From 683555e4eb46d22d0d0a251b9e46e208a254946f Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Fri, 12 Jan 2024 04:04:23 +0100 Subject: [PATCH] router04: init and add to VRRP group --- machines/router04/_configuration.nix | 28 +++++++++++++ machines/router04/_hardware-configuration.nix | 40 +++++++++++++++++++ machines/router04/router.nix | 28 +++++++++++++ meta/nodes.nix | 16 +++++++- 4 files changed, 111 insertions(+), 1 deletion(-) create mode 100644 machines/router04/_configuration.nix create mode 100644 machines/router04/_hardware-configuration.nix create mode 100644 machines/router04/router.nix diff --git a/machines/router04/_configuration.nix b/machines/router04/_configuration.nix new file mode 100644 index 0000000..776bdbb --- /dev/null +++ b/machines/router04/_configuration.nix @@ -0,0 +1,28 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ + ./router.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + networking.hostName = "router04"; + networking.domain = "internal.rz.ens.wtf"; + + services.getty.autologinUser = "root"; + services.openssh.enable = true; + + system.stateVersion = "24.05"; # Did you read the comment? +} + diff --git a/machines/router04/_hardware-configuration.nix b/machines/router04/_hardware-configuration.nix new file mode 100644 index 0000000..3ab0c99 --- /dev/null +++ b/machines/router04/_hardware-configuration.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + boot.initrd.luks.devices.c-disk = { + device = "/dev/disk/by-uuid/9c57dd15-b6e4-4496-84ca-6ffe41a9dd42"; + + keyFile = "/dev/zero"; + keyFileSize = 1; + + fallbackToPassword = true; + }; + + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a48770a7-87f0-4f95-9458-50f022d20472"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/1FD5-AB3E"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/050ed1a8-60be-47e8-9f96-146362ea5e46"; } + ]; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/router04/router.nix b/machines/router04/router.nix new file mode 100644 index 0000000..5fce041 --- /dev/null +++ b/machines/router04/router.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, ... }: +{ + krz-router = { + enable = true; + enablePrimary = false; + routerId = 2; + virtualRouterId = 1; + vip = "129.199.146.230"; + rip = "129.199.146.232"; + trunkPort.macAddress = "92:E3:9C:CE:EF:15"; + }; + + # systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; + environment.systemPackages = [ pkgs.tcpdump pkgs.wireguard-tools ]; + + # Zone based firewall + + # Flow accounting in PostgreSQL. + services.postgresql = { + enable = true; + ensureUsers = []; + }; +# services.ulogd = { +# enable = true; +# settings = { +# }; +# }; +} diff --git a/meta/nodes.nix b/meta/nodes.nix index 9309fa7..51e5aa9 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -57,8 +57,22 @@ builtins.mapAttrs mkNode { "sinavir" ]; - deployment.targetHost = "router03.internal.rz.ens.wtf"; + deployment.targetHost = "129.199.146.231"; stateVersion = "24.05"; }; + + router04 = { + admins = [ + "gdd" + "hubrecht" + "raito" + "sinavir" + ]; + + deployment.targetHost = "129.199.146.232"; + + stateVersion = "24.05"; + }; + }