15 changed files with 26 additions and 174 deletions
--- a/REGISTRY.md
+++ b/REGISTRY.md
@ -3,13 +3,13 @@
 ## HE

 On a un `/64` uniquement routé via un tunnel 6in4:
- - IP de lien local: `2001:470:1f12:2b::2/64`
- - IP de lien Remote: `2001:470:1f12:2b::1/64`
+ - IP de lien local: `2001:470:1f12:187::2/64`
+ - IP de lien Remote: `2001:470:1f12:187::1/64`
 - Endpoint ipv4: `216.66.84.42`/`129.199.146.230`

 | Préfixe | Attribution |
 |-|-|
-| `2001:470:1f13:2b::/64` | he-dmz, vlan 2530 |
+| `2001:470:1f13:187::/64` | he-dmz, vlan 2530 |

 ## MWAN

--- a/machines/dns01/lab.dgnum.eu.nix
+++ b/machines/dns01/lab.dgnum.eu.nix
@ -1,12 +1,8 @@
-{
-  meta,
-  dns,
-  lib,
-  ...
-}:
+{ dns, lib, ... }:

 let
  inherit (lib) mapAttrs' nameValuePair;
+  meta = (import ./../../meta) lib;
 in
 with dns.lib.combinators;
 {
@ -33,8 +29,6 @@ with dns.lib.combinators;

    status = host "129.199.146.103" null;

-    kfet = host "129.199.146.230" "2a0e:e701:1120:1000::f:1";
-
    # Nameservers
    ns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26";

--- a/machines/dns01/nsd.nix
+++ b/machines/dns01/nsd.nix
@ -1,9 +1,4 @@
-{
-  sources,
-  lib,
-  meta,
-  ...
-}:
+{ sources, lib, ... }:

 let
  dns = import sources.dns-nix { };
@ -17,7 +12,7 @@ in
      "lab.dgnum.eu" = {
        # provideXFR = [ ... ];
        # notify = [ ... ];
-        data = dns.lib.toString "lab.dgnum.eu" (import ./lab.dgnum.eu.nix { inherit meta dns lib; });
+        data = dns.lib.toString "lab.dgnum.eu" (import ./lab.dgnum.eu.nix { inherit dns lib; });
      };
    };
  };
--- a/machines/krz01/proxmox/default.nix
+++ b/machines/krz01/proxmox/default.nix
@ -1,9 +1,4 @@
-{
-  sources,
-  meta,
-  name,
-  ...
-}:
+{ sources, ... }:
 let
  proxmox-nixos = import sources.proxmox-nixos;
 in
@ -11,7 +6,6 @@ in
  imports = [ proxmox-nixos.nixosModules.proxmox-ve ];
  services.proxmox-ve = {
    enable = true;
-    ipAddress = meta.network.${name}.netbirdIp;
    openFirewall = false;
  };
  nixpkgs.overlays = [ proxmox-nixos.overlays.x86_64-linux ];
--- a/machines/labcore01/_configuration.nix
+++ b/machines/labcore01/_configuration.nix
@ -8,7 +8,6 @@ lib.extra.mkConfig {
  enabledServices = [
    # List of services to enable
    "unbound"
-    "nginx"
  ];

  extraConfig = { };
--- a/machines/labcore01/kfet/favicon.png
+++ b/machines/labcore01/kfet/favicon.png
--- a/machines/labcore01/kfet/index.html
+++ b/machines/labcore01/kfet/index.html
@ -1,93 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta charset="UTF-8" />
-    <meta name="viewport" content="width=device-width" />
-    <title>Ouverture K-Fêt</title>
-<style>
-#main {
-  margin: 0;
-  padding: 0;
-  width: 100vw;
-  height: 100vh;
-  text-align: center;
-  font-weight: bold;
-  font-size: 15vw;
-  display: flex;
-  justify-content: center;
-  align-content: center;
-  flex-direction: column;
-}
-
-* {
-  margin: 0;
-  padding: 0;
-}
-
-.red {
-  background-color: red;
-  color: white;
-}
-
-.orange {
-  background-color: orange;
-  color: black;
-}
-
-
-.green {
-  background-color: green;
-  color: white;
-}
-
-#main > p {
-  overflow: hidden;
-  display: none;
-}
-
-.orange > #orange {
-  display: block;
-}
-
-.green > #green {
-  display: block;
-}
-
-.red > #red {
-  display: block;
-}
-
-</style>
-    <link rel="manifest" href="manifest.webmanifest" />
-  </head>
-  <body>
-    <div id="main" class="orange">
-      <p id="orange">Non défini</p>
-      <p id="red">Fermé</p>
-      <p id="green">Ouvert</p>
-    </div>
-    <script>
-// Créer une connexion WebSocket
-const socket = new WebSocket('wss://kfet.sinavir.fr/ws/');
-const div = document.getElementById("main");
-
-// Écouter les messages
-socket.addEventListener('message', function (event) {
-  console.log('Voici un message du serveur', event.data);
-  switch (JSON.parse(event.data).status) {
-    case "opened":
-      div.className = "green";
-      document.title = "🟢 Ouvert | K-Fêt";
-      break;
-    case "closed":
-      div.className = "red";
-      document.title = "🔴 Fermé | K-Fêt";
-      break;
-    default:
-      div.className = "orange";
-      document.title = "🟠 Indéfini | K-Fêt";
-  }
-});
-</script>
-  </body>
-</html>
--- a/machines/labcore01/nginx.nix
+++ b/machines/labcore01/nginx.nix
@ -1,8 +0,0 @@
-{
-  dgn-web.enable = true;
-  services.nginx.virtualHosts."kfet.lab.dgnum.eu" = {
-    enableACME = true;
-    forceSSL = true;
-    root = ./kfet;
-  };
-}
--- a/machines/router02/_configuration.nix
+++ b/machines/router02/_configuration.nix
@ -9,7 +9,6 @@ lib.extra.mkConfig {
    # List of services to enable
    "networking"
    "wireguard"
-    "nginx-sni"
  ];

  extraConfig = { };
--- a/machines/router02/_hardware-configuration.nix
+++ b/machines/router02/_hardware-configuration.nix
@ -42,7 +42,7 @@
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  # networking.useDHCP = lib.mkDefault true;
+  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
--- a/machines/router02/networking.nix
+++ b/machines/router02/networking.nix
@ -10,10 +10,7 @@

        networkConfig = {
          Description = "ENS uplink";
-          Address = [
-            "129.199.146.231/24"
-            "129.199.146.230/24"
-          ];
+          Address = [ "129.199.146.230/24" ];
          Gateway = "129.199.146.254";
          LLDP = true;
          # Only to the switch we are connected to directly, e.g. the hypervisor or the switch.
@ -37,8 +34,8 @@
      "50-tun-he" = {
        name = "sit-he";
        networkConfig = {
-          Description = "HE.NET IPv6 Tunnel (maurice)";
-          Address = [ "2001:470:1f12:2b::2/64" ];
+          Description = "HE.NET IPv6 Tunnel (gdd)";
+          Address = [ "2001:470:1f12:187::2/64" ];
          ConfigureWithoutCarrier = true;
        };
        routes = [
@ -56,13 +53,13 @@
        routingPolicyRules = [
          {
            routingPolicyRuleConfig = {
-              From = "2001:470:1f13:2b::/64";
+              From = "2001:470:1f13:187::/64";
              Table = "he";
            };
          }
          {
            routingPolicyRuleConfig = {
-              To = "2001:470:1f13:2b::/64";
+              To = "2001:470:1f13:187::/64";
              Table = "he";
            };
          }
@ -163,13 +160,13 @@
        name = "vlan-he-dmz";
        networkConfig = {
          Description = "HE DMZ VLAN";
-          Address = [ "2001:470:1f13:2b::1/64" ];
+          Address = [ "2001:470:1f13:187::1/64" ];
          IPv6SendRA = "yes";
        };
        ipv6Prefixes = [
          {
            ipv6PrefixConfig = {
-              Prefix = "2001:470:1f13:2b::0/64";
+              Prefix = "2001:470:1f13:187::0/64";
            };
          }
        ];
@ -177,7 +174,7 @@
          {
            Table = "he";
            Scope = "global";
-            Destination = "2001:470:1f13:2b::/64";
+            Destination = "2001:470:1f13:187::/64";
          }
        ];
      };
@ -189,7 +186,7 @@
          Name = "sit-he";
        };
        tunnelConfig = {
-          Local = "129.199.146.231";
+          Local = "129.199.146.230";
          Remote = "216.66.84.42";
        };
      };
--- a/machines/router02/nginx-sni.nix
+++ b/machines/router02/nginx-sni.nix
@ -1,21 +0,0 @@
-{ meta, ... }:
-let
-  # Beware, jool will not translate. Prefer ipv6 proxy target
-  machines = builtins.mapAttrs (
-    host: { site, ... }: "v6.${host}.${site}.infra.lab.dgnum.eu:443"
-  ) meta.nodes;
-in
-{
-  dgn-web.enable = true;
-  services.nginx = {
-    sni-proxy = {
-      preStreamConfig = ''
-        resolver 127.0.0.53;
-      '';
-      enable = true;
-      redirects = {
-        "kfet.lab.dgnum.eu" = machines.labcore01;
-      };
-    };
-  };
-}
--- a/modules/default.nix
+++ b/modules/default.nix
@ -9,15 +9,11 @@
    ++ [
      "${sources."microvm.nix"}/nixos-modules/host"
      (import sources.proxmox-nixos).nixosModules.declarative-vms
-    ]
-    ++ (import sources.nix-modules { inherit lib; }).importModules [
-      "services/nginx-sni"
    ];

  dgn-notify.enable = false;

  dgn-records.enable = false;
-  dgn-network.enable = false;

  # TODO think about how to use netbox with lab
  dgn-netbox-agent.enable = false;
--- a/modules/lab-network.nix
+++ b/modules/lab-network.nix
@ -12,6 +12,7 @@ let
    mapAttrs'
    mkEnableOption
    mkIf
+    mkForce
    ;

  net' = meta.network.${name};
@ -42,7 +43,7 @@ in
    default = true;
  };

-  config = mkIf cfg.enable {
+  config = mkIf cfg.enable (mkForce {
    networking = {
      inherit (net') hostId;

@ -54,5 +55,5 @@ in
    };

    systemd.network.networks = mapAttrs' mkInterface net'.interfaces;
-  };
+  });
 }
--- a/npins/sources.json
+++ b/npins/sources.json
@ -177,8 +177,8 @@
    "nixos-unstable": {
      "type": "Channel",
      "name": "nixos-unstable",
-      "url": "https://releases.nixos.org/nixos/unstable/nixos-25.05beta723344.d3c42f187194/nixexprs.tar.xz",
-      "hash": "0kwwzcza46ygfvrhhbnc7x02z3qw3zkyrjaxcdxmza0jzdv8gydj"
+      "url": "https://releases.nixos.org/nixos/unstable/nixos-25.05beta708622.5e4fbfb6b3de/nixexprs.tar.xz",
+      "hash": "18zd6qnn1zmz3pgq2q484lmdk486ncxyp8r5g9c71r9dc8jr5dnc"
    },
    "nixpkgs": {
      "type": "Channel",
@ -194,9 +194,9 @@
        "repo": "proxmox-nixos"
      },
      "branch": "main",
-      "revision": "15187a4c4ac50d1a38c734f72dd201a7eb504a89",
-      "url": "https://github.com/SaumonNet/proxmox-nixos/archive/15187a4c4ac50d1a38c734f72dd201a7eb504a89.tar.gz",
-      "hash": "1scyza59y0kfjhl5chsl53l61p0dv5ymb4k7bq8grg9nla4aj7f2"
+      "revision": "950e4cccac0f942076e8558f7f9f4d496cabfb18",
+      "url": "https://github.com/SaumonNet/proxmox-nixos/archive/950e4cccac0f942076e8558f7f9f4d496cabfb18.tar.gz",
+      "hash": "0bhqw42ydc0jfkfqw64xsg518a1pbxnvpqw92nna7lm8mzpxm6d4"
    },
    "stateless-uptime-kuma": {
      "type": "Git",
@ -211,4 +211,3 @@
    }
  },
  "version": 3
-}