crans
/
nixos
mirror of https://gitlab.crans.org/nounous/nixos
19
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'config_switch' into 'main' 

Draft: Generation de la config des switch via Nix

See merge request nounous/nixos!54
merge-requests/54/merge
lzebulon 2026-01-25 00:00:47 +01:00
parent af2421c44e 314a76cbcc
commit b3fb2c21a6
4 changed files with 521 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
flake.nix
View File

@ -19,12 +19,11 @@
}; };
outputs = outputs =
inputs@{ inputs@{ self
self, , nixpkgs
nixpkgs, , flake-parts
flake-parts, , agenix
agenix, , ...
...
}: }:
flake-parts.lib.mkFlake { inherit inputs; } { flake-parts.lib.mkFlake { inherit inputs; } {
imports = [ inputs.treefmt-nix.flakeModule ]; imports = [ inputs.treefmt-nix.flakeModule ];
@ -38,63 +37,30 @@
./modules ./modules
agenix.nixosModules.default agenix.nixosModules.default
]; ];
hosts = import ./hosts.nix;
in in
{ # Physiques
apprentix = nixosSystem { (mapAttrs
specialArgs = inputs; (name: value:
modules = [ ./hosts/vm/apprentix ] ++ baseModules; nixosSystem {
}; specialArgs = inputs;
modules = [ ./hosts/physiques/${name} ] ++ baseModules;
jitsi = nixosSystem { }
specialArgs = inputs; )
modules = [ ./hosts/vm/jitsi ] ++ baseModules; # Filtre que c'est bien une machine Nixos
}; (filterAttrs (n: v: !(attrByPath [ "is_debian" ] false v)) hosts.physiques)
) //
livre = nixosSystem { # VMs
specialArgs = inputs; (mapAttrs
modules = [ ./hosts/vm/livre ] ++ baseModules; (name: value:
}; nixosSystem {
specialArgs = inputs;
neo = nixosSystem { modules = [ ./hosts/vm/${name} ] ++ baseModules;
specialArgs = inputs; }
modules = [ ./hosts/vm/neo ] ++ baseModules; )
}; # Filtre que c'est bien une machine Nixos
(filterAttrs (n: v: !(attrByPath [ "is_debian" ] false v)) hosts.vms)
nextcloud = nixosSystem { );
specialArgs = inputs;
modules = [ ./hosts/vm/nextcloud ] ++ baseModules;
};
periodique = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/periodique ] ++ baseModules;
};
redite = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/redite ] ++ baseModules;
};
reverseproxy = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/reverseproxy ] ++ baseModules;
};
thot = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/physiques/thot ] ++ baseModules;
};
two = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/two ] ++ baseModules;
};
vaultwarden = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/vaultwarden ] ++ baseModules;
};
};
}; };
perSystem = perSystem =

396
hosts.nix 100644
View File

@ -0,0 +1,396 @@
rec {
vlans = {
srv = {id = 2;};
srv-nat = {id = 3;};
san = {id = 4;};
adm = {id = 10;};
adh = {id = 12;};
adm-adh = {id = 13;};
vr = {id = 27;};
aurore = {id = 28;};
imprimante = {id = 2756;};
vlan-mlag = {id = 4094;};
};
reseaux = {
aurore = {
vlans = with vlans; [
aurore
];
switch = {
carapuce = 19;
};
};
# vr = {
# vlans = with vlans; [
# vr
# ];
# switch = {
# arceus = 21;
# };
# };
ens = {
vlans = with vlans; [
imprimante
];
switch = {
carapuce = 17;
};
};
};
physiques ={
thot = {
id = 14;
vlans = with vlans; [
adm
];
serveur_type = ["backup"];
description = ''
Serveur de backup du Crans, actuellement en SQ39
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
ft = {
is_debian = true;
id = 15;
vlans = with vlans; [
adm
];
serveur_type = ["backup"];
description = ''
Serveur de backup du Crans, actuellement en SQ39
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
switch = {
carapuce = 13;
arceus = 13;
ilo = {
carapuce = 25; # TODO
};
};
};
tealc = {
is_debian = true;
id = 1;
vlans = with vlans; [
adm
san
];
serveur_type = ["san"];
description = ''
Stockage adm
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
switch = {
carapuce = 10;
arceus = 10;
ilo = {
carapuce = 10; # TODO
};
};
};
cameron = {
is_debian = true;
id = 2;
vlans = with vlans; [
adm
san
];
serveur_type = ["san"];
description = ''
Stockage adh
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
# cephirot = {
# id = 3;
# vlans = with vlans; [
# adm
# san
# ];
# serveur_type = ["san"];
# description = ''
# Un serveur avec peut etre un jour ceph
# '';
# public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
# };
arceus = {
is_debian = true;
id = 7;
vlans = with vlans; [
adm
san
];
serveur_type = ["switch"];
description = ''
Switch principal
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
carapuce = {
is_debian = true;
id = 8;
vlans = with vlans; [
adm
san
];
serveur_type = ["switch"];
description = ''
Switch principal
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
sam = {
is_debian = true;
id = 11;
vlans = with vlans; [
adm
san
srv-nat
];
serveur_type = ["pve"];
description = ''
PVE adm
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
switch = {
carapuce = 1;
arceus = 1;
ilo = {
carapuce = 25; # TODO
};
};
};
daniel = {
is_debian = true;
id = 12;
vlans = with vlans; [
adm
san
srv-nat
];
serveur_type = ["pve"];
description = ''
PVE adm
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
switch = {
carapuce = 3;
arceus = 3;
ilo = {
carapuce = 25; # TODO
};
};
};
jack = {
is_debian = true;
id = 13;
vlans = with vlans; [
adm
san
srv-nat
];
serveur_type = ["pve"];
description = ''
PVE adm
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
switch = {
carapuce = 5;
arceus = 5;
ilo = {
carapuce = 25; # TODO
};
};
};
odlyd = {
is_debian = true;
id = 16;
vlans = with vlans; [
adh
adm
];
serveur_type = ["pve"];
description = ''
PVE adh, fait actuellement le mort
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
stitch = {
is_debian = true;
id = 17;
vlans = with vlans; [
adh
adm
];
serveur_type = ["pve"];
description = ''
PVE adh
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
gulp = with vlans; {
is_debian = true;
id = 18;
vlans = [
adh
adm
];
serveur_type = ["pve"];
description = ''
PVE adh
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
zamok = with vlans; {
is_debian = true;
id = 31;
vlans = [
adh
adm
san
];
serveur_type = ["pve"];
description = ''
Serveur de calcul adhérent
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
};
vms = {
romanesco = {
name = "romanesco";
is_debian = true;
id = 145;
vlans = with vlans; [
adm
(adh "185.230.78.252")
(srv "185.230.79.59")
];
description = ''
DNS récursif
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
neo = with vlans; {
name = "neo";
id = 145;
vlans = [
adm
# pas besoin de spécifier l'ipv6 car elle est construite depuis l'id
(srv "180.230.79.5")
];
description = ''
Matrix du crans, heberge également le bridge IRC <-> Matrix
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
nextcloud = {
id = 146;
vlans = with vlans; [
adm
san
srv-nat
];
description = ''
NextCloud du Crans
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
apprentix = {
id = 150;
vlans = with vlans; [
adm
];
description = ''
VM NixOs apprentie
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
jitsi = {
id = 163;
vlans = with vlans; [
adm
(srv "185.230.79.15")
];
description = ''
Jitsi du crans
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
livre = {
id = 140;
vlans = with vlans; [
adm
srv-nat
];
description = ''
Stirling PDF
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
periodique = {
id = 118;
vlans = with vlans; [
adm
srv-nat
];
description = ''
Client matrix web (element)
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
redite = {
id = 139;
vlans = with vlans; [
adm
srv-nat
];
description = ''
Redite
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
reverseproxy = with vlans; {
id = 151;
vlans = [
adm
srv-nat
(srv "185.230.79.42")
];
description = ''
NextCloud du Crans
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
two = {
id = 135;
vlans = with vlans; [
adm
srv-nat
];
description = ''
Une vm de test
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
vaultwarden = {
id = 159;
vlans = with vlans; [
adm
srv-nat
];
description = ''
Vaultwarden
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
};
}

89
modules/switch/arista.nix 100644
View File

@ -0,0 +1,89 @@
{lib, ...}:
let
generate_config = switch_name: user_switch: host:
let
server = host.physiques;
in
''
! File generated by the NixOS configuration
hostname ${switch_name}
ip domain-name adm.crans.org
!
spanning-tree mode mstp
no spanning-tree vlan ${toString host.vlans.vlan-mlag.id}
''
+
# On définie un user pour pouvoir s'y conncter en ssh
''
no aaa root
username ${user_switch.name} role network-admin secret 5 ${user_switch.hashedPassword}
username ${user_switch.name} sshkey ${user_switch.ssh_key}
''
+
# On définie les vlans
map host.vlans (name: value:
''
vlan ${toString value.id}
name ${name}
''
)
+
# On définie les port et le mlag si le machine est connecte sur les deux switch
lib.mapAttrs host.physiques (name: value:
if value.switch.${switch_name} then
let
port_channel = value.switch.${switch_name};
in
# FIX: certains n'ont pas de Port-Channel car sur un seul switch & port switch
# peut etre different donc il faut un autre truc pour determiner le numero du
# Port Channel
''
interface Ethernet${toString value.switch.${switch_name}}
mtu 9000
channel-group ${toString port_channel} mode active
interface Port-Channel${toString port_channel}
mtu 9000
switchport trunk allowed vlan ${lib.concatStringsSep "," (host.physiques.vlans.map (vlan: toString vlan.id)) }
switchport mode trunk
mlag ${toString port_channel}
''
else ''''
)
+
# On définie un port channel supplémentaire pour le mlag
''
interface Port-Channel2000
switchport mode trunk
switchport trunk group mlag
''
+
# On attribue une ip statique de management au switch
''
interface Management1
ip address 172.16.10.${toString host.physiques.${switch_name}.id}/24
''
+
# Je sais pas, c'etait dans la conf sur les switchs
''
no ip routing
''
+
# On configure le mlag
''
mlag configuration
domain-id mlag-01
heartbeat-interval 10000
local-interface Vlan${toString host.vlans.vlan-mlag.id}
peer-address 10.0.0.${if switch_name == "arceus" then "2" else "1"}
peer-link Port-Channel2000
reload-delay 150
''
+
''
end
''
;
in
{
}

8
variables.nix 100644
View File

@ -0,0 +1,8 @@
let
machines = import ./hosts.nix;
in
{
dns-recursif = machines.vms.romanesco.id;
}