bifrost: ...

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-02-06 17:19:58 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-02-06 17:19:58 +0100
commit: 67657a453e654811ed5adf45a4c7aab32dc30274 (patch)
tree: b94f3378117ca2b6bd2d43c8ef106855e52e6462 /hosts/surtr/bifrost/default.nix
parent: 93f07176317920ee881773519ee342f9c62ab9c9 (diff)
download: nixos-67657a453e654811ed5adf45a4c7aab32dc30274.tar
nixos-67657a453e654811ed5adf45a4c7aab32dc30274.tar.gz
nixos-67657a453e654811ed5adf45a4c7aab32dc30274.tar.bz2
nixos-67657a453e654811ed5adf45a4c7aab32dc30274.tar.xz
nixos-67657a453e654811ed5adf45a4c7aab32dc30274.zip
1 files changed, 66 insertions, 0 deletions
diff --git a/hosts/surtr/bifrost/default.nix b/hosts/surtr/bifrost/default.nix
new file mode 100644
index 00000000..8f1e602d
--- /dev/null
+++ b/hosts/surtr/bifrost/default.nix
@@ -0,0 +1,66 @@
+{ config, lib, ... }:
+with lib;
+let
+  trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str;
+in {
+  config = {
+    systemd.network = {
+      netdevs = {
+        bifrost = {
+          netdevConfig = {
+            Name = "bifrost";
+            Kind = "wireguard";
+          };
+          wireguardConfig = {
+            PrivateKeyFile = config.sops.secrets.bifrost.path;
+            ListenPort = 51822;
+          };
+          wireguardPeers = [
+            { wireguardPeerConfig = {
+                AllowedIPs = [ "2a03:4000:52:ada:4:1::/96" ];
+                PublicKey = trim (readFile ../../vidhar/network/bifrost/vidhar.pub);
+              };
+            }
+          ];
+        };
+      };
+      networks = {
+        bifrost = {
+          name = "bifrost";
+          matchConfig = {
+            Name = "bifrost";
+          };
+          address = ["2a03:4000:52:ada:4::/96"];
+          routes = [
+            { routeConfig = {
+                Destination = "2a03:4000:52:ada:4::/80";
+              };
+            }
+          ];
+          linkConfig = {
+            RequiredForOnline = false;
+          };
+          networkConfig = {
+            LLMNR = false;
+            MulticastDNS = false;
+          };
+        };
+      };
+    };
+    sops.secrets.bifrost = {
+      format = "binary";
+      sopsFile = ./surtr.priv;
+      mode = "0640";
+      owner = "root";
+      group = "systemd-network";
+    };
+    environment.etc."systemd/networkd.conf" = {
+      text = ''
+        [Network]
+        RouteTable=bifrost:1026
+      '';
+    };
+  };
+}
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-02-06 17:19:58 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-02-06 17:19:58 +0100
commit	67657a453e654811ed5adf45a4c7aab32dc30274 (patch)
tree	b94f3378117ca2b6bd2d43c8ef106855e52e6462 /hosts/surtr/bifrost/default.nix
parent	93f07176317920ee881773519ee342f9c62ab9c9 (diff)
download	nixos-67657a453e654811ed5adf45a4c7aab32dc30274.tar nixos-67657a453e654811ed5adf45a4c7aab32dc30274.tar.gz nixos-67657a453e654811ed5adf45a4c7aab32dc30274.tar.bz2 nixos-67657a453e654811ed5adf45a4c7aab32dc30274.tar.xz nixos-67657a453e654811ed5adf45a4c7aab32dc30274.zip

diff --git a/hosts/surtr/bifrost/default.nix b/hosts/surtr/bifrost/default.nix new file mode 100644 index 00000000..8f1e602d --- /dev/null +++ b/hosts/surtr/bifrost/default.nix
@@ -0,0 +1,66 @@
	1	{ config, lib, ... }:
	2
	3	with lib;
	4
	5	let
	6	trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str;
	7	in {
	8	config = {
	9	systemd.network = {
	10	netdevs = {
	11	bifrost = {
	12	netdevConfig = {
	13	Name = "bifrost";
	14	Kind = "wireguard";
	15	};
	16	wireguardConfig = {
	17	PrivateKeyFile = config.sops.secrets.bifrost.path;
	18	ListenPort = 51822;
	19	};
	20	wireguardPeers = [
	21	{ wireguardPeerConfig = {
	22	AllowedIPs = [ "2a03:4000:52:ada:4:1::/96" ];
	23	PublicKey = trim (readFile ../../vidhar/network/bifrost/vidhar.pub);
	24	};
	25	}
	26	];
	27	};
	28	};
	29	networks = {
	30	bifrost = {
	31	name = "bifrost";
	32	matchConfig = {
	33	Name = "bifrost";
	34	};
	35	address = ["2a03:4000:52:ada:4::/96"];
	36	routes = [
	37	{ routeConfig = {
	38	Destination = "2a03:4000:52:ada:4::/80";
	39	};
	40	}
	41	];
	42	linkConfig = {
	43	RequiredForOnline = false;
	44	};
	45	networkConfig = {
	46	LLMNR = false;
	47	MulticastDNS = false;
	48	};
	49	};
	50	};
	51	};
	52	sops.secrets.bifrost = {
	53	format = "binary";
	54	sopsFile = ./surtr.priv;
	55	mode = "0640";
	56	owner = "root";
	57	group = "systemd-network";
	58	};
	59	environment.etc."systemd/networkd.conf" = {
	60	text = ''
	61	[Network]
	62	RouteTable=bifrost:1026
	63	'';
	64	};
	65	};
	66	}