From 0b02ed85ded9ad5429099e4a6a5e5c61ee264a23 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 14 Jan 2024 17:59:32 +0100 Subject: [PATCH] enable ipv6 networking on docker swarm --- nixos/lab.nix | 1 + nixos/modules/default.nix | 4 ++-- nixos/modules/networking/default.nix | 9 ++++++++- nixos/modules/networking/dmz/zones/geokunis2.nl.nix | 9 ++++++--- nixos/modules/networking/dmz/zones/kun.is.nix | 7 +++++-- 5 files changed, 22 insertions(+), 8 deletions(-) diff --git a/nixos/lab.nix b/nixos/lab.nix index f883a58..310b4fe 100644 --- a/nixos/lab.nix +++ b/nixos/lab.nix @@ -2,6 +2,7 @@ lab.networking = { publicIPv4 = "192.145.57.90"; dockerSwarmInternalIPv4 = "192.168.30.8"; + dockerSwarmIPv6 = "2a0d:6e00:1a77:30:c8fe:c0ff:feff:ee08"; dmzRouterIPv4 = "192.168.30.1"; dmzServicesIPv4 = "192.168.30.7"; # TODO: configure prefix length as well diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 58ff038..623e356 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,6 +1,6 @@ { lib, config, ... }: -let cfg = config.lab.dataHost; +let cfg = config.lab; in { imports = [ @@ -23,7 +23,7 @@ in ''; }; - config.lab = lib.mkIf cfg.enable { + config.lab = lib.mkIf cfg.dataHost.enable { backups.enable = true; data-sharing.enable = true; networking.allowDMZConnectivity = true; diff --git a/nixos/modules/networking/default.nix b/nixos/modules/networking/default.nix index 90b9730..eb5d409 100644 --- a/nixos/modules/networking/default.nix +++ b/nixos/modules/networking/default.nix @@ -42,6 +42,13 @@ in { ''; }; + dockerSwarmIPv6 = lib.mkOption { + type = lib.types.str; + description = '' + Globally routable IPv6 address of the Docker Swarm. + ''; + }; + dmzRouterIPv4 = lib.mkOption { type = lib.types.str; description = '' @@ -141,7 +148,7 @@ in { networkConfig = { IPv6AcceptRA = cfg.allowDMZConnectivity; LinkLocalAddressing = if cfg.allowDMZConnectivity then "ipv6" else "no"; - DHCP = lib.mkIf (cfg.allowDMZConnectivity && cfg.staticDMZIPv4Address != "") "yes"; + DHCP = lib.mkIf (cfg.allowDMZConnectivity && cfg.staticDMZIPv4Address == "") "yes"; Address = lib.lists.optional (cfg.staticDMZIPv4Address != "") cfg.staticDMZIPv4Address ++ lib.lists.optional (cfg.staticDMZIPv6Address != "") cfg.staticDMZIPv6Address; }; diff --git a/nixos/modules/networking/dmz/zones/geokunis2.nl.nix b/nixos/modules/networking/dmz/zones/geokunis2.nl.nix index 901592c..b56974b 100644 --- a/nixos/modules/networking/dmz/zones/geokunis2.nl.nix +++ b/nixos/modules/networking/dmz/zones/geokunis2.nl.nix @@ -1,7 +1,7 @@ { config, dns, ... }: with dns.lib.combinators; let - inherit (config.lab.networking) publicIPv4 dmzServicesIPv6; + inherit (config.lab.networking) publicIPv4 dmzServicesIPv6 dockerSwarmIPv6; in { SOA = { @@ -20,11 +20,14 @@ in MX = [ (mx.mx 10 "mail.geokunis2.nl.") ]; A = [ publicIPv4 ]; - AAAA = [ dmzServicesIPv6 ]; + AAAA = [ dockerSwarmIPv6 ]; CAA = letsEncrypt "caa@geokunis2.nl"; subdomains = { - "*".A = [ publicIPv4 ]; + "*" = { + A = [ publicIPv4 ]; + AAAA = [ dockerSwarmIPv6 ]; + }; ns = { A = [ publicIPv4 ]; diff --git a/nixos/modules/networking/dmz/zones/kun.is.nix b/nixos/modules/networking/dmz/zones/kun.is.nix index 6e7742b..c4cafb8 100644 --- a/nixos/modules/networking/dmz/zones/kun.is.nix +++ b/nixos/modules/networking/dmz/zones/kun.is.nix @@ -1,7 +1,7 @@ { config, dns, ... }: with dns.lib.combinators; let - inherit (config.lab.networking) publicIPv4 dmzServicesIPv6; + inherit (config.lab.networking) publicIPv4 dmzServicesIPv6 dockerSwarmIPv6; in { CAA = letsEncrypt "caa@kun.is"; @@ -22,7 +22,10 @@ in ]; subdomains = { - "*".A = [ publicIPv4 ]; + "*" = { + A = [ publicIPv4 ]; + AAAA = [ dockerSwarmIPv6 ]; + }; ns = { A = [ publicIPv4 ];