From 9893c5f0593f1acb7a533c0e9e422ca3a5396d1b Mon Sep 17 00:00:00 2001 From: Max Date: Wed, 17 Jul 2024 21:57:45 +0200 Subject: [PATCH] checks/simulacrum: better networking --- packages/checks/simulacrum.nix | 40 ++++++++++++++++++++++++++++++---- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/packages/checks/simulacrum.nix b/packages/checks/simulacrum.nix index 522d17b..39d92d3 100644 --- a/packages/checks/simulacrum.nix +++ b/packages/checks/simulacrum.nix @@ -21,9 +21,7 @@ let ({ config, ... }: { gods.fromLight = lib.mapAttrs (name: cfg: { interfaces.primary = { - link = lib.mkForce "eth1"; - addr = lib.mkForce "192.168.1.${toString digits.${name}}"; - addrPublic = lib.mkForce "192.168.1.${toString digits.${name}}"; + link = lib.mkForce "vprimary"; }; ssh.id.publicKey = lib.mkForce snakeoil.ssh.public; }) lift.gods.fromLight; @@ -50,13 +48,47 @@ testers.runNixOSTest { name = "simulacrum"; node = { inherit specialArgs; }; - nodes = lib.genAttrs nodes (node: { + nodes = lib.genAttrs nodes (node: let + hour = depot'.config.hours.${node}; + in { imports = [ specialArgs.depot.hours.${node}.nixos ./modules/nixos/age-dummy-secrets ./modules/nixos/external-storage.nix ] ++ depot'.config.cluster.config.out.injectNixosConfig node; + boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; + networking = { + interfaces = { + ${hour.interfaces.primary.link} = { + useDHCP = lib.mkForce false; + virtual = true; + ipv4.addresses = lib.mkForce [ + { + address = hour.interfaces.primary.addr; + prefixLength = 32; + } + ]; + }; + eth1.ipv4.routes = lib.pipe nodes [ + (lib.filter (n: n != node)) + (map (n: let + hour = depot'.config.hours.${n}; + in { + address = hour.interfaces.primary.addrPublic; + prefixLength = 32; + via = "192.168.1.${toString digits.${n}}"; + })) + ]; + }; + + firewall.extraCommands = lib.mkAfter (lib.optionalString (hour.interfaces.primary.isNat) '' + # self-nat + iptables -t nat -A PREROUTING -d ${hour.interfaces.primary.addrPublic} -j DNAT --to-destination ${hour.interfaces.primary.addr} + iptables -t nat -A POSTROUTING -s ${hour.interfaces.primary.addr} -j SNAT --to-source ${hour.interfaces.primary.addrPublic} + ''); + }; + systemd.services = { hyprspace.enable = false; cachix-agent.enable = false;