home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

enable ipv6 networking on docker swarm

Browse source
This commit is contained in:
Pim Kunis 2024-01-14 17:59:32 +01:00
parent b38f1c291a
commit 0b02ed85de
5 changed files with 22 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/lab.nix
View file

@ -2,6 +2,7 @@
lab.networking = { lab.networking = {
publicIPv4 = "192.145.57.90"; publicIPv4 = "192.145.57.90";
dockerSwarmInternalIPv4 = "192.168.30.8"; dockerSwarmInternalIPv4 = "192.168.30.8";
dockerSwarmIPv6 = "2a0d:6e00:1a77:30:c8fe:c0ff:feff:ee08";
dmzRouterIPv4 = "192.168.30.1"; dmzRouterIPv4 = "192.168.30.1";
dmzServicesIPv4 = "192.168.30.7"; dmzServicesIPv4 = "192.168.30.7";
# TODO: configure prefix length as well # TODO: configure prefix length as well

4
nixos/modules/default.nix
View file

@ -1,6 +1,6 @@
{ lib, config, ... }: { lib, config, ... }:
let cfg = config.lab.dataHost; let cfg = config.lab;
in in
{ {
imports = [ imports = [
@ -23,7 +23,7 @@ in
''; '';
}; };
config.lab = lib.mkIf cfg.enable { config.lab = lib.mkIf cfg.dataHost.enable {
backups.enable = true; backups.enable = true;
data-sharing.enable = true; data-sharing.enable = true;
networking.allowDMZConnectivity = true; networking.allowDMZConnectivity = true;

9
nixos/modules/networking/default.nix
View file

@ -42,6 +42,13 @@ in {
''; '';
}; };
dockerSwarmIPv6 = lib.mkOption {
type = lib.types.str;
description = ''
Globally routable IPv6 address of the Docker Swarm.
'';
};
dmzRouterIPv4 = lib.mkOption { dmzRouterIPv4 = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = '' description = ''
@ -141,7 +148,7 @@ in {
networkConfig = { networkConfig = {
IPv6AcceptRA = cfg.allowDMZConnectivity; IPv6AcceptRA = cfg.allowDMZConnectivity;
LinkLocalAddressing = if cfg.allowDMZConnectivity then "ipv6" else "no"; LinkLocalAddressing = if cfg.allowDMZConnectivity then "ipv6" else "no";
DHCP = lib.mkIf (cfg.allowDMZConnectivity && cfg.staticDMZIPv4Address != "") "yes"; DHCP = lib.mkIf (cfg.allowDMZConnectivity && cfg.staticDMZIPv4Address == "") "yes";
Address = lib.lists.optional (cfg.staticDMZIPv4Address != "") cfg.staticDMZIPv4Address Address = lib.lists.optional (cfg.staticDMZIPv4Address != "") cfg.staticDMZIPv4Address
++ lib.lists.optional (cfg.staticDMZIPv6Address != "") cfg.staticDMZIPv6Address; ++ lib.lists.optional (cfg.staticDMZIPv6Address != "") cfg.staticDMZIPv6Address;
}; };

9
nixos/modules/networking/dmz/zones/geokunis2.nl.nix
View file

@ -1,7 +1,7 @@
{ config, dns, ... }: { config, dns, ... }:
with dns.lib.combinators; with dns.lib.combinators;
let let
inherit (config.lab.networking) publicIPv4 dmzServicesIPv6; inherit (config.lab.networking) publicIPv4 dmzServicesIPv6 dockerSwarmIPv6;
in in
{ {
SOA = { SOA = {
@ -20,11 +20,14 @@ in
MX = [ (mx.mx 10 "mail.geokunis2.nl.") ]; MX = [ (mx.mx 10 "mail.geokunis2.nl.") ];
A = [ publicIPv4 ]; A = [ publicIPv4 ];
AAAA = [ dmzServicesIPv6 ]; AAAA = [ dockerSwarmIPv6 ];
CAA = letsEncrypt "caa@geokunis2.nl"; CAA = letsEncrypt "caa@geokunis2.nl";
subdomains = { subdomains = {
"*".A = [ publicIPv4 ]; "*" = {
A = [ publicIPv4 ];
AAAA = [ dockerSwarmIPv6 ];
};
ns = { ns = {
A = [ publicIPv4 ]; A = [ publicIPv4 ];

7
nixos/modules/networking/dmz/zones/kun.is.nix
View file

@ -1,7 +1,7 @@
{ config, dns, ... }: { config, dns, ... }:
with dns.lib.combinators; with dns.lib.combinators;
let let
inherit (config.lab.networking) publicIPv4 dmzServicesIPv6; inherit (config.lab.networking) publicIPv4 dmzServicesIPv6 dockerSwarmIPv6;
in in
{ {
CAA = letsEncrypt "caa@kun.is"; CAA = letsEncrypt "caa@kun.is";
@ -22,7 +22,10 @@ in
]; ];
subdomains = { subdomains = {
"*".A = [ publicIPv4 ]; "*" = {
A = [ publicIPv4 ];
AAAA = [ dockerSwarmIPv6 ];
};
ns = { ns = {
A = [ publicIPv4 ]; A = [ publicIPv4 ];