diff options
Diffstat (limited to 'hosts/vidhar/network/bifrost/default.nix')
-rw-r--r-- | hosts/vidhar/network/bifrost/default.nix | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/hosts/vidhar/network/bifrost/default.nix b/hosts/vidhar/network/bifrost/default.nix new file mode 100644 index 00000000..40666f59 --- /dev/null +++ b/hosts/vidhar/network/bifrost/default.nix | |||
@@ -0,0 +1,82 @@ | |||
1 | { config, lib, ... }: | ||
2 | |||
3 | with lib; | ||
4 | |||
5 | let | ||
6 | trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str; | ||
7 | in { | ||
8 | config = { | ||
9 | systemd.network = { | ||
10 | netdevs = { | ||
11 | bifrost = { | ||
12 | netdevConfig = { | ||
13 | Name = "bifrost"; | ||
14 | Kind = "wireguard"; | ||
15 | }; | ||
16 | wireguardConfig = { | ||
17 | PrivateKeyFile = config.sops.secrets.bifrost.path; | ||
18 | ListenPort = 51822; | ||
19 | }; | ||
20 | wireguardPeers = [ | ||
21 | { wireguardPeerConfig = { | ||
22 | AllowedIPs = [ "2a03:4000:52:ada:4::/96" ]; | ||
23 | PublicKey = trim (readFile ../../../surtr/bifrost/surtr.pub); | ||
24 | PersistentKeepalive = 5; | ||
25 | Endpoint = "2a03:4000:52:ada:::51822"; | ||
26 | }; | ||
27 | } | ||
28 | ]; | ||
29 | }; | ||
30 | }; | ||
31 | networks = { | ||
32 | bifrost = { | ||
33 | name = "bifrost"; | ||
34 | matchConfig = { | ||
35 | Name = "bifrost"; | ||
36 | }; | ||
37 | address = ["2a03:4000:52:ada:4:1::/96"]; | ||
38 | routes = [ | ||
39 | { routeConfig = { | ||
40 | Destination = "2a03:4000:52:ada:4::/80"; | ||
41 | }; | ||
42 | } | ||
43 | { routeConfig ={ | ||
44 | Gateway = "2a03:4000:52:ada:4::"; | ||
45 | GatewayOnLink = true; | ||
46 | Table = "bifrost"; | ||
47 | }; | ||
48 | } | ||
49 | ]; | ||
50 | routingPolicyRules = [ | ||
51 | { routingPolicyRuleConfig = { | ||
52 | Table = "bifrost"; | ||
53 | From = "2a03:4000:52:ada:4:1::/96"; | ||
54 | Priority = 200; | ||
55 | }; | ||
56 | } | ||
57 | ]; | ||
58 | linkConfig = { | ||
59 | RequiredForOnline = false; | ||
60 | }; | ||
61 | networkConfig = { | ||
62 | LLMNR = false; | ||
63 | MulticastDNS = false; | ||
64 | }; | ||
65 | }; | ||
66 | }; | ||
67 | }; | ||
68 | sops.secrets.bifrost = { | ||
69 | format = "binary"; | ||
70 | sopsFile = ./vidhar.priv; | ||
71 | mode = "0640"; | ||
72 | owner = "root"; | ||
73 | group = "systemd-network"; | ||
74 | }; | ||
75 | environment.etc."systemd/networkd.conf" = { | ||
76 | text = '' | ||
77 | [Network] | ||
78 | RouteTable=bifrost:1026 | ||
79 | ''; | ||
80 | }; | ||
81 | }; | ||
82 | } | ||