diff options
Diffstat (limited to 'nixos/modules/services/networking/yggdrasil.xml')
-rw-r--r-- | nixos/modules/services/networking/yggdrasil.xml | 156 |
1 files changed, 156 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/yggdrasil.xml b/nixos/modules/services/networking/yggdrasil.xml new file mode 100644 index 00000000000..a341d5d8153 --- /dev/null +++ b/nixos/modules/services/networking/yggdrasil.xml @@ -0,0 +1,156 @@ +<?xml version="1.0"?> +<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="module-services-networking-yggdrasil"> + <title>Yggdrasil</title> + <para> + <emphasis>Source:</emphasis> + <filename>modules/services/networking/yggdrasil/default.nix</filename> + </para> + <para> + <emphasis>Upstream documentation:</emphasis> + <link xlink:href="https://yggdrasil-network.github.io/"/> + </para> + <para> +Yggdrasil is an early-stage implementation of a fully end-to-end encrypted, +self-arranging IPv6 network. +</para> + <section xml:id="module-services-networking-yggdrasil-configuration"> + <title>Configuration</title> + <section xml:id="module-services-networking-yggdrasil-configuration-simple"> + <title>Simple ephemeral node</title> + <para> +An annotated example of a simple configuration: +<programlisting> +{ + services.yggdrasil = { + enable = true; + persistentKeys = false; + # The NixOS module will generate new keys and a new IPv6 address each time + # it is started if persistentKeys is not enabled. + + config = { + Peers = [ + # Yggdrasil will automatically connect and "peer" with other nodes it + # discovers via link-local multicast annoucements. Unless this is the + # case (it probably isn't) a node needs peers within the existing + # network that it can tunnel to. + "tcp://1.2.3.4:1024" + "tcp://1.2.3.5:1024" + # Public peers can be found at + # https://github.com/yggdrasil-network/public-peers + ]; + }; + }; +} +</programlisting> + </para> + </section> + <section xml:id="module-services-networking-yggdrasil-configuration-prefix"> + <title>Persistent node with prefix</title> + <para> +A node with a fixed address that announces a prefix: +<programlisting> +let + address = "210:5217:69c0:9afc:1b95:b9f:8718:c3d2"; + prefix = "310:5217:69c0:9afc"; + # taken from the output of "yggdrasilctl getself". +in { + + services.yggdrasil = { + enable = true; + persistentKeys = true; # Maintain a fixed public key and IPv6 address. + config = { + Peers = [ "tcp://1.2.3.4:1024" "tcp://1.2.3.5:1024" ]; + NodeInfo = { + # This information is visible to the network. + name = config.networking.hostName; + location = "The North Pole"; + }; + }; + }; + + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; + # Forward traffic under the prefix. + + networking.interfaces.${eth0}.ipv6.addresses = [{ + # Set a 300::/8 address on the local physical device. + address = prefix + "::1"; + prefixLength = 64; + }]; + + services.radvd = { + # Annouce the 300::/8 prefix to eth0. + enable = true; + config = '' + interface eth0 + { + AdvSendAdvert on; + prefix ${prefix}::/64 { + AdvOnLink on; + AdvAutonomous on; + }; + route 200::/8 {}; + }; + ''; + }; +} +</programlisting> + </para> + </section> + <section xml:id="module-services-networking-yggdrasil-configuration-container"> + <title>Yggdrasil attached Container</title> + <para> +A NixOS container attached to the Yggdrasil network via a node running on the +host: + <programlisting> +let + yggPrefix64 = "310:5217:69c0:9afc"; + # Again, taken from the output of "yggdrasilctl getself". +in +{ + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; + # Enable IPv6 forwarding. + + networking = { + bridges.br0.interfaces = [ ]; + # A bridge only to containers… + + interfaces.br0 = { + # … configured with a prefix address. + ipv6.addresses = [{ + address = "${yggPrefix64}::1"; + prefixLength = 64; + }]; + }; + }; + + containers.foo = { + autoStart = true; + privateNetwork = true; + hostBridge = "br0"; + # Attach the container to the bridge only. + config = { config, pkgs, ... }: { + networking.interfaces.eth0.ipv6 = { + addresses = [{ + # Configure a prefix address. + address = "${yggPrefix64}::2"; + prefixLength = 64; + }]; + routes = [{ + # Configure the prefix route. + address = "200::"; + prefixLength = 7; + via = "${yggPrefix64}::1"; + }]; + }; + + services.httpd.enable = true; + networking.firewall.allowedTCPPorts = [ 80 ]; + }; + }; + +} +</programlisting> + </para> + </section> + </section> +</chapter> |