Jeltz
09d82c6b88
Added lots of things done in a hurry following the dodecagon failure. Signed-off-by: Jeltz <jeltz@federez.net>
196 lines
4.6 KiB
Nix
196 lines
4.6 KiB
Nix
{ config, pkgs, ... }:
|
|
{
|
|
age.secrets = {
|
|
vogon-wg-infra-key = {
|
|
file = ../secrets/vogon-wg-infra-key.age;
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
};
|
|
|
|
systemd.services.systemd-networkd.serviceConfig.LoadCredential = [
|
|
"wg-infra-key:${config.age.secrets.vogon-wg-infra-key.path}"
|
|
];
|
|
|
|
environment.systemPackages = [ pkgs.wireguard-tools ];
|
|
|
|
# FIXME I suck. I didn't manage to configure a working ZFS rootfs with disko
|
|
# It was 1 AM, and the server had to be up and running quickly, so I
|
|
# partitioned the server manually
|
|
fileSystems = {
|
|
"/" = {
|
|
device = "rpool/root";
|
|
fsType = "zfs";
|
|
};
|
|
|
|
"/boot1" = {
|
|
device = "/dev/disk/by-uuid/F121-2F47";
|
|
fsType = "vfat";
|
|
options = [ "fmask=0077" "dmask=0077" ];
|
|
};
|
|
|
|
"/boot2" = {
|
|
device = "/dev/disk/by-uuid/F167-8DD8";
|
|
fsType = "vfat";
|
|
options = [ "fmask=0077" "dmask=0077" ];
|
|
};
|
|
};
|
|
|
|
boot.zfs.extraPools = [ "data" ];
|
|
|
|
# We use Grub because systemd-boot does not seem to have a simple equivalent
|
|
# of mirroredBoots
|
|
boot.loader.grub = {
|
|
enable = true;
|
|
efiSupport = true;
|
|
zfsSupport = true; # FIXME useless?
|
|
mirroredBoots = [
|
|
{ devices = [ "nodev" ]; path = "/boot1"; efiSysMountPoint = "/boot1"; }
|
|
{ devices = [ "nodev" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; }
|
|
];
|
|
};
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
boot.initrd.kernelModules = [ ];
|
|
|
|
boot.initrd.availableKernelModules = [
|
|
"ahci"
|
|
"ehci_pci"
|
|
"megaraid_sas"
|
|
"usbhid"
|
|
"usb_storage"
|
|
"sd_mod"
|
|
"sr_mod"
|
|
];
|
|
|
|
systemd.network.links = {
|
|
"10-phy1" = {
|
|
matchConfig.MACAddress = "18:66:da:75:da:04";
|
|
linkConfig.Name = "phy1";
|
|
};
|
|
"10-phy2" = {
|
|
matchConfig.MACAddress = "18:66:da:75:da:05";
|
|
linkConfig.Name = "phy2";
|
|
};
|
|
};
|
|
|
|
systemd.network.netdevs = {
|
|
"10-wan".netdevConfig = {
|
|
Name = "wan";
|
|
Kind = "bridge";
|
|
};
|
|
"10-bond" = {
|
|
netdevConfig = {
|
|
Name = "bond";
|
|
Kind = "bond";
|
|
};
|
|
bondConfig.Mode = "802.3ad";
|
|
};
|
|
"10-br-infra".netdevConfig = {
|
|
Name = "br-infra";
|
|
Kind = "bridge";
|
|
};
|
|
"10-vxl-infra" = {
|
|
netdevConfig = {
|
|
Name = "vxl-infra";
|
|
Kind = "vxlan";
|
|
};
|
|
vxlanConfig = {
|
|
Local = "fd0a:66d3:1c19:1000::1";
|
|
VNI = 42;
|
|
MacLearning = true;
|
|
DestinationPort = 4789;
|
|
};
|
|
};
|
|
"10-wg-infra" = {
|
|
netdevConfig = {
|
|
Name = "wg-infra";
|
|
Kind = "wireguard";
|
|
};
|
|
wireguardConfig = {
|
|
ListenPort = 51039;
|
|
PrivateKey = "@wg-infra-key";
|
|
};
|
|
wireguardPeers = [
|
|
{
|
|
PublicKey = "A+tXWigWNzrj0zAyg0MCSgP53ngH3kNsP5m8E+JbDmA=";
|
|
Endpoint = "89.234.162.224:51039";
|
|
AllowedIPs = [ "fd0a:66d3:1c19:1000::2" ];
|
|
}
|
|
{
|
|
PublicKey = "77IPc//p+mSl1yeapuDd4tIZDRp5acOTmBF5V7dG4BA=";
|
|
Endpoint = "137.194.12.129:51039";
|
|
AllowedIPs = [ "fd0a:66d3:1c19:1000::3" ];
|
|
}
|
|
{
|
|
PublicKey = "tUonMgyYxE5l1aee7iSBR6AwmuhITk3ystPhouUAMBc=";
|
|
Endpoint = "193.48.225.201:51039";
|
|
AllowedIPs = [ "fd0a:66d3:1c19:1000::4" ];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
systemd.network.networks = {
|
|
"10-phy1" = {
|
|
matchConfig.Name = "phy1";
|
|
networkConfig.Bond = "bond";
|
|
};
|
|
"10-phy2" = {
|
|
matchConfig.Name = "phy2";
|
|
networkConfig.Bond = "bond";
|
|
};
|
|
"10-bond" = {
|
|
matchConfig.Name = "bond";
|
|
networkConfig.Bridge = "wan";
|
|
};
|
|
"10-wan" = {
|
|
matchConfig.Name = "wan";
|
|
address = [ "193.54.193.161/28" ];
|
|
routes = [
|
|
{
|
|
Gateway = "193.54.193.174";
|
|
}
|
|
];
|
|
};
|
|
"10-br-infra" = {
|
|
matchConfig.Name = "br-infra";
|
|
address = [
|
|
"fd0a:66d3:1c19:42::1/64"
|
|
"10.42.0.1/16"
|
|
];
|
|
};
|
|
"10-vxl-infra" = {
|
|
matchConfig.Name = "vxl-infra";
|
|
networkConfig = {
|
|
Bridge = "br-infra";
|
|
LinkLocalAddressing = false;
|
|
};
|
|
bridgeFDBs = [
|
|
{
|
|
MACAddress = "00:00:00:00:00:00";
|
|
Destination = "fd0a:66d3:1c19:1000::2";
|
|
VNI = 42;
|
|
}
|
|
{
|
|
MACAddress = "00:00:00:00:00:00";
|
|
Destination = "fd0a:66d3:1c19:1000::3";
|
|
VNI = 42;
|
|
}
|
|
{
|
|
MACAddress = "00:00:00:00:00:00";
|
|
Destination = "fd0a:66d3:1c19:1000::4";
|
|
VNI = 42;
|
|
}
|
|
];
|
|
};
|
|
"10-wg-infra" = {
|
|
matchConfig.Name = "wg-infra";
|
|
networkConfig = {
|
|
Address = "fd0a:66d3:1c19:1000::1/64";
|
|
VXLAN = "vxl-infra";
|
|
};
|
|
};
|
|
};
|
|
}
|