From 67657a453e654811ed5adf45a4c7aab32dc30274 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 6 Feb 2022 17:19:58 +0100
Subject: bifrost: ...

---
 hosts/vidhar/network/bifrost/default.nix | 82 ++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 hosts/vidhar/network/bifrost/default.nix

(limited to 'hosts/vidhar/network/bifrost/default.nix')

diff --git a/hosts/vidhar/network/bifrost/default.nix b/hosts/vidhar/network/bifrost/default.nix
new file mode 100644
index 00000000..40666f59
--- /dev/null
+++ b/hosts/vidhar/network/bifrost/default.nix
@@ -0,0 +1,82 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str;
+in {
+  config = {
+    systemd.network = {
+      netdevs = {
+        bifrost = {
+          netdevConfig = {
+            Name = "bifrost";
+            Kind = "wireguard";
+          };
+          wireguardConfig = {
+            PrivateKeyFile = config.sops.secrets.bifrost.path;
+            ListenPort = 51822;
+          };
+          wireguardPeers = [
+            { wireguardPeerConfig = {
+                AllowedIPs = [ "2a03:4000:52:ada:4::/96" ];
+                PublicKey = trim (readFile ../../../surtr/bifrost/surtr.pub);
+                PersistentKeepalive = 5;
+                Endpoint = "2a03:4000:52:ada:::51822";
+              };
+            }
+          ];
+        };
+      };
+      networks = {
+        bifrost = {
+          name = "bifrost";
+          matchConfig = {
+            Name = "bifrost";
+          };
+          address = ["2a03:4000:52:ada:4:1::/96"];
+          routes = [
+            { routeConfig = {
+                Destination = "2a03:4000:52:ada:4::/80";
+              };
+            }
+            { routeConfig ={
+                Gateway = "2a03:4000:52:ada:4::";
+                GatewayOnLink = true;
+                Table = "bifrost";
+              };
+            }
+          ];
+          routingPolicyRules = [
+            { routingPolicyRuleConfig = {
+                Table = "bifrost";
+                From = "2a03:4000:52:ada:4:1::/96";
+                Priority = 200;
+              };
+            }
+          ];
+          linkConfig = {
+            RequiredForOnline = false;
+          };
+          networkConfig = {
+            LLMNR = false;
+            MulticastDNS = false;
+          };
+        };
+      };
+    };
+    sops.secrets.bifrost = {
+      format = "binary";
+      sopsFile = ./vidhar.priv;
+      mode = "0640";
+      owner = "root";
+      group = "systemd-network";
+    };
+    environment.etc."systemd/networkd.conf" = {
+      text = ''
+        [Network]
+        RouteTable=bifrost:1026
+      '';
+    };
+  };
+}
-- 
cgit v1.2.3