diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-07 12:58:10 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-07 12:58:10 +0200 |
commit | d68bb46bc6d04b450bb0bd995b4286f3d46b2557 (patch) | |
tree | 6d30e64504c98e580ccad7becd138e6a15a8906c /nixops/eldiron.nix | |
parent | 384ec543ef58e2cd8cafb9dad1c284fbc195144a (diff) | |
download | Nix-d68bb46bc6d04b450bb0bd995b4286f3d46b2557.tar.gz Nix-d68bb46bc6d04b450bb0bd995b4286f3d46b2557.tar.zst Nix-d68bb46bc6d04b450bb0bd995b4286f3d46b2557.zip |
Add ipv6 to websites
This adds ipv6 to websites, and moves the ip address handling to
environment.
Fixes https://git.immae.eu/mantisbt/view.php?id=103
Diffstat (limited to 'nixops/eldiron.nix')
-rw-r--r-- | nixops/eldiron.nix | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix index 3e346d4..f254a05 100644 --- a/nixops/eldiron.nix +++ b/nixops/eldiron.nix | |||
@@ -15,14 +15,20 @@ | |||
15 | myconfig = { | 15 | myconfig = { |
16 | inherit privateFiles; | 16 | inherit privateFiles; |
17 | env = import "${privateFiles}/environment.nix"; | 17 | env = import "${privateFiles}/environment.nix"; |
18 | ips = { | ||
19 | main = "176.9.151.89"; | ||
20 | production = "176.9.151.154"; | ||
21 | integration = "176.9.151.155"; | ||
22 | }; | ||
23 | }; | 18 | }; |
24 | }; | 19 | }; |
25 | 20 | ||
21 | networking = { | ||
22 | firewall.enable = true; | ||
23 | # 176.9.151.89 declared in nixops -> infra / tools | ||
24 | interfaces."eth0".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList | ||
25 | (n: ips: { address = ips.ip4; prefixLength = 32; }) | ||
26 | (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") myconfig.env.servers.eldiron.ips); | ||
27 | interfaces."eth0".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList | ||
28 | (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) | ||
29 | myconfig.env.servers.eldiron.ips); | ||
30 | }; | ||
31 | |||
26 | imports = [ | 32 | imports = [ |
27 | ./modules/ssh | 33 | ./modules/ssh |
28 | ./modules/certificates.nix | 34 | ./modules/certificates.nix |
@@ -53,14 +59,13 @@ | |||
53 | MaxLevelStore="warning" | 59 | MaxLevelStore="warning" |
54 | MaxRetentionSec="1year" | 60 | MaxRetentionSec="1year" |
55 | ''; | 61 | ''; |
56 | networking.firewall.enable = true; | ||
57 | 62 | ||
58 | deployment = { | 63 | deployment = { |
59 | targetEnv = "hetzner"; | 64 | targetEnv = "hetzner"; |
60 | hetzner = { | 65 | hetzner = { |
61 | robotUser = myconfig.env.hetzner.user; | 66 | robotUser = myconfig.env.hetzner.user; |
62 | robotPass = myconfig.env.hetzner.pass; | 67 | robotPass = myconfig.env.hetzner.pass; |
63 | mainIPv4 = myconfig.ips.main; | 68 | mainIPv4 = myconfig.env.servers.eldiron.ips.main.ip4; |
64 | partitions = '' | 69 | partitions = '' |
65 | clearpart --all --initlabel --drives=sda,sdb | 70 | clearpart --all --initlabel --drives=sda,sdb |
66 | 71 | ||