# SPDX-FileCopyrightText: 2020 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 { depot, lib, pkgs, rebuilder, config, ... }: let inherit (depot.ops) secrets; internetAddresses = { v4 = { local = "195.74.55.23"; remote = "195.74.55.22"; }; v6 = { local = "2a03:ee40:8080:9:2::2"; remote = "2a03:ee40:8080:9:2::1"; }; }; in { imports = [ ../lib/blade.nix ../lib/bgp.nix ]; boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101da58c052a35c497ff39f7bd33f46a018bf2f2cd4503e52a89df5e552da8d661f000000000000000000005e0619e7ff90240091558107b6a8e58d-0:0"; services.lukegbgp = { enable = true; config = { local.routerID = internetAddresses.v4.local; peering.veloxserv = { local = { asn = 205479; v4 = internetAddresses.v4.local; v6 = internetAddresses.v6.local; }; remote = { asn = 3170; export_community = 4001; routers = [{ v4 = internetAddresses.v4.remote; v6 = internetAddresses.v6.remote; }]; }; }; export.v4 = [ "92.118.28.0/24" ]; export.v6 = [ "2a09:a441::/32" ]; }; }; # Networking! networking = { hostName = "blade-paris"; hostId = "41b2a198"; interfaces.br-public.ipv4.addresses = [{ address = "92.118.28.254"; prefixLength = 24; }]; interfaces.br-public.ipv6.addresses = [{ address = "2a09:a441::ffff"; prefixLength = 48; }]; interfaces.en-internet.ipv4.addresses = [{ address = internetAddresses.v4.local; prefixLength = 31; }]; interfaces.en-internet.ipv6.addresses = [{ address = internetAddresses.v6.local; prefixLength = 126; }]; defaultGateway = internetAddresses.v4.remote; defaultGateway6 = internetAddresses.v6.remote; firewall.extraCommands = '' iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT ip6tables -A INPUT -p vrrp -i br-mgmt -j ACCEPT ''; }; my.ip.tailscale = "100.117.185.118"; my.blade.bay = 2; my.blade.macAddress = { internal = "e4:11:5b:ac:e4:8a"; storage = "e4:11:5b:ac:e4:8e"; internet = "e4:11:5b:ac:e4:8c"; }; my.deploy.enable = false; services.ceph = { mon.enable = true; osd = { enable = true; daemons = [ "2" ]; }; }; services.keepalived = let mgmtBase = { interface = "br-mgmt"; state = "MASTER"; priority = 100; }; in { enable = true; vrrpInstances.mgmtGateway = mgmtBase // { virtualIps = [ { addr = "10.100.0.1/23"; } { addr = "92.118.28.1/24"; dev = "br-public"; } ]; virtualRouterId = 1; }; vrrpInstances.mgmtGateway6 = mgmtBase // { virtualIps = [ { addr = "fe80::f00f/64"; dev = "br-public"; } { addr = "2a09:a441::/48"; dev = "br-public"; } ]; virtualRouterId = 2; }; }; services.radvd = { enable = true; config = '' interface br-public { AdvSendAdvert on; MinRtrAdvInterval 30; MaxRtrAdvInterval 100; AdvRASrcAddress { fe80::f00f; }; prefix 2a09:a441:ffff:ffff::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; }; ''; }; }