1e2e2bdd35
grep -- '- &' .sops.yaml | cut -d'&' -f2 | grep _host | sed 's/_host//' | xargs -n2 clan secrets machines add
for i in secrets/*.yaml; do host=$(basename $i .yaml); clan secrets import-sops $i --machine $host --user makefu --prefix ${host}-;done
for i in secrets/*.yaml; do host=$(basename $i .yaml) ;clan secrets groups add-machine common "$host";done
37 lines
1,022 B
Nix
37 lines
1,022 B
Nix
{ config, lib, pkgs, modulesPath, ... }:
|
|
let
|
|
external-mac = "96:00:01:24:33:f4";
|
|
external-gw = "172.31.1.1";
|
|
external-ip = "142.132.189.140";
|
|
external-ip6 = "2a01:4f8:1c17:5cdf::2";
|
|
external-gw6 = "fe80::1";
|
|
external-netmask = 32;
|
|
external-netmask6 = 64;
|
|
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
|
ext-if = "et0"; # gets renamed on the fly
|
|
in
|
|
{
|
|
makefu.server.primary-itf = ext-if;
|
|
services.udev.extraRules = ''
|
|
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
|
'';
|
|
networking = {
|
|
enableIPv6 = true;
|
|
nat.enableIPv6 = true;
|
|
interfaces."${ext-if}" = {
|
|
useDHCP = true;
|
|
ipv6.addresses = [{
|
|
address = external-ip6;
|
|
prefixLength = external-netmask6;
|
|
}];
|
|
};
|
|
#ipv4.addresses = [{
|
|
# address = external-ip;
|
|
# prefixLength = external-netmask;
|
|
#}];
|
|
defaultGateway6 = { address = external-gw6; interface = ext-if; };
|
|
#defaultGateway = external-gw;
|
|
nameservers = [ "1.1.1.1" ];
|
|
};
|
|
}
|