steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: steveej:7d0515d6f0f39a62b6bf738208536ee365604d15
Branches Tags
steveej:master
steveej:WIP-router0-nfmnk-tunnels
steveej:wip
steveej:wip-bpir3
steveej:pr_htz0
steveej:evolution_decsync
steveej:t14_relabel
steveej:t14_new_drive
steveej:srv0_drivechange
steveej:staging-steveej
steveej:pa600-unused
steveej:pr/odroidh2p-0
..
compare: steveej:e1d4a1019a42f65fdb478bd28ba32162598279c9
Branches Tags
steveej:master
steveej:WIP-router0-nfmnk-tunnels
steveej:wip
steveej:wip-bpir3
steveej:pr_htz0
steveej:evolution_decsync
steveej:t14_relabel
steveej:t14_new_drive
steveej:srv0_drivechange
steveej:staging-steveej
steveej:pa600-unused
steveej:pr/odroidh2p-0

No commits in common. "7d0515d6f0f39a62b6bf738208536ee365604d15" and "e1d4a1019a42f65fdb478bd28ba32162598279c9" have entirely different histories.
7d0515d6f0 ... e1d4a1019a

5 changed files with 17 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

3
nix/os/containers/mailserver.nix
View file

@ -1,6 +1,5 @@
{ {
specialArgs, specialArgs,
hostBridge,
hostAddress, hostAddress,
localAddress, localAddress,
imapsPort ? 993, imapsPort ? 993,
@ -228,5 +227,5 @@
} }
]; ];
inherit hostBridge hostAddress localAddress; inherit hostAddress localAddress;
} }

3
nix/os/containers/syncthing.nix
View file

@ -1,6 +1,5 @@
{ {
specialArgs, specialArgs,
hostBridge,
hostAddress, hostAddress,
localAddress, localAddress,
syncthingPort ? 22000, syncthingPort ? 22000,
@ -57,5 +56,5 @@
} }
]; ];
inherit hostBridge hostAddress localAddress; inherit hostAddress localAddress;
} }

3
nix/os/containers/webserver.nix
View file

@ -1,6 +1,5 @@
{ {
specialArgs, specialArgs,
hostBridge,
hostAddress, hostAddress,
localAddress, localAddress,
httpPort, httpPort,
@ -331,5 +330,5 @@ in {
} }
]; ];
inherit hostBridge hostAddress localAddress; inherit hostAddress localAddress;
} }

14
nix/os/devices/router0-dmz0/configuration.nix
View file

@ -87,16 +87,13 @@
then bridgeInterfaceName then bridgeInterfaceName
else "${bridgeInterfaceName}.${toString vlanid}"; else "${bridgeInterfaceName}.${toString vlanid}";
dmzExposedHost = "sj-srv1"; dmzExposedHost = "sj-srv1.dmz.internal";
dmzExposedHostDomain = "dmz.internal";
dmzExposedHostFQDN = "${dmzExposedHost}.${dmzExposedHostDomain}";
dmzExposedHostIpv4 = mkVlanIpv4HostAddr { dmzExposedHostIpv4 = mkVlanIpv4HostAddr {
vlanid = vlansByName.dmz.id; vlanid = vlansByName.dmz.id;
host = 99; host = 99;
cidr = false; cidr = false;
}; };
# "sj-srv1.dmz.internal";
dmzExposedHostMACaddr = repoFlake.nixosConfigurations.${dmzExposedHost}.config.systemd.network.netdevs."10-dmz0".netdevConfig.MACAddress;
in { in {
imports = [ imports = [
nixos-sbc.nixosModules.default nixos-sbc.nixosModules.default
@ -1129,11 +1126,8 @@ in {
) )
vlanRangeWith0; vlanRangeWith0;
dhcp-host = builtins.concatStringsSep "," [ # TODO: double-check that this works
dmzExposedHostMACaddr dhcp-host = "1c:69:7a:07:08:5f,${dmzExposedHostIpv4},${dmzExposedHost}";
dmzExposedHostIpv4
dmzExposedHostFQDN
];
expand-hosts = true; expand-hosts = true;

72
nix/os/devices/sj-srv1/system.nix
View file

@ -25,64 +25,15 @@
networking.usePredictableInterfaceNames = false; networking.usePredictableInterfaceNames = false;
networking.useNetworkd = true; networking.useNetworkd = true;
networking.useDHCP = false; networking.useDHCP = true;
networking.nat = { networking.nat = {
enable = true; enable = true;
internalInterfaces = ["br0"]; internalInterfaces = ["ve-*"];
externalInterface = "dmz0"; externalInterface = "eth0";
}; };
networking.bridges = {
br0 = {
interfaces = [];
};
};
networking.interfaces = {
br0 = {
ipv4.addresses = [
{
address = "192.168.101.1";
prefixLength = 24;
}
];
};
};
systemd.network.netdevs."10-dmz0" = {
enable = true;
netdevConfig = {
Name = "dmz0";
Kind = "macvlan";
MACAddress = "1c:69:7a:07:08:6f";
};
macvlanConfig = {
Mode = "bridge";
};
};
systemd.network.networks."20-eth0" = {
enable = true;
matchConfig.Name = "eth0";
# TODO: i'm not sure if and if so why this is required
macvlan = [
"dmz0"
];
DHCP = "no";
};
systemd.network.networks."30-dmz0" = {
enable = true;
matchConfig.Name = "dmz0";
DHCP = "yes";
};
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1; "net.ipv4.ip_forward" = 1;
"net.ipv6.ip_forward" = 1;
}; };
# virtualization # virtualization
@ -133,15 +84,14 @@
autoStart = true; autoStart = true;
hostBridge = "br0"; hostAddress = "192.168.100.10";
hostAddress = "192.168.101.1"; localAddress = "192.168.100.11";
localAddress = "192.168.101.10/24";
imapsPort = 993; imapsPort = 993;
sievePort = 4190; sievePort = 4190;
}; };
webserver = websrv0 =
import ../../containers/webserver.nix import ../../containers/webserver.nix
{ {
specialArgs = { specialArgs = {
@ -150,9 +100,8 @@
autoStart = true; autoStart = true;
hostBridge = "br0"; hostAddress = "192.168.100.12";
hostAddress = "192.168.101.1"; localAddress = "192.168.100.13";
localAddress = "192.168.101.11/24";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
@ -165,9 +114,8 @@
}; };
autoStart = true; autoStart = true;
hostBridge = "br0"; hostAddress = "192.168.100.14";
hostAddress = "192.168.101.1"; localAddress = "192.168.100.15";
localAddress = "192.168.101.12/24";
syncthingPort = 22000; syncthingPort = 22000;
}; };