd = true;
};
systemd.network = {
networks."10-enp9s0f0" = {
matchConfig.Name = "enp9s0f0";
networkConfig.VLAN = [ "vl-velox1" "vl-linx" ];
};
networks."10-enp9s0f1" = {
matchConfig.Name = "enp9s0f1";
networkConfig.VLAN = [ "vl-velox2" ];
};
netdevs."20-vl-velox1" = {
netdevConfig = {
Name = "vl-velox1";
Kind = "vlan";
MACAddress = "8C:1F:64:0B:6F:00";
};
vlanConfig = {
Id = 100;
};
};
networks."20-vl-velox1" = {
matchConfig.Name = "vl-velox1";
address = [
"195.74.55.21/31"
"2a03:ee40:8080:9:1::2/126"
];
networkConfig.DNS = [
"2001:4860:4860::8888"
"2001:4860:4860::8844"
"8.8.8.8"
"8.8.4.4"
"1.1.1.1"
];
networkConfig.DNSDefaultRoute = true;
routes = [{ routeConfig = {
Gateway = "195.74.55.20";
}; } { routeConfig = {
Gateway = "2a03:ee40:8080:9:1::1";
}; }];
};
netdevs."20-vl-velox2" = {
netdevConfig = {
Name = "vl-velox2";
Kind = "vlan";
MACAddress = "8C:1F:64:0B:6F:01";
};
vlanConfig = {
Id = 100;
};
};
networks."20-vl-velox2" = {
matchConfig.Name = "vl-velox2";
address = [
"195.74.55.23/31"
"2a03:ee40:8080:9:2::2/126"
];
networkConfig.DNS = [
"2001:4860:4860::8888"
"2001:4860:4860::8844"
"8.8.8.8"
"8.8.4.4"
"1.1.1.1"
];
networkConfig.DNSDefaultRoute = true;
routes = [{ routeConfig = {
Gateway = "195.74.55.22";
}; } { routeConfig = {
Gateway = "2a03:ee40:8080:9:2::1";
}; }];
};
netdevs."20-vl-linx" = {
netdevConfig = {
Name = "vl-linx";
Kind = "vlan";
MACAddress = "8C:1F:64:0B:6F:02";
};
vlanConfig = {
Id = 200;
};
};
networks."20-vl-linx" = {
matchConfig.Name = "vl-linx";
address = [
"195.66.224.58/21"
"2001:7f8:4::3:22a7:1/48"
];
networkConfig = {
IPv6LinkLocalAddressGenerationMode = "eui64";
LLMNR = false;
MulticastDNS = false;
IPv6AcceptRA = false;
IPv4ProxyARP = false;
IPv6ProxyNDP = false;
IPv6SendRA = false;
};
};
};
my.ip.tailscale = "100.97.110.48";
my.ip.tailscale6 = "fd7a:115c:a1e0::3a01:6e30";
#my.coredns.bind = [ "bond0" "tailscale0" "127.0.0.1" "::1" ];
services.openssh.hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
systemd.mounts = let
bindMount' = dir: {
unitConfig.RequiresMountsFor = dir;
options = "bind";
what = "/persist${dir}";
where = dir;
};
bindMountSvc = dir: svc: (bindMount' dir) // {
requiredBy = [svc];
before = [svc];
wantedBy = ["multi-user.target"];
};
bindMountSvcDynamic = dir: svc: (bindMount' "/var/lib/private/${dir}") // {
requiredBy = [svc];
before = [svc];
wantedBy = ["multi-user.target"];
};
bindMount = dir: (bindMount' dir) // {
wantedBy = ["multi-user.target"];
};
in [
(bindMountSvc "/var/lib/tailscale" "tailscaled.service")
(bindMountSvc "/var/lib/libvirt" "libvirt.service")
];
system.stateVersion = "24.05";
}

View file

@ -88,4 +88,5 @@
my.servers.bvm-nixosmgmt.apps = [ "plex-pass" ]; my.servers.bvm-nixosmgmt.apps = [ "plex-pass" ];
my.servers.blade-tuvok.apps = [ "fup" ]; my.servers.blade-tuvok.apps = [ "fup" ];
my.servers.bvm-netbox.apps = [ "netbox" ]; my.servers.bvm-netbox.apps = [ "netbox" ];
my.servers.rexxar.apps = [ "deluge" "gitlab-runner" "nixbuild" ];
} }