diff --git a/hosts/clients/default.nix b/hosts/clients/default.nix index 03f9fbc..8807945 100644 --- a/hosts/clients/default.nix +++ b/hosts/clients/default.nix @@ -1,10 +1,11 @@ -args@{ lib, ... }: -let - blacklist = [ ]; - folders = builtins.attrNames ( - lib.filterAttrs (n: v: v == "directory" && !lib.hasPrefix "_" n && !builtins.elem n blacklist) ( - builtins.readDir ./. - ) - ); -in -lib.genAttrs folders (folder: (import (./. + "/${folder}") (args // { }))) +# args@{ lib, ... }: +# let +# blacklist = [ ]; +# folders = builtins.attrNames ( +# lib.filterAttrs (n: v: v == "directory" && !lib.hasPrefix "_" n && !builtins.elem n blacklist) ( +# builtins.readDir ./. +# ) +# ); +# in +# lib.genAttrs folders (folder: (import (./. + "/${folder}") (args // { }))) +{...}: {} \ No newline at end of file diff --git a/hosts/miscservers/default.nix b/hosts/miscservers/default.nix index ee59208..5f58569 100644 --- a/hosts/miscservers/default.nix +++ b/hosts/miscservers/default.nix @@ -1,11 +1,12 @@ -args@{ lib, ... }: -let - blacklist = [ ]; +# args@{ lib, ... }: +# let +# blacklist = [ ]; - folders = builtins.attrNames ( - lib.filterAttrs (n: v: v == "directory" && !lib.hasPrefix "_" n && !builtins.elem n blacklist) ( - builtins.readDir ./. - ) - ); -in -lib.genAttrs folders (folder: (import (./. + "/${folder}") (args // { }))) +# folders = builtins.attrNames ( +# lib.filterAttrs (n: v: v == "directory" && !lib.hasPrefix "_" n && !builtins.elem n blacklist) ( +# builtins.readDir ./. +# ) +# ); +# in +# lib.genAttrs folders (folder: (import (./. + "/${folder}") (args // { }))) +{...}: {} \ No newline at end of file diff --git a/hosts/routereflectors/default.nix b/hosts/routereflectors/default.nix index 7978eda..b7a5ad8 100644 --- a/hosts/routereflectors/default.nix +++ b/hosts/routereflectors/default.nix @@ -2,13 +2,14 @@ # iguane-kit-rr91 = import ./iguane-kit-rr91 { }; # } -args@{ lib, ... }: -let - blacklist = [ ]; - folders = builtins.attrNames ( - lib.filterAttrs (n: v: v == "directory" && !lib.hasPrefix "_" n && !builtins.elem n blacklist) ( - builtins.readDir ./. - ) - ); -in -lib.genAttrs folders (folder: (import (./. + "/${folder}") (args // { }))) +# args@{ lib, ... }: +# let +# blacklist = [ ]; +# folders = builtins.attrNames ( +# lib.filterAttrs (n: v: v == "directory" && !lib.hasPrefix "_" n && !builtins.elem n blacklist) ( +# builtins.readDir ./. +# ) +# ); +# in +# lib.genAttrs folders (folder: (import (./. + "/${folder}") (args // { }))) +{...}: {} \ No newline at end of file diff --git a/hosts/routers/__virtua-kit-edge/configuration.nix b/hosts/routers/__virtua-kit-edge/configuration.nix new file mode 100644 index 0000000..8afb1c0 --- /dev/null +++ b/hosts/routers/__virtua-kit-edge/configuration.nix @@ -0,0 +1,91 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ + config, + targetConfig, + lib, + pkgs, + ... +}: +let + iface = if targetConfig ? interface then targetConfig.interface else null; +in +{ + #imports = [ ./wireguard.nix ]; + # Bootloader. + #boot.loader.systemd-boot.enable = true; + #boot.loader.systemd-boot.configurationLimit = 5; + #boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub.efiSupport = false; + boot.loader.grub.enable = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + #boot.loader.grub.devices = [ "${targetConfig.bootdisk}" ]; # or "nodev" for efi only + + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + networking = { + #nameservers = [ "1.3.3.7" ]; + interfaces = { + "${iface}" = { + ipv4.addresses = [ + { + address = "185.10.17.209"; + prefixLength = 24; + } + ]; + + ipv6.addresses = [ + { + address = "2a07:8dc0:19:1cf::1"; + prefixLength = 128; + } + ]; + }; + }; + defaultGateway = { + address = "185.10.17.254"; + metric = 42; + interface = iface; + }; + defaultGateway6 = { + address = "fe80::1"; + metric = 42; + interface = iface; + }; + useDHCP = false; + #dhcpcd.enable = false; + }; + + systemd.network.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + nixpkgs.config.allowUnfree = true; + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/hosts/routers/__virtua-kit-edge/default.nix b/hosts/routers/__virtua-kit-edge/default.nix new file mode 100644 index 0000000..bf225d8 --- /dev/null +++ b/hosts/routers/__virtua-kit-edge/default.nix @@ -0,0 +1,29 @@ +{ ... }: +let + IFACE = "ens18"; +in +{ + type = "targetConfig"; + + bootdisk = "/dev/sda"; + diskTemplate = "simple_singleFullRoot"; + swap = true; + + interface = IFACE; + # mainSerial = 0; + birdConfig = { + transitInterface = IFACE; + # router-id = ; + + # loopback4 = ""; + loopback6 = "2a13:79c0:ffff:fefe::12:10"; + + static6 = [ + # ''2a0d:e680:0::b:1/128 via "enp1s0"'' # Vultr bgp neighbor + "2a13:79c0:ffff:fefe::b00b/128 unreachable" + #"2a13:79c0:ffff::/48 unreachable" # Networking stuff + #"2a13:79c0:ffff:fefe::/64 unreachable" # LoopBacks + "2a13:79c0:ff00::/40 unreachable" # full range /40 + ]; + }; +} diff --git a/hosts/routers/__virtua-kit-edge/hardware-configuration.nix b/hosts/routers/__virtua-kit-edge/hardware-configuration.nix new file mode 100644 index 0000000..9d82589 --- /dev/null +++ b/hosts/routers/__virtua-kit-edge/hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; +} diff --git a/hosts/routers/__virtua-kit-edge/peers/KIT-IG1-RTR.nix b/hosts/routers/__virtua-kit-edge/peers/KIT-IG1-RTR.nix new file mode 100644 index 0000000..7be5a83 --- /dev/null +++ b/hosts/routers/__virtua-kit-edge/peers/KIT-IG1-RTR.nix @@ -0,0 +1,30 @@ +{ ... }: +let + kittenASN = 4242421945; +in +{ + peerAS = kittenASN; + peerIP = "2a13:79c0:ffff:feff::103"; + localAS = kittenASN; + + wireguard = { + address = "2a13:79c0:ffff:feff::102"; + port = 6969; + + peerKey = "gDriA5mhKKh44OHEIxmmevphoVRLK45TRJmFS1DV1i4="; + }; + + template = "kittunderlay"; + bgpMED = 100; + ipv6 = { + #imports = null; + imports = x: "filter filter6_IN_BGP_${toString x}"; + #exports = [ "2a12:dd47:9330::/44" ]; + + #exports = null; + }; + ipv4 = { + imports = x: "filter filter4_IN_BGP_${toString x}"; + #exports = x: "filter6_IN_BGP_${toString x}"; + }; +} diff --git a/hosts/routers/__virtua-kit-edge/peers/KIT-VIRTUA-EDGE.legacy.nix b/hosts/routers/__virtua-kit-edge/peers/KIT-VIRTUA-EDGE.legacy.nix new file mode 100644 index 0000000..46ca905 --- /dev/null +++ b/hosts/routers/__virtua-kit-edge/peers/KIT-VIRTUA-EDGE.legacy.nix @@ -0,0 +1,50 @@ +{ ... }: +let + kittenASN = 4242421945; +in +{ + # vultr6 + # AS64515 + # Peer-IP : 2001:19f0:ffff::1 + + # protocol bgp TRANSIT_VULTR6 { + # + # multihop 2; + # + + # ipv6 { + # export filter { + # if ( net ~ [ 2a13:79c0:ff00::/40, 2a12:dd47:9330::/44 ] ) then { + # accept; + # } + # reject; + # }; + # import none; + # }; + # + # } + peerAS = kittenASN; + peerIP = "2a13:79c0:ffff:feff::110"; + localAS = kittenASN; + + wireguard = { + address = "2a13:79c0:ffff:feff::111"; + port = 6978; + # endpoint = "[2a07:8dc0:19:1cf::1]:51800"; + # peerKey = "p200ujtoVhMNnbrdljxoHqAF7cbfRDRFTA+6ibGvIEg="; + peerKey = "rMTaMWJYlgTKJoE0PnVOo9SKHTppEfYK5KtWjBI9mC8="; + }; + template = "kittunderlay"; + bgpMED = 6666; + ipv6 = { + #imports = null; + imports = x: "filter filter6_IN_BGP_${toString x}"; + #exports = [ "2a12:dd47:9330::/44" ]; + + #exports = null; + }; + ipv4 = { + imports = x: "filter filter4_IN_BGP_${toString x}"; + #exports = x: "filter6_IN_BGP_${toString x}"; + }; +} diff --git a/hosts/routers/__virtua-kit-edge/peers/KIT-vultr-edge.nix b/hosts/routers/__virtua-kit-edge/peers/KIT-vultr-edge.nix new file mode 100644 index 0000000..68cf772 --- /dev/null +++ b/hosts/routers/__virtua-kit-edge/peers/KIT-vultr-edge.nix @@ -0,0 +1,30 @@ +{ ... }: +let + kittenASN = 4242421945; +in +{ + peerAS = kittenASN; + peerIP = "2a13:79c0:ffff:feff::10f"; + localAS = kittenASN; + + wireguard = { + address = "2a13:79c0:ffff:feff::10e"; + port = 51801; + endpoint = "[2001:19f0:6801:365:5400:4ff:fe82:5c6e]:51801"; + peerKey = "H8z/i9mmbIukPwLJooVP/d+T4pi9IRFC/UYA7gcEzFM="; + }; + + template = "kittunderlay"; + bgpMED = 100; + ipv6 = { + #imports = null; + imports = x: "filter filter6_IN_BGP_${toString x}"; + #exports = [ "2a12:dd47:9330::/44" ]; + + #exports = null; + }; + ipv4 = { + imports = x: "filter filter4_IN_BGP_${toString x}"; + #exports = x: "filter6_IN_BGP_${toString x}"; + }; +} diff --git a/hosts/routers/__virtua-kit-edge/peers/TRS-virtua6-RS01.nix b/hosts/routers/__virtua-kit-edge/peers/TRS-virtua6-RS01.nix new file mode 100644 index 0000000..661413c --- /dev/null +++ b/hosts/routers/__virtua-kit-edge/peers/TRS-virtua6-RS01.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + localAS = 207175; + peerAS = 35661; + peerIP = "2a0d:e680:0::b:1"; + multihop = 5; + + passwordRef = "virtua"; + + ipv6 = { + imports = null; + exports = [ + "2a13:79c0:ff00::/40" # Prod /40 + + # "2a12:dd47:9330::/44" + ]; + #exports = null; + }; +} diff --git a/hosts/routers/__virtua-kit-edge/peers/TRS-virtua6-RS02.nix b/hosts/routers/__virtua-kit-edge/peers/TRS-virtua6-RS02.nix new file mode 100644 index 0000000..dc175e5 --- /dev/null +++ b/hosts/routers/__virtua-kit-edge/peers/TRS-virtua6-RS02.nix @@ -0,0 +1,18 @@ +{ ... }: +{ + localAS = 207175; + peerAS = 35661; + peerIP = "2a0d:e680:0::b:2"; + multihop = 5; + + passwordRef = "virtua"; + + ipv6 = { + imports = null; + exports = [ + "2a13:79c0:ff00::/40" # Prod /40 + "2a12:dd47:9330::/44" + ]; + #exports = null; + }; +} diff --git a/hosts/routers/__virtua-kit-edge/peers/default.nix b/hosts/routers/__virtua-kit-edge/peers/default.nix new file mode 100644 index 0000000..a66d7be --- /dev/null +++ b/hosts/routers/__virtua-kit-edge/peers/default.nix @@ -0,0 +1,16 @@ +{ ... }: +let + defaultPeers = import ../../_peers { }; +in +defaultPeers +// { + + # Transit + TRS_virtua6_RS01 = import ./TRS-virtua6-RS01.nix { }; + TRS_virtua6_RS02 = import ./TRS-virtua6-RS02.nix { }; + + # Internal Tunnels + KIT_IG1_RTR = import ./KIT-IG1-RTR.nix { }; + vultrNix_PAR = import ./KIT-vultr-edge.nix { }; + # LGC_virtua_PAR = import ./KIT-VIRTUA-EDGE.legacy.nix { }; +} diff --git a/hosts/routers/default.nix b/hosts/routers/default.nix index 8e06297..426187a 100644 --- a/hosts/routers/default.nix +++ b/hosts/routers/default.nix @@ -5,13 +5,14 @@ # virtua-kit-edge = import ./virtua-kit-edge { }; # } -args@{ lib, ... }: -let - blacklist = [ ]; - folders = builtins.attrNames ( - lib.filterAttrs (n: v: v == "directory" && !lib.hasPrefix "_" n && !builtins.elem n blacklist) ( - builtins.readDir ./. - ) - ); -in -lib.genAttrs folders (folder: (import (./. + "/${folder}") (args // { }))) +# args@{ lib, ... }: +# let +# blacklist = [ ]; +# folders = builtins.attrNames ( +# lib.filterAttrs (n: v: v == "directory" && !lib.hasPrefix "_" n && !builtins.elem n blacklist) ( +# builtins.readDir ./. +# ) +# ); +# in +# lib.genAttrs folders (folder: (import (./. + "/${folder}") (args // { }))) +{...}: {} \ No newline at end of file diff --git a/hosts/stonkmembers/default.nix b/hosts/stonkmembers/default.nix index 8501b5c..84a7e65 100644 --- a/hosts/stonkmembers/default.nix +++ b/hosts/stonkmembers/default.nix @@ -5,13 +5,14 @@ # stonkstation = import ./stonkstation { }; # } -args@{ lib, ... }: -let - blacklist = [ ]; - folders = builtins.attrNames ( - lib.filterAttrs (n: v: v == "directory" && !lib.hasPrefix "_" n && !builtins.elem n blacklist) ( - builtins.readDir ./. - ) - ); -in -lib.genAttrs folders (folder: (import (./. + "/${folder}") (args // { }))) +# args@{ lib, ... }: +# let +# blacklist = [ ]; +# folders = builtins.attrNames ( +# lib.filterAttrs (n: v: v == "directory" && !lib.hasPrefix "_" n && !builtins.elem n blacklist) ( +# builtins.readDir ./. +# ) +# ); +# in +# lib.genAttrs folders (folder: (import (./. + "/${folder}") (args // { }))) +{...}: {} \ No newline at end of file