diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-11-15 09:07:04 +0059 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-11-15 09:07:04 +0059 |
commit | 9663c40408fde29d5ca7ea9a71373bef4b16ae8c (patch) | |
tree | c7b0392b6ebcac1ce00f6c15b608d96ae624b139 | |
parent | 06d301e4387aee497604ca0567c53c68f1bfb31b (diff) | |
download | nixos-9663c40408fde29d5ca7ea9a71373bef4b16ae8c.tar nixos-9663c40408fde29d5ca7ea9a71373bef4b16ae8c.tar.gz nixos-9663c40408fde29d5ca7ea9a71373bef4b16ae8c.tar.bz2 nixos-9663c40408fde29d5ca7ea9a71373bef4b16ae8c.tar.xz nixos-9663c40408fde29d5ca7ea9a71373bef4b16ae8c.zip |
vidhar: dsl
-rw-r--r-- | hosts/vidhar/default.nix | 38 | ||||
-rw-r--r-- | hosts/vidhar/dsl.nix | 64 | ||||
-rw-r--r-- | hosts/vidhar/pap-secrets | 26 | ||||
-rw-r--r-- | modules/yggdrasil-wg/default.nix | 2 |
4 files changed, 122 insertions, 8 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 107906c7..7335ea8a 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix | |||
@@ -1,7 +1,7 @@ | |||
1 | { hostName, flake, config, pkgs, lib, ... }: | 1 | { hostName, flake, config, pkgs, lib, ... }: |
2 | { | 2 | { |
3 | imports = with flake.nixosModules.systemProfiles; [ | 3 | imports = with flake.nixosModules.systemProfiles; [ |
4 | ./zfs.nix | 4 | ./zfs.nix ./dsl.nix |
5 | initrd-all-crypto-modules default-locale openssh rebuild-machines | 5 | initrd-all-crypto-modules default-locale openssh rebuild-machines |
6 | build-server | 6 | build-server |
7 | initrd-ssh | 7 | initrd-ssh |
@@ -26,7 +26,7 @@ | |||
26 | kernelModules = [ "kvm-intel" ]; | 26 | kernelModules = [ "kvm-intel" ]; |
27 | 27 | ||
28 | kernelParams = [ | 28 | kernelParams = [ |
29 | "ip=192.168.2.168::192.168.2.1:255.255.255.0::eno1:static" | 29 | "ip=10.141.0.1:::255.255.255.0::eno1:static" |
30 | ]; | 30 | ]; |
31 | 31 | ||
32 | tmpOnTmpfs = true; | 32 | tmpOnTmpfs = true; |
@@ -72,10 +72,9 @@ | |||
72 | useDHCP = false; | 72 | useDHCP = false; |
73 | useNetworkd = true; | 73 | useNetworkd = true; |
74 | 74 | ||
75 | defaultGateway = { address = "192.168.2.1"; }; | ||
76 | interfaces."eno1" = { | 75 | interfaces."eno1" = { |
77 | ipv4.addresses = [ | 76 | ipv4.addresses = [ |
78 | { address = "192.168.2.168"; prefixLength = 24; } | 77 | { address = "10.141.0.1"; prefixLength = 24; } |
79 | ]; | 78 | ]; |
80 | }; | 79 | }; |
81 | 80 | ||
@@ -93,9 +92,34 @@ | |||
93 | ]; | 92 | ]; |
94 | }; | 93 | }; |
95 | }; | 94 | }; |
96 | systemd.network.networks."40-eno1".networkConfig = { | 95 | |
97 | Domains = lib.mkForce "~."; | 96 | services.dhcpd4 = { |
98 | DNS = [ "192.168.2.1" ]; | 97 | enable = true; |
98 | interfaces = [ "eno1" ]; | ||
99 | }; | ||
100 | services.corerad = { | ||
101 | enable = true; | ||
102 | settings = { | ||
103 | interfaces = [ | ||
104 | { name = config.networking.pppInterface; | ||
105 | monitor = true; | ||
106 | } | ||
107 | { name = "eno1"; | ||
108 | advertise = true; | ||
109 | prefix = [{ prefix = "::/64"; }]; | ||
110 | route = [{ prefix = "::/0"; }]; | ||
111 | } | ||
112 | ]; | ||
113 | }; | ||
114 | }; | ||
115 | boot.kernel.sysctl = { | ||
116 | "net.ipv6.conf.all.forwarding" = true; | ||
117 | "net.ipv6.conf.default.forwarding" = true; | ||
118 | "net.ipv4.conf.all.forwarding" = true; | ||
119 | "net.ipv4.conf.default.forwarding" = true; | ||
120 | }; | ||
121 | systemd.network.networks = { | ||
122 | "eno2".networkConfig.LinkLocalAddressing = "no"; | ||
99 | }; | 123 | }; |
100 | 124 | ||
101 | services.timesyncd.enable = false; | 125 | services.timesyncd.enable = false; |
diff --git a/hosts/vidhar/dsl.nix b/hosts/vidhar/dsl.nix new file mode 100644 index 00000000..bdce55a6 --- /dev/null +++ b/hosts/vidhar/dsl.nix | |||
@@ -0,0 +1,64 @@ | |||
1 | { config, lib, pkgs, ... }: | ||
2 | |||
3 | with lib; | ||
4 | |||
5 | let | ||
6 | pppInterface = config.networking.pppInterface; | ||
7 | in { | ||
8 | options = { | ||
9 | networking.pppInterface = mkOption { | ||
10 | type = types.str; | ||
11 | default = "dsl"; | ||
12 | }; | ||
13 | }; | ||
14 | |||
15 | config = { | ||
16 | networking.vlans = { | ||
17 | telekom = { | ||
18 | id = 7; | ||
19 | interface = "eno2"; | ||
20 | }; | ||
21 | }; | ||
22 | |||
23 | services.pppd = { | ||
24 | enable = true; | ||
25 | peers.telekom.config = '' | ||
26 | nodefaultroute | ||
27 | ifname ${pppInterface} | ||
28 | lcp-echo-failure 1 | ||
29 | lcp-echo-interval 1 | ||
30 | maxfail 0 | ||
31 | mtu 1492 | ||
32 | mru 1492 | ||
33 | plugin rp-pppoe.so | ||
34 | name telekom | ||
35 | user 002576900250551137425220#0001@t-online.de | ||
36 | telekom | ||
37 | debug | ||
38 | ''; | ||
39 | }; | ||
40 | systemd.services."pppd-telekom".serviceConfig = lib.mkForce { | ||
41 | ExecStart = "${lib.getBin pkgs.ppp}/sbin/pppd call telekom nodetach nolog"; | ||
42 | Restart = "always"; | ||
43 | RestartSec = 5; | ||
44 | |||
45 | RuntimeDirectory = "pppd"; | ||
46 | RuntimeDirectoryPreserve = true; | ||
47 | }; | ||
48 | sops.secrets."pap-secrets" = { | ||
49 | format = "binary"; | ||
50 | sopsFile = ./pap-secrets; | ||
51 | path = "/etc/ppp/pap-secrets"; | ||
52 | }; | ||
53 | |||
54 | environment.etc = { | ||
55 | "ppp/ip-up" = { | ||
56 | text = '' | ||
57 | #!${pkgs.runtimeShell} | ||
58 | ${pkgs.iproute}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512 | ||
59 | ''; | ||
60 | mode = "0555"; | ||
61 | }; | ||
62 | }; | ||
63 | }; | ||
64 | } | ||
diff --git a/hosts/vidhar/pap-secrets b/hosts/vidhar/pap-secrets new file mode 100644 index 00000000..6053a120 --- /dev/null +++ b/hosts/vidhar/pap-secrets | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:tkLtHxmceijHwqQabwhQhDhQu5Tp49y0nPWcnbmIa8I70L9NkmwRz399+nl0t6hejFDj25CkYX2hv2KUuXHzWROXt3c3Eit5vtxVkoNjkH5q3vX553VOsxMYgzBBWFCOTfGk+EfwFZ2biQxf2TdOuGrI/2BFrTojpPn5H0BXQY2apaNohmAqclU//tkNTF++q7k9pKuw3hdet77szbss0yY9768nrHhorHZ4b2OaZJm84F8GfgeGkDfVI1vwv/XffFOgCkne,iv:Oxg5aBYFowPriiC6HckVOvcd5MBz43XhRXQzgKKvVCY=,tag:v9NrPKS0hgDkSB5HsTkVUQ==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2021-11-15T07:46:02Z", | ||
10 | "mac": "ENC[AES256_GCM,data:5H6r4seYU0+v/HGpb4foZ+HxULx6UR9cQqAHpfH1DUv8QzXlkdYZsa55nB8/p5WTZpbPi+E8fzsXcDO35BWyKSKALolaqdfBO1g7WsDVnnbOrkDcrQx7DUUi92rEYj6+uUnQrSJjKTKCcDyj5D0/qbeFx+J1euV18vWCp1aXiUM=,iv:XNv3ioiz9jHHp+ai0h3RZsKyCQnI+O3z5R4X+KdjuhE=,tag:XXayGuLyy1vSV+tahxipxQ==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2021-11-15T07:45:08Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdADLXtluBBuSsm9CIPG1mEJnOJ0IQmCpwQPcU+Bl/zOE8w\nseSG0fcoBnRX7ngWMoJZ7a0G1ARjBql63SJN7OJ8E7OLcMBeaRkjl/F9jRM6gfIJ\n0l4BCu/V/objPnHxlQ9ETKheAjr7aEH+Wuttut1U+a8Ad5kl5/hKtkK5gv+q0WTi\nRBCe8OIKFbkzd8OvvzZlQBBEa4G/2Az2lVYFrxHq0a7XyJOxmnUJWurbsPUK6EMk\n=ksU8\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2021-11-15T07:45:08Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAf37n8FlEvDjECfajRNxIh+sLj+VZOSYfzt+GovJN1C4w\nQRkd//w4h6CqMcVz3LzNZIn2Pa8lhBLFV2tBfFqZDa80HcBWCtBgDivq8l7onmJm\n0l4BiAv4DzVVjBOZqhBnzla6SmRqAZDwE1WO7gN+R3/7S/0DXUxopjvdFaheLVj9\n/tKup9Dn2n3mr7gCvgvuPIaoJqdJSG5v8rgp1IrFSIlVtLv+ThgCsGCKZ/P9ef56\n=aqGg\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 4900d7e0..c3940d4d 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
@@ -44,7 +44,7 @@ let | |||
44 | } | 44 | } |
45 | { from = "sif"; | 45 | { from = "sif"; |
46 | to = "vidhar"; | 46 | to = "vidhar"; |
47 | endpointHost = "192.168.2.168"; | 47 | endpointHost = "10.141.0.1"; |
48 | PersistentKeepalive = 25; | 48 | PersistentKeepalive = 25; |
49 | family = "4"; | 49 | family = "4"; |
50 | } | 50 | } |