# SPDX-FileCopyrightText: 2020 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 { depot, lib, pkgs, rebuilder, config, ... }: let inherit (depot.ops) secrets; machineSecrets = secrets.machineSpecific.frantech-nyc01; in { imports = [ ../../../third_party/nixpkgs/nixos/modules/profiles/qemu-guest.nix ../lib/low-space.nix ../lib/coredns/default.nix ../lib/bgp.nix ../lib/minotarproxy.nix ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ]; boot.kernelModules = [ "kvm-amd" ]; # Use GRUB. boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; fileSystems = { "/" = { device = "/dev/vda1"; fsType = "ext4"; }; }; nix.maxJobs = lib.mkDefault 1; # Networking! networking = { hostName = "frantech-nyc01"; domain = "as205479.net"; hostId = "251837df"; nameservers = [ "2001:4860:4860::8888" "2001:4860:4860::8844" "8.8.8.8" "8.8.4.4" ]; useDHCP = false; defaultGateway = { address = "199.195.254.1"; interface = "ens3"; }; defaultGateway6 = { address = "2605:6400:10::1"; interface = "ens3"; }; interfaces.ens3 = { ipv4.addresses = [{ address = "199.195.254.60"; prefixLength = 24; }]; ipv6.addresses = [{ address = "2605:6400:10:c77::1"; prefixLength = 48; }]; }; }; my.ip.tailscale = "100.99.236.25"; my.coredns.bind = [ "ens3" "tailscale0" "127.0.0.1" "::1" ]; services.lukegbgp = let local = { asn = 205479; }; in { enable = true; config = { local = { routerID = "199.195.254.60"; }; export = { #v4 = ["92.118.29.0/24"]; }; peering = { frantech = { local = local // { v4 = "199.195.254.60"; v6 = "2605:6400:10:c77::1"; }; remote = { asn = 53667; export_community = 4000; routers = [{ v4 = "169.254.169.179"; v6 = "2605:6400:ffff::2"; multihop = 2; password = machineSecrets.bgpPassword; }]; }; }; }; }; }; system.stateVersion = "21.05"; }