enable ipv6 networking on docker swarm

2024-01-14 17:59:32 +01:00 · 2024-01-14 17:59:32 +01:00 · 0b02ed85de
commit 0b02ed85de
parent b38f1c291a
5 changed files with 22 additions and 8 deletions
--- a/nixos/lab.nix
+++ b/nixos/lab.nix
@ -2,6 +2,7 @@
  lab.networking = {
    publicIPv4 = "192.145.57.90";
    dockerSwarmInternalIPv4 = "192.168.30.8";
+    dockerSwarmIPv6 = "2a0d:6e00:1a77:30:c8fe:c0ff:feff:ee08";
    dmzRouterIPv4 = "192.168.30.1";
    dmzServicesIPv4 = "192.168.30.7";
    # TODO: configure prefix length as well
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@ -1,6 +1,6 @@
 { lib, config, ... }:

-let cfg = config.lab.dataHost;
+let cfg = config.lab;
 in
 {
  imports = [
@ -23,7 +23,7 @@ in
    '';
  };

-  config.lab = lib.mkIf cfg.enable {
+  config.lab = lib.mkIf cfg.dataHost.enable {
    backups.enable = true;
    data-sharing.enable = true;
    networking.allowDMZConnectivity = true;
--- a/nixos/modules/networking/default.nix
+++ b/nixos/modules/networking/default.nix
@ -42,6 +42,13 @@ in {
      '';
    };

+    dockerSwarmIPv6 = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        Globally routable IPv6 address of the Docker Swarm.
+      '';
+    };
+
    dmzRouterIPv4 = lib.mkOption {
      type = lib.types.str;
      description = ''
@ -141,7 +148,7 @@ in {
          networkConfig = {
            IPv6AcceptRA = cfg.allowDMZConnectivity;
            LinkLocalAddressing = if cfg.allowDMZConnectivity then "ipv6" else "no";
-            DHCP = lib.mkIf (cfg.allowDMZConnectivity && cfg.staticDMZIPv4Address != "") "yes";
+            DHCP = lib.mkIf (cfg.allowDMZConnectivity && cfg.staticDMZIPv4Address == "") "yes";
            Address = lib.lists.optional (cfg.staticDMZIPv4Address != "") cfg.staticDMZIPv4Address
              ++ lib.lists.optional (cfg.staticDMZIPv6Address != "") cfg.staticDMZIPv6Address;
          };
--- a/nixos/modules/networking/dmz/zones/geokunis2.nl.nix
+++ b/nixos/modules/networking/dmz/zones/geokunis2.nl.nix
@ -1,7 +1,7 @@
 { config, dns, ... }:
 with dns.lib.combinators;
 let
-  inherit (config.lab.networking) publicIPv4 dmzServicesIPv6;
+  inherit (config.lab.networking) publicIPv4 dmzServicesIPv6 dockerSwarmIPv6;
 in
 {
  SOA = {
@ -20,11 +20,14 @@ in
  MX = [ (mx.mx 10 "mail.geokunis2.nl.") ];

  A = [ publicIPv4 ];
-  AAAA = [ dmzServicesIPv6 ];
+  AAAA = [ dockerSwarmIPv6 ];
  CAA = letsEncrypt "caa@geokunis2.nl";

  subdomains = {
-    "*".A = [ publicIPv4 ];
+    "*" = {
+      A = [ publicIPv4 ];
+      AAAA = [ dockerSwarmIPv6 ];
+    };

    ns = {
      A = [ publicIPv4 ];
--- a/nixos/modules/networking/dmz/zones/kun.is.nix
+++ b/nixos/modules/networking/dmz/zones/kun.is.nix
@ -1,7 +1,7 @@
 { config, dns, ... }:
 with dns.lib.combinators;
 let
-  inherit (config.lab.networking) publicIPv4 dmzServicesIPv6;
+  inherit (config.lab.networking) publicIPv4 dmzServicesIPv6 dockerSwarmIPv6;
 in
 {
  CAA = letsEncrypt "caa@kun.is";
@ -22,7 +22,10 @@ in
  ];

  subdomains = {
-    "*".A = [ publicIPv4 ];
+    "*" = {
+      A = [ publicIPv4 ];
+      AAAA = [ dockerSwarmIPv6 ];
+    };

    ns = {
      A = [ publicIPv4 ];