imp: add zt gateway

input-output-hk · Oct 20, 2022 · d40f4d1 · d40f4d1
1 parent 0ba3019
commit d40f4d1
Show file tree

Hide file tree

Showing 4 changed files with 281 additions and 13 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -5,8 +5,8 @@
     n2c.url = "github:nlewo/nix2container";
     data-merge.url = "github:divnix/data-merge";
     # --- Bitte Stack ----------------------------------------------
-    bitte.url = "github:input-output-hk/bitte";
-    # bitte.url = "path:/home/jlotoski/work/iohk/bitte-wt/fix-core-user-data";
+    bitte.url = "github:input-output-hk/bitte/zt";
+    # bitte.url = "path:/home/jlotoski/work/iohk/bitte-wt/zt";
     # bitte.url = "path:/home/manveru/github/input-output-hk/bitte";
     bitte-cells.url = "github:input-output-hk/bitte-cells";
     # bitte-cells.url = "path:/home/jlotoski/work/iohk/bitte-cells-wt/bitte-cells";
@@ -30,6 +30,8 @@
     cicero.inputs.spongix.follows = "spongix";
     cicero.inputs.driver.follows = "nomad-driver-nix";
     tullia.url = "github:input-output-hk/tullia";
+    openziti.url = "github:johnalotoski/openziti-bins";
+    openziti.inputs.nixpkgs.follows = "nixpkgs";
     # --------------------------------------------------------------
   };
 

diff --git a/nix/metal/bitteProfile/default.nix b/nix/metal/bitteProfile/default.nix
@@ -25,6 +25,15 @@ in {
       flakePath = "${inputs.self}";
       vbkBackend = "local";
       builder = "cache";
+      transitGateway = {
+        enable = true;
+        transitRoutes = [
+          {
+            gatewayCoreNodeName = "zt";
+            cidrRange = "10.10.0.0/24";
+          }
+        ];
+      };
 
       autoscalingGroups = let
         defaultModules = [
@@ -231,6 +240,37 @@ in {
             inherit (securityGroupRules) internet internal ssh;
           };
         };
+
+        zt = {
+          # https://support.netfoundry.io/hc/en-us/articles/360025875331-Edge-Router-VM-Sizing-Guide
+          instanceType = "c5.large";
+          privateIP = "172.16.0.30";
+          subnet = cluster.vpc.subnets.core-1;
+          volumeSize = 100;
+          sourceDestCheck = false;
+
+          modules = [
+            (bitte + /profiles/common.nix)
+            (bitte + /modules/ziti/ziti-controller.nix)
+            (bitte + /modules/ziti/ziti-router.nix)
+            (bitte + /modules/ziti/ziti-console.nix)
+            (bitte + /modules/ziti/ziti-edge-tunnel.nix)
+            ./ziti.nix
+          ];
+
+          securityGroupRules = {
+            inherit
+              (securityGroupRules)
+              internal
+              internet
+              ssh
+              ziti-controller-mgmt
+              ziti-controller-rest
+              ziti-router-edge
+              ziti-router-fabric
+              ;
+          };
+        };
       };
     };
   };