diff --git a/README.md b/README.md index 13ed07d..dc977e9 100644 --- a/README.md +++ b/README.md @@ -15,25 +15,40 @@ __ingress.tjo.cloud__ has port-forwarded all public ports to it (22, 25, 80, 443 __network.tjo.cloud__ establishes Tailscale VPN connection between other network.tjo.cloud VMs. Using subnet routing it makes it possible that each VM can connect to all other VMs on any Proxmox host. # Subnets +We are using `10.0.0.0/16` range for IPv4 as well as `fd74:6a6f:0::/48` for IPv6. +## Designations | Host | IPv4 | IPv6 | |------------|---------------|-----------------------| -| _reserved_ | 10.0.0.0/20 | fd9b:5314:0:0000::/52 | -| batuu | 10.0.16.0/20 | fd9b:5314:0:1000::/52 | -| jakku | 10.0.32.0/20 | fd9b:5314:0:2000::/52 | -| nevaroo | 10.0.48.0/20 | fd9b:5314:0:3000::/52 | -| | 10.0.64.0/20 | fd9b:5314:0:4000::/52 | -| | 10.0.80.0/20 | fd9b:5314:0:5000::/52 | -| | 10.0.96.0/20 | fd9b:5314:0:6000::/52 | -| | 10.0.112.0/20 | fd9b:5314:0:7000::/52 | -| | 10.0.128.0/20 | fd9b:5314:0:8000::/52 | -| | 10.0.144.0/20 | fd9b:5314:0:9000::/52 | -| | 10.0.160.0/20 | fd9b:5314:0:a000::/52 | -| | 10.0.176.0/20 | fd9b:5314:0:b000::/52 | -| | 10.0.192.0/20 | fd9b:5314:0:c000::/52 | -| | 10.0.208.0/20 | fd9b:5314:0:d000::/52 | -| | 10.0.224.0/20 | fd9b:5314:0:e000::/52 | -| | 10.0.240.0/20 | fd9b:5314:0:f000::/52 | +| _reserved_ | 10.0.0.0/20 | fd74:6a6f:0:0000::/52 | +| batuu | 10.0.16.0/20 | fd74:6a6f:0:1000::/52 | +| jakku | 10.0.32.0/20 | fd74:6a6f:0:2000::/52 | +| nevaroo | 10.0.48.0/20 | fd74:6a6f:0:3000::/52 | +| | 10.0.64.0/20 | fd74:6a6f:0:4000::/52 | +| | 10.0.80.0/20 | fd74:6a6f:0:5000::/52 | +| | 10.0.96.0/20 | fd74:6a6f:0:6000::/52 | +| | 10.0.112.0/20 | fd74:6a6f:0:7000::/52 | +| | 10.0.128.0/20 | fd74:6a6f:0:8000::/52 | +| | 10.0.144.0/20 | fd74:6a6f:0:9000::/52 | +| | 10.0.160.0/20 | fd74:6a6f:0:a000::/52 | +| | 10.0.176.0/20 | fd74:6a6f:0:b000::/52 | +| | 10.0.192.0/20 | fd74:6a6f:0:c000::/52 | +| | 10.0.208.0/20 | fd74:6a6f:0:d000::/52 | +| | 10.0.224.0/20 | fd74:6a6f:0:e000::/52 | +| | 10.0.240.0/20 | fd74:6a6f:0:f000::/52 | + +Each subnet gives us 4096 IP addresses per host. + +### Per host designations + +| Use | IPv4 | IPv6 | +|------------------|------------------|-----------------------| +| Virtual Machines | 10.0.(y+0).0/22 | fd74:6a6f:0:y000::/54 | +| Kubernetes | 10.0.(y+4).0/22 | fd74:6a6f:0:y400::/54 | +| | 10.0.(y+8).0/22 | fd74:6a6f:0:y800::/54 | +| | 10.0.(y+12).0/22 | fd74:6a6f:0:yc00::/54 | + +Each section gives us 1024 IP addresses. # Setting up new Host @@ -53,7 +68,13 @@ opkg update opkg install ca-bundle kmod-tun iptables-nft kmod-ipt-conntrack kmod-ipt-conntrack-extra kmod-ipt-conntrack-label kmod-ipt-nat kmod-nft-nat /etc/init.d/tailscale start /etc/init.d/tailscale enable -tailscale up --accept-routes --advertise-routes=$IPV4_SUBNET,$IPV6_SUBNET --accept-dns=false --ssh + +# Batuu +tailscale up --accept-routes --advertise-routes=10.0.16.0/20,fd74:6a6f:0:1000::/52 --accept-dns=false --ssh +# Jakku +tailscale up --accept-routes --advertise-routes=10.0.32.0/20,fd74:6a6f:0:2000::/52 --accept-dns=false --ssh +# Nevaroo +tailscale up --accept-routes --advertise-routes=10.0.48.0/20,fd74:6a6f:0:3000::/52 --accept-dns=false --ssh ``` ### 6. Configure. @@ -62,9 +83,9 @@ Once tailscale is up and manually configured (see the config files for guide). We can use automated way of maintaining config. ``` -just deploy-config batuu 10.0.16.1 fd9b:5314:0:1000:: -just deploy-config jakku 10.0.32.1 fd9b:5314:0:2000:: -just deploy-config nevaroo 10.0.48.1 fd9b:5314:0:3000:: +just deploy-config batuu 10.0.16.1 fd74:6a6f:0:1000:: +just deploy-config jakku 10.0.32.1 fd74:6a6f:0:2000:: +just deploy-config nevaroo 10.0.48.1 fd74:6a6f:0:3000:: ``` # TODO diff --git a/openwrt/etc/config/dhcp b/openwrt/etc/config/dhcp index ad00baf..d186969 100644 --- a/openwrt/etc/config/dhcp +++ b/openwrt/etc/config/dhcp @@ -16,7 +16,9 @@ config dnsmasq config dhcp 'lan' option interface 'lan' option start '1' - option limit '254' + # 1/4 of the subnet space. + # The rest is reserved for other uses. + option limit '1021' option leasetime '24h' option dhcpv4 'server' option dhcpv6 'server' diff --git a/terraform/node.tf b/terraform/node.tf index 98e094a..86c1b50 100644 --- a/terraform/node.tf +++ b/terraform/node.tf @@ -53,8 +53,13 @@ resource "proxmox_virtual_environment_vm" "nodes" { name = "${each.value.host}.${each.value.domain}" node_name = each.value.host - description = "OpenWRT instance for ${each.value.host}." - tags = [each.value.domain] + description = <