depot/ops/nixos/blade-paris/default.nix
Luke Granger-Brown c8b482c67a blade-{paris,tuvok}: add IPv6 link-local address as first
Mar 29 21:38:36 blade-tuvok Keepalived_vrrp[29221]: (mgmtGateway6) the first IPv6 VIP address should be link local
2021-03-29 22:43:53 +01:00

109 lines
2.8 KiB
Nix

# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, rebuilder, config, ... }:
let
inherit (depot.ops) secrets;
internetAddresses = {
v4 = { local = "195.74.55.23"; remote = "195.74.55.22"; };
v6 = {
local = "2a03:ee40:8080:9:2::2";
remote = "2a03:ee40:8080:9:2::1";
};
};
in {
imports = [
../lib/blade.nix
../lib/bgp.nix
];
boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101da58c052a35c497ff39f7bd33f46a018bf2f2cd4503e52a89df5e552da8d661f000000000000000000005e0619e7ff90240091558107b6a8e58d-0:0";
services.lukegbgp = {
enable = true;
config = {
local.routerID = internetAddresses.v4.local;
peering.veloxserv = {
local = {
asn = 205479;
v4 = internetAddresses.v4.local;
v6 = internetAddresses.v6.local;
};
remote = {
asn = 3170;
export_community = 4001;
routers = [{ v4 = internetAddresses.v4.remote; v6 = internetAddresses.v6.remote; }];
};
};
export.v4 = [ "92.118.28.0/24" ];
export.v6 = [ "2a09:a441::/32" ];
};
};
# Networking!
networking = {
hostName = "blade-paris";
hostId = "41b2a198";
interfaces.br-public.ipv4.addresses = [{
address = "92.118.28.254";
prefixLength = 24;
}];
interfaces.br-public.ipv6.addresses = [{
address = "2a09:a441::ffff";
prefixLength = 48;
}];
interfaces.en-internet.ipv4.addresses = [{
address = internetAddresses.v4.local;
prefixLength = 31;
}];
interfaces.en-internet.ipv6.addresses = [{
address = internetAddresses.v6.local;
prefixLength = 126;
}];
defaultGateway = internetAddresses.v4.remote;
defaultGateway6 = internetAddresses.v6.remote;
firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT";
};
my.ip.tailscale = "100.117.185.118";
my.blade.bay = 2;
my.blade.macAddress = {
internal = "e4:11:5b:ac:e4:8a";
storage = "e4:11:5b:ac:e4:8e";
internet = "e4:11:5b:ac:e4:8c";
};
my.deploy.enable = false;
services.ceph = {
mon.enable = true;
osd = {
enable = true;
daemons = [ "2" ];
};
};
services.keepalived = let
mgmtBase = {
interface = "br-mgmt";
state = "MASTER";
priority = 100;
};
in {
enable = true;
vrrpInstances.mgmtGateway = mgmtBase // {
virtualIps = [
{ addr = "10.100.0.1/23"; }
{ addr = "92.118.28.1/24"; dev = "br-public"; }
];
virtualRouterId = 1;
};
vrrpInstances.mgmtGateway6 = mgmtBase // {
virtualIps = [
{ addr = "fe80::f00f/64"; dev = "br-public"; }
{ addr = "2a09:a441::/48"; dev = "br-public"; }
];
virtualRouterId = 2;
};
};
}