diff --git a/hive.nix b/hive.nix index d2da079..11aabbc 100644 --- a/hive.nix +++ b/hive.nix @@ -63,6 +63,7 @@ let { nixos = _: { }; zyxel-nwa50ax = mkLiminixConfig system; + netconf = _: { }; } .${system} or (throw "Unknown system: ${system} for nixpkgs configuration instantiation"); @@ -124,6 +125,22 @@ in }; }; + netconf = { + evalConfig = args: (import nixpkgs.nixos.unstable.path { }).lib.evalModules args; + + defaults = + { nodePath, ... }: + { + # Import the default modules + imports = [ + # Import the base configuration for each node + ./${nodePath}.nix + ./modules/netconf + ./lib/netconf-junos + ]; + }; + }; + nixos = { evalConfig = args: import "${args.specialArgs.sourcePkgs.path}/nixos/lib/eval-config.nix" args; defaults = diff --git a/machines/netconf/netcore02.nix b/machines/netconf/netcore02.nix new file mode 100644 index 0000000..862adb8 --- /dev/null +++ b/machines/netconf/netcore02.nix @@ -0,0 +1,120 @@ +let + #TODO: meta + vlansPlan = { + "uplink-cri".id = 223; + + "admin-core" = { + id = 3000; + l3-interface = "irb.0"; + }; + "admin-ap".id = 3001; + "users".id-list = [ + { + begin = 3045; + end = 4094; + } + ]; + + "ap-staging".id = 2000; + }; + #TODO: additionnal module (always the same for APs) + AP-staging = { + poe = true; + ethernet-switching = { + interface-mode = "access"; + vlans = [ "ap-staging" ]; + }; + }; +in +{ name, ... }: +{ + vlans = vlansPlan; + system = { + # TODO: use meta, in default + host-name = name; + services.ssh.root-login = "deny-password"; + root-authentication = { + hashedPasswd = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0"; + ssh-keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor" + ]; + }; + }; + dgn-interfaces = { + # "ge-0/0/0" = AP-staging; + # "ge-0/0/1" = AP-staging; + # "ge-0/0/2" = AP-staging; + # "ge-0/0/3" = AP-staging; + "ge-0/0/4" = AP-staging; + # "ge-0/0/5" = AP-staging; + # "ge-0/0/6" = AP-staging; + # "ge-0/0/7" = AP-staging; + # "ge-0/0/8" = AP-staging; + # "ge-0/0/9" = AP-staging; + # "ge-0/0/10" = AP-staging; + # "ge-0/0/11" = AP-staging; + # "ge-0/0/12" = AP-staging; + # "ge-0/0/13" = AP-staging; + # "ge-0/0/14" = AP-staging; + # "ge-0/0/15" = AP-staging; + # "ge-0/0/16" = AP-staging; + # "ge-0/0/17" = AP-staging; + + # oob + "ge-0/0/42".ethernet-switching = { + interface-mode = "trunk"; + vlans = [ "all" ]; + }; + # AP de test + "ge-0/0/43" = { + poe = true; + ethernet-switching = { + interface-mode = "access"; + vlans = [ 4000 ]; + }; + }; + # uplink oob + "ge-0/0/46".ethernet-switching = { + interface-mode = "access"; + vlans = [ 222 ]; + rstp = false; + }; + # ilo + "ge-0/0/47".ethernet-switching = { + interface-mode = "access"; + vlans = [ "admin-core" ]; + }; + + # router + "xe-0/1/0".ethernet-switching = { + interface-mode = "trunk"; + vlans = [ "all" ]; + }; + # netaccess01 + "xe-0/1/1".ethernet-switching = { + interface-mode = "trunk"; + vlans = [ + "users" + "ap-staging" + "admin-ap" + "admin-core" + ]; + }; + # netcore01 (Potos) + "xe-0/1/2".ethernet-switching = { + interface-mode = "access"; + vlans = [ + "ap-staging" + ]; + }; + # uplink + "ge-0/1/3".ethernet-switching = { + interface-mode = "trunk"; + vlans = [ "uplink-cri" ]; + }; + + # management + "me0".inet.addresses = [ "192.168.42.6/24" ]; + "irb".inet6.addresses = [ "fd26:baf9:d250:8000::1001/64" ]; + }; +} diff --git a/meta/nixpkgs.nix b/meta/nixpkgs.nix index 111151d..4185c86 100644 --- a/meta/nixpkgs.nix +++ b/meta/nixpkgs.nix @@ -16,10 +16,12 @@ # Supported system types "zyxel-nwa50ax" "nixos" + "netconf" ]; categories = { nixos = "nixos"; zyxel-nwa50ax = "liminix"; + netconf = "netconf"; }; } diff --git a/meta/nodes/default.nix b/meta/nodes/default.nix index 751ac4b..09372e5 100644 --- a/meta/nodes/default.nix +++ b/meta/nodes/default.nix @@ -1,4 +1,5 @@ builtins.foldl' (nodes: path: nodes // import path) { } [ ./liminix.nix ./nixos.nix + ./netconf.nix ] diff --git a/meta/nodes/netconf.nix b/meta/nodes/netconf.nix new file mode 100644 index 0000000..f867126 --- /dev/null +++ b/meta/nodes/netconf.nix @@ -0,0 +1,46 @@ +{ + netcore02 = { + site = "hyp01"; + + hashedPassword = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0"; + + stateVersion = "24.05"; # FIXME: meaningless + + adminGroups = [ "fai" ]; + + deployment = { + targetHost = "fd26:baf9:d250:8000::1001"; + sshOptions = [ + "-J" + "root@vault01.hyp01.infra.dgnum.eu" + ]; + }; + + nixpkgs = { + version = "24.05"; # FIXME: meaningless + system = "netconf"; + }; + }; + # netaccess01 = { + # site = "hyp02"; + # + # hashedPassword = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0"; + # + # stateVersion = "24.05"; # FIXME: meaningless + # + # adminGroups = [ "fai" ]; + # + # deployment = { + # targetHost = "fd26:baf9:d250:8000::2001"; + # sshOptions = [ + # "-J" + # "root@vault01.hyp01.infra.dgnum.eu" + # ]; + # }; + # + # nixpkgs = { + # version = "24.05"; # FIXME: meaningless + # system = "netconf"; + # }; + # }; +}