mirror of https://gerrit.hackerspace.pl/hscloud
Merge "edge01: systemd unit for running RIPE Atlas anchor VM"
commit
6327f12afa
|
@ -27,6 +27,7 @@
|
||||||
{ device = "/dev/disk/by-uuid/D8BA-345D";
|
{ device = "/dev/disk/by-uuid/D8BA-345D";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
hscloud.anchorvm.blkdev = "/dev/janusz-vg/ripeanchor";
|
||||||
|
|
||||||
swapDevices =
|
swapDevices =
|
||||||
[ { device = "/dev/disk/by-uuid/5dadcff4-fcd4-4e8d-81f6-be68fb630396"; }
|
[ { device = "/dev/disk/by-uuid/5dadcff4-fcd4-4e8d-81f6-be68fb630396"; }
|
||||||
|
|
|
@ -22,7 +22,7 @@ in rec {
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./modules/router.nix
|
./modules/router.nix
|
||||||
|
./modules/anchorvm.nix
|
||||||
# Private configuration data - notably, customer data.
|
# Private configuration data - notably, customer data.
|
||||||
./secrets/plain/edge01.waw.bgp.wtf-private.nix
|
./secrets/plain/edge01.waw.bgp.wtf-private.nix
|
||||||
];
|
];
|
||||||
|
@ -129,9 +129,22 @@ in rec {
|
||||||
ipv4.addresses = [ { address = "185.236.240.14"; prefixLength = 31; } ];
|
ipv4.addresses = [ { address = "185.236.240.14"; prefixLength = 31; } ];
|
||||||
ipv6.addresses = [ { address = "2a0d:eb00:2137:1::a"; prefixLength = 127; } ];
|
ipv6.addresses = [ { address = "2a0d:eb00:2137:1::a"; prefixLength = 127; } ];
|
||||||
};
|
};
|
||||||
|
# VM bridge
|
||||||
|
"br0" = {
|
||||||
|
ipv4.addresses = [ { address = "185.236.240.17"; prefixLength = 29; } ];
|
||||||
|
ipv6.addresses = [ { address = "2a0d:eb00:2137:3::1"; prefixLength = 64; } ];
|
||||||
|
};
|
||||||
|
|
||||||
# Extra interface configs contained in //bgpwtf/machines/secrets/plain/edge01.waw.bgp.wtf-private.nix
|
# Extra interface configs contained in //bgpwtf/machines/secrets/plain/edge01.waw.bgp.wtf-private.nix
|
||||||
};
|
};
|
||||||
|
networking.bridges = {
|
||||||
|
"br0" = {
|
||||||
|
interfaces = [];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
hscloud.anchorvm = {
|
||||||
|
bridge = "br0";
|
||||||
|
};
|
||||||
|
|
||||||
hscloud.routing.enable = true;
|
hscloud.routing.enable = true;
|
||||||
hscloud.routing.routerID = "185.236.240.1";
|
hscloud.routing.routerID = "185.236.240.1";
|
||||||
|
|
|
@ -0,0 +1,44 @@
|
||||||
|
# This module runs the RIPE anchor VM in a bare qemu.
|
||||||
|
# It's expected that a storage LV is created independently and passed as blkdev.
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.hscloud.anchorvm;
|
||||||
|
|
||||||
|
in {
|
||||||
|
options.hscloud.anchorvm = {
|
||||||
|
blkdev = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "Root block device";
|
||||||
|
};
|
||||||
|
bridge = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "bridge interface";
|
||||||
|
};
|
||||||
|
ram = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
description = "memory allocated to the vm";
|
||||||
|
default = 2048;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config.systemd.services.anchorvm = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [
|
||||||
|
"network.target"
|
||||||
|
];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
# spawn=allow needed for bridge helper
|
||||||
|
ExecStart = ''${pkgs.qemu}/bin/qemu-kvm \
|
||||||
|
-nographic -m ${toString cfg.ram} -smp 2 \
|
||||||
|
-drive file=${cfg.blkdev},if=virtio,cache=none,format=raw \
|
||||||
|
-nic bridge,br=${cfg.bridge},model=virtio-net-pci \
|
||||||
|
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=allow,resourcecontrol=deny
|
||||||
|
'';
|
||||||
|
Restart = "always";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -163,6 +163,17 @@ test = import "${pkgsSrc}/nixos/tests/make-test-python.nix" ({ pkgs, libs, ... }
|
||||||
"e4-oob" = { virtual = true; virtualType = "tap"; };
|
"e4-oob" = { virtual = true; virtualType = "tap"; };
|
||||||
"e7-dcsw" = { virtual = true; virtualType = "tap"; };
|
"e7-dcsw" = { virtual = true; virtualType = "tap"; };
|
||||||
};
|
};
|
||||||
|
hscloud.anchorvm = {
|
||||||
|
blkdev = "/anchor.img";
|
||||||
|
ram = 32;
|
||||||
|
};
|
||||||
|
systemd.services.anchorTestImg = {
|
||||||
|
requiredBy = [ "anchorvm.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
ExecStart = "${pkgs.coreutils}/bin/truncate -s 128m /anchor.img";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
speaker = mkBGPSpeaker;
|
speaker = mkBGPSpeaker;
|
||||||
|
|
Loading…
Reference in New Issue