chore: support static ips
This commit is contained in:
parent
053365c277
commit
5d1bc8cf67
GPG key ID:
451F95EFB8BECD0F
|
|
@ -9,6 +9,8 @@ let
|
||||||
ipOf = name: nodes.${globals.services.${name}.host}.config.wireguard.services.ipv4;
|
ipOf = name: nodes.${globals.services.${name}.host}.config.wireguard.services.ipv4;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
systemd.network.networks."10-static" = {
|
||||||
|
};
|
||||||
wireguard.services = {
|
wireguard.services = {
|
||||||
client.via = "nucnix";
|
client.via = "nucnix";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
13
globals.nix
13
globals.nix
|
|
@ -49,6 +49,7 @@ in
|
||||||
adguardhome = {
|
adguardhome = {
|
||||||
domain = "adguardhome.${globals.domains.web}";
|
domain = "adguardhome.${globals.domains.web}";
|
||||||
host = "nucnix-adguardhome";
|
host = "nucnix-adguardhome";
|
||||||
|
ip = 10;
|
||||||
};
|
};
|
||||||
forgejo = {
|
forgejo = {
|
||||||
domain = "forge.${globals.domains.web}";
|
domain = "forge.${globals.domains.web}";
|
||||||
|
|
@ -84,7 +85,7 @@ in
|
||||||
};
|
};
|
||||||
apispotify = {
|
apispotify = {
|
||||||
domain = "apisptfy.${globals.domains.web}";
|
domain = "apisptfy.${globals.domains.web}";
|
||||||
host = "elisabeth-apispotify";
|
host = "elisabeth-yourspotify";
|
||||||
};
|
};
|
||||||
kanidm = {
|
kanidm = {
|
||||||
domain = "auth.${globals.domains.web}";
|
domain = "auth.${globals.domains.web}";
|
||||||
|
|
@ -118,6 +119,16 @@ in
|
||||||
domain = "netbird.${globals.domains.web}";
|
domain = "netbird.${globals.domains.web}";
|
||||||
host = "elisabeth-netbird";
|
host = "elisabeth-netbird";
|
||||||
};
|
};
|
||||||
|
nginx = {
|
||||||
|
domain = globals.domains.web;
|
||||||
|
host = "nucnix-nginx";
|
||||||
|
ip = 5;
|
||||||
|
};
|
||||||
|
samba = {
|
||||||
|
domain = "smb.${globals.domains.web}";
|
||||||
|
host = "elisabeth-samba";
|
||||||
|
ip = 12;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
stateVersion,
|
stateVersion,
|
||||||
|
globals,
|
||||||
inputs,
|
inputs,
|
||||||
lib,
|
lib,
|
||||||
minimal,
|
minimal,
|
||||||
|
|
@ -9,7 +10,13 @@
|
||||||
{
|
{
|
||||||
guests =
|
guests =
|
||||||
let
|
let
|
||||||
mkGuest = guestName: _: {
|
mkGuest =
|
||||||
|
guestName:
|
||||||
|
{
|
||||||
|
vlans ? [ "services" ],
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
autostart = true;
|
autostart = true;
|
||||||
zfs."/state" = {
|
zfs."/state" = {
|
||||||
pool = "rpool";
|
pool = "rpool";
|
||||||
|
|
@ -27,6 +34,21 @@
|
||||||
networking.nftables.firewall.zones.untrusted.interfaces = lib.mkIf (
|
networking.nftables.firewall.zones.untrusted.interfaces = lib.mkIf (
|
||||||
lib.length config.guests.${guestName}.networking.links == 1
|
lib.length config.guests.${guestName}.networking.links == 1
|
||||||
) config.guests.${guestName}.networking.links;
|
) config.guests.${guestName}.networking.links;
|
||||||
|
systemd.network.networks = lib.mkIf (globals.services.${guestName}.ip != null) (
|
||||||
|
lib.listToAttrs (
|
||||||
|
lib.flip map vlans (
|
||||||
|
name:
|
||||||
|
lib.nameValuePair "09-mv-${name}" {
|
||||||
|
matchConfig.Name = "mv-${name}";
|
||||||
|
DHCP = "no";
|
||||||
|
address = [
|
||||||
|
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
|
||||||
|
];
|
||||||
|
gateway = lib.net.cidr.hostCidr 1 globals.net.vlans.${name}.cidrv4;
|
||||||
|
}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
);
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
@ -36,7 +58,7 @@
|
||||||
backend = "microvm";
|
backend = "microvm";
|
||||||
microvm = {
|
microvm = {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
interfaces.lan = { };
|
interfaces.lan = lib.trace "This don't work yet" { };
|
||||||
baseMac = config.secrets.secrets.local.networking.interfaces.lan01.mac;
|
baseMac = config.secrets.secrets.local.networking.interfaces.lan01.mac;
|
||||||
};
|
};
|
||||||
extraSpecialArgs = {
|
extraSpecialArgs = {
|
||||||
|
|
@ -50,22 +72,30 @@
|
||||||
mkContainer =
|
mkContainer =
|
||||||
guestName:
|
guestName:
|
||||||
{
|
{
|
||||||
macvlans ? [ "lan-services" ],
|
vlans ? [ "services" ],
|
||||||
...
|
...
|
||||||
}@cfg:
|
}@cfg:
|
||||||
{
|
{
|
||||||
${guestName} = mkGuest guestName cfg // {
|
${guestName} = lib.mkMerge [
|
||||||
|
(mkGuest guestName cfg)
|
||||||
|
{
|
||||||
backend = "container";
|
backend = "container";
|
||||||
container.macvlans = macvlans;
|
container.macvlans = lib.flip map vlans (x: "lan-${x}:mv-${x}");
|
||||||
extraSpecialArgs = {
|
extraSpecialArgs = {
|
||||||
inherit (inputs.self) nodes globals;
|
inherit (inputs.self) nodes globals;
|
||||||
inherit (inputs.self.pkgs.x86_64-linux) lib;
|
inherit (inputs.self.pkgs.x86_64-linux) lib;
|
||||||
inherit inputs minimal stateVersion;
|
inherit inputs minimal stateVersion;
|
||||||
};
|
};
|
||||||
};
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{ }
|
{ }
|
||||||
// mkContainer "adguardhome" { macvlans = [ "lan-services" ]; }
|
// mkContainer "adguardhome" {
|
||||||
// mkContainer "nginx" { macvlans = [ "lan-services" ]; };
|
vlans = [
|
||||||
|
"services"
|
||||||
|
"home"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
// mkContainer "nginx" { };
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -132,6 +132,11 @@ in
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = "The node-name on which this service runs";
|
description = "The node-name on which this service runs";
|
||||||
};
|
};
|
||||||
|
ip = mkOption {
|
||||||
|
type = types.nullOr (types.ints.between 5 49);
|
||||||
|
default = null;
|
||||||
|
description = "Optional IP in case this service runs needs a static ip. Shou";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue