checks/simulacrum: better networking

This commit is contained in:
Max Headroom 2024-07-17 21:57:45 +02:00
parent b8413e1e51
commit 9893c5f059

View file

@ -21,9 +21,7 @@ let
({ config, ... }: { ({ config, ... }: {
gods.fromLight = lib.mapAttrs (name: cfg: { gods.fromLight = lib.mapAttrs (name: cfg: {
interfaces.primary = { interfaces.primary = {
link = lib.mkForce "eth1"; link = lib.mkForce "vprimary";
addr = lib.mkForce "192.168.1.${toString digits.${name}}";
addrPublic = lib.mkForce "192.168.1.${toString digits.${name}}";
}; };
ssh.id.publicKey = lib.mkForce snakeoil.ssh.public; ssh.id.publicKey = lib.mkForce snakeoil.ssh.public;
}) lift.gods.fromLight; }) lift.gods.fromLight;
@ -50,13 +48,47 @@ testers.runNixOSTest {
name = "simulacrum"; name = "simulacrum";
node = { inherit specialArgs; }; node = { inherit specialArgs; };
nodes = lib.genAttrs nodes (node: { nodes = lib.genAttrs nodes (node: let
hour = depot'.config.hours.${node};
in {
imports = [ imports = [
specialArgs.depot.hours.${node}.nixos specialArgs.depot.hours.${node}.nixos
./modules/nixos/age-dummy-secrets ./modules/nixos/age-dummy-secrets
./modules/nixos/external-storage.nix ./modules/nixos/external-storage.nix
] ++ depot'.config.cluster.config.out.injectNixosConfig node; ] ++ depot'.config.cluster.config.out.injectNixosConfig node;
boot.kernel.sysctl."net.ipv4.ip_forward" = "1";
networking = {
interfaces = {
${hour.interfaces.primary.link} = {
useDHCP = lib.mkForce false;
virtual = true;
ipv4.addresses = lib.mkForce [
{
address = hour.interfaces.primary.addr;
prefixLength = 32;
}
];
};
eth1.ipv4.routes = lib.pipe nodes [
(lib.filter (n: n != node))
(map (n: let
hour = depot'.config.hours.${n};
in {
address = hour.interfaces.primary.addrPublic;
prefixLength = 32;
via = "192.168.1.${toString digits.${n}}";
}))
];
};
firewall.extraCommands = lib.mkAfter (lib.optionalString (hour.interfaces.primary.isNat) ''
# self-nat
iptables -t nat -A PREROUTING -d ${hour.interfaces.primary.addrPublic} -j DNAT --to-destination ${hour.interfaces.primary.addr}
iptables -t nat -A POSTROUTING -s ${hour.interfaces.primary.addr} -j SNAT --to-source ${hour.interfaces.primary.addrPublic}
'');
};
systemd.services = { systemd.services = {
hyprspace.enable = false; hyprspace.enable = false;
cachix-agent.enable = false; cachix-agent.enable = false;