maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity
nixos-config/nixos/machines/hera/network.nix
Malte Brandy 2f0cbffbbe
Reformat with nixpkgs-fmt
2021-05-18 16:33:28 +02:00

88 lines
2.1 KiB
Nix
Raw Blame History

{ pkgs, config, ... }:
let
wireguard = import ../../../common/wireguard.nix;
inherit (config.m-0) hosts;
in
{
networking = {
hostName = "hera";
domain = "m-0.eu";
interfaces.ens18 = {
proxyARP = true;
ipv4.addresses = [{
address = "213.136.94.190";
prefixLength = 24;
}];
ipv6.addresses = [
{
address = hosts.hera;
prefixLength = 128;
}
{
address = hosts.hera-wg-host;
prefixLength = 128;
}
];
};
defaultGateway = "213.136.94.1";
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
firewall = {
extraCommands = ''
ip6tables -A INPUT -s ${config.m-0.prefix}::/64 -j ACCEPT
ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD ! -s ${config.m-0.prefix}::/64 -j DROP
'';
};
bridges.bridge.interfaces = [ ];
interfaces.bridge = {
proxyARP = true;
ipv6.addresses = [{
address = hosts.hera-intern;
prefixLength = 112;
}];
ipv4.addresses = [{
address = "10.0.0.1";
prefixLength = 24;
}];
};
nat = {
enable = true;
externalInterface = "ens18";
internalInterfaces = [ "bridge" ];
};
nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ];
firewall.allowedTCPPorts = [ 8666 ];
firewall.allowedUDPPorts = [ wireguard.port ];
wireguard.interfaces = {
m0wire = {
ips = [ "${hosts.hera-wg}/112" ];
privateKeyFile = pkgs.privatePath "wireguard/hera-private";
listenPort = wireguard.port;
peers = [{
publicKey = wireguard.pub.apollo;
allowedIPs = [ "${hosts.apollo-wg}/128" ];
presharedKeyFile = pkgs.privatePath "wireguard/psk";
}];
};
};
};
services = {
ndppd = {
enable = true;
configFile = pkgs.writeText "ndppd.conf" ''
proxy ens18 {
rule ${config.m-0.prefix}::/64 {
static
}
}
'';
};
};
}
View git blame Copy permalink