nixbus: simplify/fix networking config (policy routing would be needed)

ceeba0a7 · fpletz · 26d8c90a · ceeba0a7 · ceeba0a7
Commit ceeba0a7 authored Jan 19, 2022 by fpletz 🚧
--- a/flake.nix
+++ b/flake.nix
@@ -82,7 +82,7 @@
      };

      nixbus = { name, nodes, pkgs, ... }: {
-        deployment.targetHost = "83.133.178.67"; # "${name}.club.muc.ccc.de";
+        deployment.targetHost = "${name}.club.muc.ccc.de";
        imports = [
          "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
          ./nixbus.nix

--- a/nixbus.nix
+++ b/nixbus.nix
@@ -28,13 +28,13 @@

  swapDevices = [
    { device = "/dev/vda3"; }
-  ]; 
+  ];

  nix = {
    buildCores = 2;
    maxJobs = 5;
  };
- 
+
  networking = {
    hostName = "nixbus";
    domain = "club.muc.ccc.de";
@@ -42,7 +42,7 @@
    usePredictableInterfaceNames = false;
    extraHosts = ''
      # host
-      2001:7f0:3003:beef::67 nixbus.club.muc.ccc.de nixbus 
+      2001:7f0:3003:beef::67 nixbus.club.muc.ccc.de nixbus
      83.133.178.67 nixbus.club.muc.ccc.de nixbus
    '';
    firewall = {
@@ -53,11 +53,6 @@
        22
        80
        443
-        #11000
-        #11001
-        #34197
-        #46631
-        #5984
      ];
    };
    useDHCP = false;
@@ -66,57 +61,64 @@
        ipv6.addresses = [
          { address = "2001:7f0:3003:beef::67"; prefixLength = 64; }
        ];
-        ipv4.addresses = [ 
+        ipv4.addresses = [
          { address = "83.133.178.67"; prefixLength = 26; }
        ];
      };
-      "eth0.2396" = {
-        ipv6.addresses = [
-          { address = "2001:7f0:3003:235e::98"; prefixLength = 64; }
-        ];
-#        ip4 = [ 
-#          { address = "83.133.179.98"; prefixLength = 27; }
-#        ];
-      };
-      "eth0.2428" = {
-        ipv6.addresses = [
-          { address = "2001:7f0:3003:235f::130"; prefixLength = 64; }
-        ];
-#        ip4 = [ 
-#          { address = "83.133.179.130"; prefixLength = 25; }
-#        ];
-      };
-    };
-    vlans = {
-      "eth0.2396" = {
-        id = 2396;
-        interface = "eth0";
-      };
-      "eth0.2428" = {
-        id = 2428;
-        interface = "eth0";
-      };
+      #"eth0.2396" = {
+      #  ipv6.addresses = [
+      #    { address = "2001:7f0:3003:235e::98"; prefixLength = 64; }
+      #  ];
+      #  ip4 = [
+      #    { address = "83.133.179.98"; prefixLength = 27; }
+      #  ];
+      #};
+      #"eth0.2428" = {
+      #  ipv6.addresses = [
+      #    { address = "2001:7f0:3003:235f::130"; prefixLength = 64; }
+      #  ];
+      #  ip4 = [
+      #    { address = "83.133.179.130"; prefixLength = 25; }
+      #  ];
+      #};
    };
+    #vlans = {
+    #  "eth0.2396" = {
+    #    id = 2396;
+    #    interface = "eth0";
+    #  };
+    #  "eth0.2428" = {
+    #    id = 2428;
+    #    interface = "eth0";
+    #  };
+    #};
    nameservers = [
-      "2001:7f0:3003:beef::65"
+      # XXX: currently not working
+      #"2001:7f0:3003:beef::65"
      "83.133.178.65"
    ];
-    defaultGateway6 = "2001:7f0:3003:beef::65";
-    defaultGateway = "83.133.178.65";
-    localCommands = ''
-      #${pkgs.iproute}/bin/ip -6 rule add from 2001:7f0:3003:235e::/64 table 2
-      #${pkgs.iproute}/bin/ip -6 route add table 2 2001:7f0:3003:235e::/64 dev eth0.2396
-      #${pkgs.iproute}/bin/ip -6 route add table 2 default via 2001:7f0:3003:235e::97 dev eth0.2396
-      #${pkgs.iproute}/bin/ip -4 rule add from 83.133.179.96/27 table 2
-      #${pkgs.iproute}/bin/ip -4 route add table 2 83.133.179.96/27 dev eth0.2396 
-      #${pkgs.iproute}/bin/ip -4 route add table 2 default via 83.133.179.97 dev eth0.2396
-      #${pkgs.iproute}/bin/ip -6 rule add from 2001:7f0:3003:235f::/64 table 3
-      #${pkgs.iproute}/bin/ip -6 route add table 3 2001:7f0:3003:235f::/64 dev eth0.2428
-      #${pkgs.iproute}/bin/ip -6 route add table 3 default via 2001:7f0:3003:235f::129 dev eth0.2428
-      #${pkgs.iproute}/bin/ip -4 rule add from 83.133.179.128/25 table 3
-      #${pkgs.iproute}/bin/ip -4 route add table 3 83.133.179.128/25 dev eth0.2428
-      #${pkgs.iproute}/bin/ip -4 route add table 3 default via 83.133.179.129 dev eth0.2428
-    '';
+    defaultGateway6 = {
+      address = "2001:7f0:3003:beef::65";
+      metric = 42;
+    };
+    defaultGateway = {
+      address = "83.133.178.65";
+      metric = 42;
+    };
+    #localCommands = ''
+    #  ${pkgs.iproute}/bin/ip -6 rule add from 2001:7f0:3003:235e::/64 table 2
+    #  ${pkgs.iproute}/bin/ip -6 route add table 2 2001:7f0:3003:235e::/64 dev eth0.2396
+    #  ${pkgs.iproute}/bin/ip -6 route add table 2 default via 2001:7f0:3003:235e::97 dev eth0.2396
+    #  ${pkgs.iproute}/bin/ip -4 rule add from 83.133.179.96/27 table 2
+    #  ${pkgs.iproute}/bin/ip -4 route add table 2 83.133.179.96/27 dev eth0.2396
+    #  ${pkgs.iproute}/bin/ip -4 route add table 2 default via 83.133.179.97 dev eth0.2396
+    #  ${pkgs.iproute}/bin/ip -6 rule add from 2001:7f0:3003:235f::/64 table 3
+    #  ${pkgs.iproute}/bin/ip -6 route add table 3 2001:7f0:3003:235f::/64 dev eth0.2428
+    #  ${pkgs.iproute}/bin/ip -6 route add table 3 default via 2001:7f0:3003:235f::129 dev eth0.2428
+    #  ${pkgs.iproute}/bin/ip -4 rule add from 83.133.179.128/25 table 3
+    #  ${pkgs.iproute}/bin/ip -4 route add table 3 83.133.179.128/25 dev eth0.2428
+    #  ${pkgs.iproute}/bin/ip -4 route add table 3 default via 83.133.179.129 dev eth0.2428
+    #'';
  };

  # MuCCC API