feat(netconf)!: wip! broken! netconf-eval

This commit is contained in:
catvayor 2024-12-10 11:45:59 +01:00 committed by Tom Hubrecht
parent aa4cdf0fd4
commit 99ef0b76de
Signed by: thubrecht
SSH key fingerprint: SHA256:CYNvFo44Ar9qCNnWNnvJVhs0QXO9AZjOLlPeWcSij3Q
5 changed files with 186 additions and 0 deletions

View file

@ -63,6 +63,7 @@ let
{ {
nixos = _: { }; nixos = _: { };
zyxel-nwa50ax = mkLiminixConfig system; zyxel-nwa50ax = mkLiminixConfig system;
netconf = _: { };
} }
.${system} or (throw "Unknown system: ${system} for nixpkgs configuration instantiation"); .${system} or (throw "Unknown system: ${system} for nixpkgs configuration instantiation");
@ -124,6 +125,22 @@ in
}; };
}; };
netconf = {
evalConfig = args: (import nixpkgs.nixos.unstable.path { }).lib.evalModules args;
defaults =
{ nodePath, ... }:
{
# Import the default modules
imports = [
# Import the base configuration for each node
./${nodePath}.nix
./modules/netconf
./lib/netconf-junos
];
};
};
nixos = { nixos = {
evalConfig = args: import "${args.specialArgs.sourcePkgs.path}/nixos/lib/eval-config.nix" args; evalConfig = args: import "${args.specialArgs.sourcePkgs.path}/nixos/lib/eval-config.nix" args;
defaults = defaults =

View file

@ -0,0 +1,120 @@
let
#TODO: meta
vlansPlan = {
"uplink-cri".id = 223;
"admin-core" = {
id = 3000;
l3-interface = "irb.0";
};
"admin-ap".id = 3001;
"users".id-list = [
{
begin = 3045;
end = 4094;
}
];
"ap-staging".id = 2000;
};
#TODO: additionnal module (always the same for APs)
AP-staging = {
poe = true;
ethernet-switching = {
interface-mode = "access";
vlans = [ "ap-staging" ];
};
};
in
{ name, ... }:
{
vlans = vlansPlan;
system = {
# TODO: use meta, in default
host-name = name;
services.ssh.root-login = "deny-password";
root-authentication = {
hashedPasswd = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0";
ssh-keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
];
};
};
dgn-interfaces = {
# "ge-0/0/0" = AP-staging;
# "ge-0/0/1" = AP-staging;
# "ge-0/0/2" = AP-staging;
# "ge-0/0/3" = AP-staging;
"ge-0/0/4" = AP-staging;
# "ge-0/0/5" = AP-staging;
# "ge-0/0/6" = AP-staging;
# "ge-0/0/7" = AP-staging;
# "ge-0/0/8" = AP-staging;
# "ge-0/0/9" = AP-staging;
# "ge-0/0/10" = AP-staging;
# "ge-0/0/11" = AP-staging;
# "ge-0/0/12" = AP-staging;
# "ge-0/0/13" = AP-staging;
# "ge-0/0/14" = AP-staging;
# "ge-0/0/15" = AP-staging;
# "ge-0/0/16" = AP-staging;
# "ge-0/0/17" = AP-staging;
# oob
"ge-0/0/42".ethernet-switching = {
interface-mode = "trunk";
vlans = [ "all" ];
};
# AP de test
"ge-0/0/43" = {
poe = true;
ethernet-switching = {
interface-mode = "access";
vlans = [ 4000 ];
};
};
# uplink oob
"ge-0/0/46".ethernet-switching = {
interface-mode = "access";
vlans = [ 222 ];
rstp = false;
};
# ilo
"ge-0/0/47".ethernet-switching = {
interface-mode = "access";
vlans = [ "admin-core" ];
};
# router
"xe-0/1/0".ethernet-switching = {
interface-mode = "trunk";
vlans = [ "all" ];
};
# netaccess01
"xe-0/1/1".ethernet-switching = {
interface-mode = "trunk";
vlans = [
"users"
"ap-staging"
"admin-ap"
"admin-core"
];
};
# netcore01 (Potos)
"xe-0/1/2".ethernet-switching = {
interface-mode = "access";
vlans = [
"ap-staging"
];
};
# uplink
"ge-0/1/3".ethernet-switching = {
interface-mode = "trunk";
vlans = [ "uplink-cri" ];
};
# management
"me0".inet.addresses = [ "192.168.42.6/24" ];
"irb".inet6.addresses = [ "fd26:baf9:d250:8000::1001/64" ];
};
}

View file

@ -16,10 +16,12 @@
# Supported system types # Supported system types
"zyxel-nwa50ax" "zyxel-nwa50ax"
"nixos" "nixos"
"netconf"
]; ];
categories = { categories = {
nixos = "nixos"; nixos = "nixos";
zyxel-nwa50ax = "liminix"; zyxel-nwa50ax = "liminix";
netconf = "netconf";
}; };
} }

View file

@ -1,4 +1,5 @@
builtins.foldl' (nodes: path: nodes // import path) { } [ builtins.foldl' (nodes: path: nodes // import path) { } [
./liminix.nix ./liminix.nix
./nixos.nix ./nixos.nix
./netconf.nix
] ]

46
meta/nodes/netconf.nix Normal file
View file

@ -0,0 +1,46 @@
{
netcore02 = {
site = "hyp01";
hashedPassword = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0";
stateVersion = "24.05"; # FIXME: meaningless
adminGroups = [ "fai" ];
deployment = {
targetHost = "fd26:baf9:d250:8000::1001";
sshOptions = [
"-J"
"root@vault01.hyp01.infra.dgnum.eu"
];
};
nixpkgs = {
version = "24.05"; # FIXME: meaningless
system = "netconf";
};
};
# netaccess01 = {
# site = "hyp02";
#
# hashedPassword = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0";
#
# stateVersion = "24.05"; # FIXME: meaningless
#
# adminGroups = [ "fai" ];
#
# deployment = {
# targetHost = "fd26:baf9:d250:8000::2001";
# sshOptions = [
# "-J"
# "root@vault01.hyp01.infra.dgnum.eu"
# ];
# };
#
# nixpkgs = {
# version = "24.05"; # FIXME: meaningless
# system = "netconf";
# };
# };
}