Add ipv6 to websites

This adds ipv6 to websites, and moves the ip address handling to
environment.

Fixes https://git.immae.eu/mantisbt/view.php?id=103

1 files changed, 12 insertions, 7 deletions

diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix
index 3e346d4..f254a05 100644
--- a/nixops/eldiron.nix
+++ b/nixops/eldiron.nix
@@ -15,14 +15,20 @@
       myconfig = {
         inherit privateFiles;
         env = import "${privateFiles}/environment.nix";
-        ips = {
-          main = "176.9.151.89";
-          production = "176.9.151.154";
-          integration = "176.9.151.155";
-        };
       };
     };
 
+    networking = {
+      firewall.enable = true;
+      # 176.9.151.89 declared in nixops -> infra / tools
+      interfaces."eth0".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList
+        (n: ips: { address = ips.ip4; prefixLength = 32; })
+        (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") myconfig.env.servers.eldiron.ips);
+      interfaces."eth0".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
+        (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
+        myconfig.env.servers.eldiron.ips);
+    };
+
     imports = [
       ./modules/ssh
       ./modules/certificates.nix
@@ -53,14 +59,13 @@
       MaxLevelStore="warning"
       MaxRetentionSec="1year"
       '';
-    networking.firewall.enable = true;
 
     deployment = {
       targetEnv = "hetzner";
       hetzner = {
         robotUser = myconfig.env.hetzner.user;
         robotPass = myconfig.env.hetzner.pass;
-        mainIPv4 = myconfig.ips.main;
+        mainIPv4 = myconfig.env.servers.eldiron.ips.main.ip4;
         partitions = ''
           clearpart --all --initlabel --drives=sda,sdb