From 0491df32f73c41adf90dab24dc53158b177dc060 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Mon, 22 Dec 2025 04:08:30 +0100 Subject: [PATCH] Init bakke (!87) New backup server just dropped! This server is awfully slow, and the mdraid setup is awfully slow, and I doubt that this will be a good experience, but we now have a backup server again? - Tried Disko and nixos-anywhere - Tried using mdraid - Found that md is ancient and bad - Found that disko is 100% extra steps, and a lot more complicated and noisy than just formatting your disks yourself - Found that systemd-boot doesn't support mdraid - Found that we probably don't need to mirror the boot partition :) - Found that old hardware is slow - Found that old hardware can have poor support for iPXE with UEFI, and might do weird BIOS stuff on you when you least expect it - Reaffirmed that zfs is love Current disk layout: - mdraid for boot/root disk - 4TB WD Red with 500MiB ESP with systemd-boot, Remaining mdraid - Old? - 4TB WD Red with 500MiB Unused partition, Remaining mdraid - Old? - zfs pool "tank" for the actual backup data - 8TB Toshiba MG08 - New - 8TB Exos 7E10 - New TODO: - Document the death of Toriel on the wiki - Document Bakke on the wiki - ... describing the poco loco disk layout - Start backing stuff up - Restic? Borg? Rsync? - Make backup retention policy and zfs snapshot system - Document backup procedures Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/87 Co-authored-by: Felix Albrigtsen Co-committed-by: Felix Albrigtsen --- .sops.yaml | 24 +++++-- flake.nix | 5 ++ hosts/bakke/configuration.nix | 26 +++++++ hosts/bakke/disks.nix | 83 +++++++++++++++++++++++ hosts/bakke/filesystems.nix | 26 +++++++ hosts/bakke/hardware-configuration.nix | 52 ++++++++++++++ secrets/bakke/bakke.yaml | 94 ++++++++++++++++++++++++++ values.nix | 4 ++ 8 files changed, 308 insertions(+), 6 deletions(-) create mode 100644 hosts/bakke/configuration.nix create mode 100644 hosts/bakke/disks.nix create mode 100644 hosts/bakke/filesystems.nix create mode 100644 hosts/bakke/hardware-configuration.nix create mode 100644 secrets/bakke/bakke.yaml diff --git a/.sops.yaml b/.sops.yaml index db4155e..2368d4f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,25 +1,25 @@ keys: # Users - &user_danio age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge + - &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5 - &user_felixalb age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 - &user_oysteikt F7D37890228A907440E1FD4846B9228E814A2AAC - - &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5 - - &user_pederbs_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn - - &user_pederbs_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs - &user_pederbs_bjarte age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 + - &user_pederbs_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs + - &user_pederbs_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn # Hosts - - &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt - - &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0 + - &host_bakke age1syted6kt48sumjjucggh6r3uca4x2ppp4mfungf3lamkt2le05csc99633 - &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd - &host_bicep age19nk55kcs7s0358jpkn75xnr57dfq6fq3p43nartvsprx0su22v7qcgcjdx - - &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8 + - &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0 - &host_kommode age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly - &host_lupine-1 age1fkrypl6fu4ldsa7te4g3v4qsegnk7sd6qhkquuwzh04vguy96qus08902e - &host_lupine-2 age1mu0ej57n4s30ghealhyju3enls83qyjua69986la35t2yh0q2s0seruz5n - &host_lupine-3 age1j2u876z8hu87q5npfxzzpfgllyw8ypj66d7cgelmzmnrf3xud34qzkntp9 - &host_lupine-4 age1t8zlawqkmhye737pn8yx0z3p9cl947d9ktv2cajdc6hnvn52d3fsc59s2k - &host_lupine-5 age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu + - &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8 creation_rules: # Global secrets @@ -125,3 +125,15 @@ creation_rules: - *user_pederbs_bjarte pgp: - *user_oysteikt + + - path_regex: secrets/bakke/[^/]+\.yaml$ + key_groups: + - age: + - *host_bakke + - *user_danio + - *user_felixalb + - *user_pederbs_sopp + - *user_pederbs_nord + - *user_pederbs_bjarte + pgp: + - *user_oysteikt diff --git a/flake.nix b/flake.nix index 5073bf0..be743f4 100644 --- a/flake.nix +++ b/flake.nix @@ -104,6 +104,11 @@ stableNixosConfig = name: extraArgs: nixosConfig nixpkgs name ./hosts/${name}/configuration.nix extraArgs; in { + bakke = stableNixosConfig "bakke" { + modules = [ + disko.nixosModules.disko + ]; + }; bicep = stableNixosConfig "bicep" { modules = [ inputs.matrix-next.nixosModules.default diff --git a/hosts/bakke/configuration.nix b/hosts/bakke/configuration.nix new file mode 100644 index 0000000..1aa2b9e --- /dev/null +++ b/hosts/bakke/configuration.nix @@ -0,0 +1,26 @@ +{ config, pkgs, values, ... }: +{ + imports = [ + ./hardware-configuration.nix + ../../base + ../../misc/metrics-exporters.nix + ./filesystems.nix + ]; + + sops.defaultSopsFile = ../../secrets/bakke/bakke.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.age.keyFile = "/var/lib/sops-nix/key.txt"; + sops.age.generateKey = true; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "bakke"; + networking.hostId = "99609ffc"; + systemd.network.networks."30-enp2s0" = values.defaultNetworkConfig // { + matchConfig.Name = "enp2s0"; + address = with values.hosts.bakke; [ (ipv4 + "/25") (ipv6 + "/64") ]; + }; + + system.stateVersion = "24.05"; +} diff --git a/hosts/bakke/disks.nix b/hosts/bakke/disks.nix new file mode 100644 index 0000000..e7d1a5b --- /dev/null +++ b/hosts/bakke/disks.nix @@ -0,0 +1,83 @@ +{ + # https://github.com/nix-community/disko/blob/master/example/boot-raid1.nix + # Note: Disko was used to create the initial md raid, but is no longer in active use on this host. + disko.devices = { + disk = { + one = { + type = "disk"; + device = "/dev/disk/by-id/ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E2EER6N6"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "mdraid"; + name = "boot"; + }; + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid1"; + }; + }; + }; + }; + }; + two = { + type = "disk"; + device = "/dev/disk/by-id/ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E7LPLU71"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "mdraid"; + name = "boot"; + }; + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid1"; + }; + }; + }; + }; + }; + }; + mdadm = { + boot = { + type = "mdadm"; + level = 1; + metadata = "1.0"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + raid1 = { + type = "mdadm"; + level = 1; + content = { + type = "gpt"; + partitions.primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/bakke/filesystems.nix b/hosts/bakke/filesystems.nix new file mode 100644 index 0000000..9312a0c --- /dev/null +++ b/hosts/bakke/filesystems.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: +{ + # Boot drives: + boot.swraid.enable = true; + + # ZFS Data pool: + environment.systemPackages = with pkgs; [ zfs ]; + boot = { + zfs = { + extraPools = [ "tank" ]; + requestEncryptionCredentials = false; + }; + supportedFilesystems = [ "zfs" ]; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + }; + services.zfs.autoScrub = { + enable = true; + interval = "Wed *-*-8..14 00:00:00"; + }; + + # NFS Exports: + #TODO + + # NFS Import mounts: + #TODO +} diff --git a/hosts/bakke/hardware-configuration.nix b/hosts/bakke/hardware-configuration.nix new file mode 100644 index 0000000..801fd31 --- /dev/null +++ b/hosts/bakke/hardware-configuration.nix @@ -0,0 +1,52 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/0f63c3d2-fc12-4ed5-a5a5-141bfd67a571"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/0f63c3d2-fc12-4ed5-a5a5-141bfd67a571"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/0f63c3d2-fc12-4ed5-a5a5-141bfd67a571"; + fsType = "btrfs"; + options = [ "subvol=nix" "noatime" ]; + }; + + fileSystems."/boot" = + { device = "/dev/sdc2"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault false; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/secrets/bakke/bakke.yaml b/secrets/bakke/bakke.yaml new file mode 100644 index 0000000..4b65f78 --- /dev/null +++ b/secrets/bakke/bakke.yaml @@ -0,0 +1,94 @@ +hello: ENC[AES256_GCM,data:+GWORSIf9TxmJLw1ytZwPbve2yz5H9ewVE5sOpQzkrRpct6Wes+vTE19Ij8W1g==,iv:C/WhXNBBM/bidC9xynZzk34nYXF3mUjAd4nPXpUlYHs=,tag:OJXSwuI8aNDnHFFTkwyGBQ==,type:str] +example_key: ENC[AES256_GCM,data:ojSsrFYo5YD0YtiqcA==,iv:nvNtG6c0OqnQovzWQLMjcn9vbQ4PPYSv2B43Y8z0h5s=,tag:+h7YUNRA2MTvwGJq1VZW8g==,type:str] +#ENC[AES256_GCM,data:6EvhlBtrl5wqyf6UAGwY8Q==,iv:fzLUjBzyuT17FcP8jlmLrsKW46pu6/lAvAVLHBxje6k=,tag:n+qR1NUqa91uFRIpALKlmw==,type:comment] +example_array: + - ENC[AES256_GCM,data:A38KXABxJzMoKitKpHo=,iv:OlRap3R//9tvKdPLz7uP+lvBa/fD0W8xFzdxIKKFi4E=,tag:QKizPN1fYOv5zZlMVgTIOQ==,type:str] + - ENC[AES256_GCM,data:8X2iVkHQtQMReopWdgM=,iv:2Wq3QOadwd3G3ROXNe7JQD4AL/5H/WV19TBEbxijG/8=,tag:tikKT9Wvzm4Vz5aoy6w9WQ==,type:str] +example_number: ENC[AES256_GCM,data:0K05hiSPh2Ok1A==,iv:IVRo61xkKugv4OiPm0vt9ODm5DC1DzJFdlgQJb1TfTg=,tag:o3xXygVEUD4jaGSJr0Nxtw==,type:float] +example_booleans: + - ENC[AES256_GCM,data:zoykmQ==,iv:1JGy1Cg5GdAiod9qPSzW+wsG6rUgUJyYMEE4k576Tlk=,tag:RUCbytPpo78bqlAVEUsbLg==,type:bool] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1syted6kt48sumjjucggh6r3uca4x2ppp4mfungf3lamkt2le05csc99633 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYmlqekUzY2NlQzAxQmZB + QllRaVVWSnpNNm4xWlpwNHdMOTJRS2hnS0FzClhkd1hHZk9NWWF3K25HWkxwbEUv + bXpmQjNTTERaRDlKODh2NEdIaytJYlUKLS0tIE5ZNGhrbUNONU1rY2dqR08rclRO + VHF2MXB2VGNhRzJ2czk5RGlLRm1QM0kKFQhRRrISgmU1neqwAewsS2AVog4Gg2QX + ukHvwzO8B6EHH83ppR9Z56aThSmyTSrU5TMwRiLRCWjKGpbL8Gap3Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSamUvT015TW9iQ3F5UHla + SWJ6cjQ0aEdmd0U0WUViL293MEtUazMrY1NVCmgvNXNhZzBSM1Y4b1JnbktQcm9Q + Rm9CaU9oZExyMFg5aVlQaHhZMkdhQUkKLS0tIDRiSHY2eFA5NmRtaTNYcnNiQ1Fx + RzhPY2l5UnREeFArWE5lS0p1TlBFdFkKoaV8MHuRCvPapWy/SDFjbtRSnzpU9qpL + uTfUHMYAkzTwftoQyKYRXY3Qizznn6O8e8SGgLUGPBk0HwrU9vq/8A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEaDVaaVAzSnMxSERHT1BM + TkthN0VQL3QzNGUranBxSE41ZW5ZeW5hL3cwCmR3SVk4bEtRdW53cURRbDh6SEZ3 + OUx1ZDZtZmdSRjlKWWpSTi9ndnNsZTgKLS0tIDlja3h0N2dxUUZzMWVmZ1lTY0lO + VVBiSzAyamlTV3RXRTB4VDJubnRJbzAKZKALwMcN8rpCZdTPE17wNcqt81Lyh0lb + paU9GRRp5qBxMaNZaHGirhZWChf3ZjyA/assN4EWSNYe1yzNq9TCPg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCdW0vOHpiUnYwNkRaTzdH + NVlKazBUWHlzazRKZlZKZVpXZ1BNdjUreVV3CnlIRXpCTUdwSUNkSXRFdVdnM0E1 + blZYdnpDK3orcTdQNVk5U3JiMEVEaTgKLS0tIGR1V1d0dW1TSDROQ1pVY0ZvellP + WnNxOFlNTWpxV0J2VWk1WDE4UjViUHcKZcGxaNaoalFmc1h2AOf5MKS9O7Kid+Xx + WatBjO9oU+lVcy2HGJhuDYoEg6cQ0ER+HTnfZwJRzDwBB6DCyeH8IQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbm0wMW92U0tMaGR3bzdJ + c3QrODN3eXIvb1V2TVZldExpNzZoWEc5UkdjCmtETGxvK0ZHbWVvL1MrdVJOL2V1 + R3Y4SjhlT3lObGdWRVZQSHh6MUJFd0kKLS0tIDhnOFQ3dEsrVnJWU1lUQlFzd3l1 + Ny9NbUd1L201cTdkYWQvbHJIRjVWa1UKcHICycS4yPtk0lXrDJmFpS66C7c+GIdS + XzghorP2JQxpb3uUcy2XwOHJZMWy0KbFKYjLsIH48oJqqQ9j43WS8w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0YmFheU4wSG9QZTNtRVRz + Z21zalZBcWNObEFabXgxOWdYY3F1MENlMlc4CmtWeFl0ZSt4bUo0R3dydEozK3V1 + dnZlZmtjMk9rdFZlTzFqUXJUdFNZWVUKLS0tIGU2VTdNVCsvRitZMXVleUg0L3lC + dU5QblEyZzJBOWJOeGoxQ29OS29hczgKC03MEGwaYq7WKKhh7pq1QOQfjH+L5+8b + HXP90cOyvc+dnpV/D2lSns6iK92FYOYVQ+wMjCsoB7zMj24MjPc03w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-15T21:42:17Z" + mac: ENC[AES256_GCM,data:2gH/ZaxSA6ShRu53dxj7V3jk7FsVdYS+PSHQyFT8qMvKM1hsQ/nWrKt00PUl9I7Gb4uomP9Ga3SyphYOXRBzKoV+x52oEWOJE3Q4iPrwdCkyHlxEezhTd/ZRQVatG6dvHpLuDNS9Dyph4f7Mw5USI+m4WeVdgCvHTydw+4KIfP4=,iv:yimfq96WVsagvKr8HTg1RdZBSrVGcCWPvv8XOXkOfcg=,tag:zHzdrE0PX5+AeD2lpqeJVQ==,type:str] + pgp: + - created_at: "2025-03-15T21:46:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA0av/duuklWYAQ//QdHVK0PzPDj4BhvVm/FCiRMdKGw7BFDR/+qhxhEULMnu + 6YSBtO5HMNhIkLlb+3gs/iIJ9+RxQjcxl00sUoEKpucE03QdmRD5EhGoNk3lNKc+ + A2xelfPFOtbJpzjLub6JwsyfAQMO3c+Wj4f3SKCWK/ad8MVr2xHEhCUfoG9g5w4O + KprijBL98/nCXnhhseXFQLvlSIeAUcGMSj+nyvIpBVDIOsYPmgYxZDTOajRFQhcT + ZfAA36ViPwEz9LKSMvZe1KYHJVwrUsSrCdTZWZtRUb2udiVXCh6bFNd/eTqdMKiz + OBWtnYjD/JNpCtQmy+Y6xsy16udvuPZigY7Rb7CGKOoM4F32QUb22yY5DBLZDq+e + XCq1cQCZ+CCqHa3+7dqvZcnbTDa1plCdoinRaZNLuT9cKoclIZjFNW7bBbPTnFhx + 0e8Zs85CJgarEE8K4b+6unBRN1C+awjCCeSXrPCcz59+qIyY/DC5EsjjV/11VTC3 + WlHrafbOF1umDZ+Vp2ihylQO+gedVKvQ4qPLkweXn0u1UqokoxcCh+FsdUiGeeDp + PsRAQukmo60IPfnwVlZqpMVmJJ5gXIUOEZF7BmTvvcRzZIHTtJZFcNjYHyl5+/Un + r6CWiJbExYJm6cLVr8ZBA7gCg6XiVmdRQ/edkVfMHBharH0H8PNxd8WCgkelmsPS + XgFfQwymmSTaZHewifFWYe75rDJ8TPLmmmR1JCkIK8lJy6vygQ4k+JL6rKekVW/P + SYLrwup1QwcZR78gxjr7lzZNbAKij331EoSsO2+O+MQcfJIeUP51G6+UgJkxRfo= + =DyBj + -----END PGP MESSAGE----- + fp: F7D37890228A907440E1FD4846B9228E814A2AAC + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/values.nix b/values.nix index d352b15..3e7a4ac 100644 --- a/values.nix +++ b/values.nix @@ -32,6 +32,10 @@ in rec { gateway = pvv-ipv4 129; gateway6 = pvv-ipv6 1; + bakke = { + ipv4 = pvv-ipv4 173; + ipv6 = pvv-ipv6 173; + }; bekkalokk = { ipv4 = pvv-ipv4 168; ipv6 = pvv-ipv6 168;