EH22/nox
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

current

Browse source
This commit is contained in:
chris 2025-04-17 15:37:29 +02:00
parent be194f59d9
commit 61e90ba1a5
Signed by: c6ristian
SSH key fingerprint: SHA256:B3m+yzpaxGXSEcDBpPHfvza/DNC0wuX+CKMeGq8wgak
4 changed files with 0 additions and 332 deletions

1
systems/default.nix
View file

@ -50,7 +50,6 @@ in
# prod hosts (public user)
"cookies.eh22.intern" = mkSystem "x86_64-linux" "cookies.eh22.intern";
"jool.eh22.intern" = mkSystem "x86_64-linux" "jool.eh22.intern";
"dhcp.eh22.intern" = mkSystem "x86_64-linux" "dhcp.eh22.intern";
# misc hosts
"test.eh22.intern" = mkSystem "x86_64-linux" "test.eh22.intern";

97
systems/dhcp.eh22.intern/kea.nix
View file

@ -1,97 +0,0 @@
{ config, pkgs, ... }:
{
services.kea.dhcp4 = {
enable = true;
settings = {
lease-database = {
name = "/var/lib/kea/dhcp4.leases";
persist = true;
type = "memfile";
};
rebind-timer = 2000;
renew-timer = 1000;
valid-lifetime = 4000;
authoritative = true;
option-data = [
{
name = "domain-name-servers";
data = "94.45.254.2";
}
{
name = "cookie-servers";
data = "94.45.254.4";
always-send = true;
}
];
shared-networks = [
{
# wifi
id = 224;
subnet = "94.45.224.0/20";
pools = [ { pool = "94.45.224.10 - 94.45.239.254"; } ];
option-data = [
{
name = "routers";
data = "94.45.224.1";
}
];
}
{
# wired
id = 240;
subnet = "94.45.240.0/21";
pools = [ { pool = "94.45.240.10 - 94.45.240.254"; } ];
option-data = [
{
name = "routers";
data = "94.45.240.1";
}
];
}
{
# Management
id = 255;
subnet = "94.45.255.0/24";
pools = [ { pool = "94.45.255.200 - 94.45.255.254"; } ];
option-data = [
{
name = "routers";
data = "94.45.255.1";
}
];
}
{
# Public Services reachable event ONLY
id = 54;
subnet = " 94.45.254.0/25";
pools = [ { pool = "94.45.254.100 - 94.45.255.126"; } ];
option-data = [
{
name = "routers";
data = "94.45.254.1";
}
];
}
{
# Public Services reachable EVERYWHERE
id = 541;
subnet = "94.45.254.128/25";
pools = [ { pool = "94.45.254.230 - 94.45.255.253"; } ];
option-data = [
{
name = "routers";
data = "94.45.254.128";
}
];
}
];
};
};
}

34
systems/dhcp.eh22.intern/system.nix
View file

@ -1,34 +0,0 @@
{
pkgs,
config,
...
}:
{
imports = [
./kea.nix
];
networking = {
interfaces = {
net0 = {
ipv4 = {
addresses = [
{
address = "94.45.254.3";
prefixLength = 25;
}
];
};
};
};
defaultGateway = "94.45.254.1";
};
systemd.network.links."10-net0" = {
matchConfig.MACAddress = "BC:24:11:BE:24:52";
linkConfig.Name = "net0";
};
# DO NOT CHANGE
# this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
home-manager.users.noc.home.stateVersion = "24.11";
system.stateVersion = "24.11";
}

200
systems/sketchy-router.noc.eh22.intern.nix
View file

@ -1,200 +0,0 @@
{
pkgs,
...
}:
let
renameLink = macAddr: newName: {
matchConfig = {
MACAddress = macAddr;
Type = "ether";
};
linkConfig = {
Name = newName;
};
};
in
{
imports = [ ];
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = "1";
"net.ipv6.conf.all.forwarding" = "1";
};
networking.nftables.enable = true;
systemd.network = {
enable = true;
links = {
"10-ethUpstream" = renameLink "BC:24:11:D2:69:8D" "ethUpstream";
"10-ethMgmt" = renameLink "BC:24:11:A3:38:4E" "ethMgmt";
"10-ethPubUser" = renameLink "BC:24:11:8F:B3:83" "ethPubUsr";
};
networks = {
"10-ethUpstream" = {
matchConfig.Name = "ethUpstream";
address = [ "10.31.245.2/24" ];
gateway = [ "10.31.245.1" ];
};
"10-ethMgmt" = {
matchConfig.Name = "ethMgmt";
address = [
"94.45.255.2/24"
];
};
"10-ethPubUsr" = {
matchConfig.Name = "ethPubUsr";
address = [
"94.45.248.254/24"
"94.45.224.1/20" # wifi
"94.45.240.1/21" # wired
"94.45.254.1/24" # public services subnet
];
# TODO: Add jool routes
};
};
};
networking.nat = {
enable = true;
externalInterface = "ethUpstream";
internalIPs = [
"94.45.224.0/19" # cccv event space, TODO: remove once we are at the event
];
};
services.kea.dhcp4 = {
enable = true;
settings = {
interfaces-config = {
interfaces = [
"ethMgmt"
"ethPubUsr"
];
};
lease-database = {
name = "/var/lib/kea/dhcp4.leases";
persist = true;
type = "memfile";
};
rebind-timer = 2000;
renew-timer = 1000;
valid-lifetime = 4000;
authoritative = true;
option-data = [
{
name = "domain-name-servers";
data = "94.45.254.2";
}
{
name = "cookie-servers";
data = "94.45.254.3";
always-send = true;
}
];
shared-networks = [
{
# management network
name = "mgmtNet";
interface = "ethMgmt";
option-data = [
{
name = "domain-search";
data = "noc.eh22.intern.";
}
{
name = "routers";
data = "94.45.255.2";
}
];
subnet4 = [
{
id = 255;
subnet = "94.45.255.0/24";
pools = [ { pool = "94.45.255.200 - 94.45.255.254"; } ];
reservations = [
{
# auth-dns
hw-address = "BC:24:11:C1:8A:A4";
ip-address = "94.45.255.3";
}
{
# monitoring
hw-address = "BC:24:11:FC:C2:26";
ip-address = "94.45.255.4";
}
];
}
];
}
{
# public network
name = "public";
interface = "ethPubUsr";
subnet4 = [
{
# public services
id = 254;
subnet = "94.45.254.0/24";
pools = [ ];
option-data = [
{
name = "routers";
data = "94.45.254.1";
}
];
reservations = [
{
# resolv-dns
hw-address = "BC:24:11:AD:52:B1";
ip-address = "94.45.254.2";
}
{
# cookies
hw-address = "BC:24:11:41:E1:61";
ip-address = "94.45.254.3";
}
{
# nat64
hw-address = "BC:24:11:21:7F:AF";
ip-address = "94.45.254.4";
}
];
}
{
# wifi
id = 224;
subnet = "94.45.224.0/20";
pools = [ { pool = "94.45.224.10 - 94.45.239.254"; } ];
option-data = [
{
name = "routers";
data = "94.45.224.1";
}
];
}
{
# wired
id = 240;
subnet = "94.45.240.0/21";
pools = [ { pool = "94.45.240.10 - 94.45.240.254"; } ];
option-data = [
{
name = "routers";
data = "94.45.240.1";
}
];
}
];
}
];
};
};
# DO NOT CHANGE
# this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
home-manager.users.noc.home.stateVersion = "24.11";
system.stateVersion = "24.11";
}