feat(netconf)!: wip! broken! netconf-eval

2024-12-10 11:45:59 +01:00 · 2024-12-10 11:45:59 +01:00 · 99ef0b76de
commit 99ef0b76de
parent aa4cdf0fd4
5 changed files with 186 additions and 0 deletions
--- a/hive.nix
+++ b/hive.nix
@ -63,6 +63,7 @@ let
    {
      nixos = _: { };
      zyxel-nwa50ax = mkLiminixConfig system;
+      netconf = _: { };
    }
    .${system} or (throw "Unknown system: ${system} for nixpkgs configuration instantiation");

@ -124,6 +125,22 @@ in
        };
    };

+    netconf = {
+      evalConfig = args: (import nixpkgs.nixos.unstable.path { }).lib.evalModules args;
+
+      defaults =
+        { nodePath, ... }:
+        {
+          # Import the default modules
+          imports = [
+            # Import the base configuration for each node
+            ./${nodePath}.nix
+            ./modules/netconf
+            ./lib/netconf-junos
+          ];
+        };
+    };
+
    nixos = {
      evalConfig = args: import "${args.specialArgs.sourcePkgs.path}/nixos/lib/eval-config.nix" args;
      defaults =
--- a/machines/netconf/netcore02.nix
+++ b/machines/netconf/netcore02.nix
@ -0,0 +1,120 @@
+let
+  #TODO: meta
+  vlansPlan = {
+    "uplink-cri".id = 223;
+
+    "admin-core" = {
+      id = 3000;
+      l3-interface = "irb.0";
+    };
+    "admin-ap".id = 3001;
+    "users".id-list = [
+      {
+        begin = 3045;
+        end = 4094;
+      }
+    ];
+
+    "ap-staging".id = 2000;
+  };
+  #TODO: additionnal module (always the same for APs)
+  AP-staging = {
+    poe = true;
+    ethernet-switching = {
+      interface-mode = "access";
+      vlans = [ "ap-staging" ];
+    };
+  };
+in
+{ name, ... }:
+{
+  vlans = vlansPlan;
+  system = {
+    # TODO: use meta, in default
+    host-name = name;
+    services.ssh.root-login = "deny-password";
+    root-authentication = {
+      hashedPasswd = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0";
+      ssh-keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
+      ];
+    };
+  };
+  dgn-interfaces = {
+    # "ge-0/0/0" = AP-staging;
+    # "ge-0/0/1" = AP-staging;
+    # "ge-0/0/2" = AP-staging;
+    # "ge-0/0/3" = AP-staging;
+    "ge-0/0/4" = AP-staging;
+    # "ge-0/0/5" = AP-staging;
+    # "ge-0/0/6" = AP-staging;
+    # "ge-0/0/7" = AP-staging;
+    # "ge-0/0/8" = AP-staging;
+    # "ge-0/0/9" = AP-staging;
+    # "ge-0/0/10" = AP-staging;
+    # "ge-0/0/11" = AP-staging;
+    # "ge-0/0/12" = AP-staging;
+    # "ge-0/0/13" = AP-staging;
+    # "ge-0/0/14" = AP-staging;
+    # "ge-0/0/15" = AP-staging;
+    # "ge-0/0/16" = AP-staging;
+    # "ge-0/0/17" = AP-staging;
+
+    # oob
+    "ge-0/0/42".ethernet-switching = {
+      interface-mode = "trunk";
+      vlans = [ "all" ];
+    };
+    # AP de test
+    "ge-0/0/43" = {
+      poe = true;
+      ethernet-switching = {
+        interface-mode = "access";
+        vlans = [ 4000 ];
+      };
+    };
+    # uplink oob
+    "ge-0/0/46".ethernet-switching = {
+      interface-mode = "access";
+      vlans = [ 222 ];
+      rstp = false;
+    };
+    # ilo
+    "ge-0/0/47".ethernet-switching = {
+      interface-mode = "access";
+      vlans = [ "admin-core" ];
+    };
+
+    # router
+    "xe-0/1/0".ethernet-switching = {
+      interface-mode = "trunk";
+      vlans = [ "all" ];
+    };
+    # netaccess01
+    "xe-0/1/1".ethernet-switching = {
+      interface-mode = "trunk";
+      vlans = [
+        "users"
+        "ap-staging"
+        "admin-ap"
+        "admin-core"
+      ];
+    };
+    # netcore01 (Potos)
+    "xe-0/1/2".ethernet-switching = {
+      interface-mode = "access";
+      vlans = [
+        "ap-staging"
+      ];
+    };
+    # uplink
+    "ge-0/1/3".ethernet-switching = {
+      interface-mode = "trunk";
+      vlans = [ "uplink-cri" ];
+    };
+
+    # management
+    "me0".inet.addresses = [ "192.168.42.6/24" ];
+    "irb".inet6.addresses = [ "fd26:baf9:d250:8000::1001/64" ];
+  };
+}
--- a/meta/nixpkgs.nix
+++ b/meta/nixpkgs.nix
@ -16,10 +16,12 @@
    # Supported system types
    "zyxel-nwa50ax"
    "nixos"
+    "netconf"
  ];

  categories = {
    nixos = "nixos";
    zyxel-nwa50ax = "liminix";
+    netconf = "netconf";
  };
 }
--- a/meta/nodes/default.nix
+++ b/meta/nodes/default.nix
@ -1,4 +1,5 @@
 builtins.foldl' (nodes: path: nodes // import path) { } [
  ./liminix.nix
  ./nixos.nix
+  ./netconf.nix
 ]
--- a/meta/nodes/netconf.nix
+++ b/meta/nodes/netconf.nix
@ -0,0 +1,46 @@
+{
+  netcore02 = {
+    site = "hyp01";
+
+    hashedPassword = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0";
+
+    stateVersion = "24.05"; # FIXME: meaningless
+
+    adminGroups = [ "fai" ];
+
+    deployment = {
+      targetHost = "fd26:baf9:d250:8000::1001";
+      sshOptions = [
+        "-J"
+        "root@vault01.hyp01.infra.dgnum.eu"
+      ];
+    };
+
+    nixpkgs = {
+      version = "24.05"; # FIXME: meaningless
+      system = "netconf";
+    };
+  };
+  #  netaccess01 = {
+  #    site = "hyp02";
+  #
+  #    hashedPassword = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0";
+  #
+  #    stateVersion = "24.05"; # FIXME: meaningless
+  #
+  #    adminGroups = [ "fai" ];
+  #
+  #    deployment = {
+  #      targetHost = "fd26:baf9:d250:8000::2001";
+  #      sshOptions = [
+  #        "-J"
+  #        "root@vault01.hyp01.infra.dgnum.eu"
+  #      ];
+  #    };
+  #
+  #    nixpkgs = {
+  #      version = "24.05"; # FIXME: meaningless
+  #      system = "netconf";
+  #    };
+  #  };
+}