stuff

2025-03-17 18:14:50 -07:00
parent 6370602c9e
commit fce17b26d4
4 changed files with 65 additions and 28 deletions
--- a/tests/triple-dezert.nix
+++ b/tests/triple-dezert.nix
@@ -30,6 +30,27 @@ let
    (address "205.201.63.12" 32) #colin's doof ip
    (address doof-shelvacu-ip 32) #my doof ip
  ];
+  internet-module = publicAddr: { ... }: {
+    config = {
+      virtualisation.interfaces.internet0.vlan = vlans.the_internet;
+      networking.interfaces.internet0.ipv4 = {
+        addresses = [ (address publicAddr 32) ];
+        routes = [
+          {
+            address = "0.0.0.0";
+            prefixLength = 0;
+            options.scope = "link";
+          }
+          {
+            address = "205.201.63.0";
+            prefixLength = 24;
+            via = doof-tunnel-ip;
+            options.scope = "global";
+          }
+        ];
+      };
+    };
+  };
 in
 {
  name = "trip-megatest";
@@ -40,13 +61,15 @@ in
      isNormalUser = true;
      extraGroups = [ "wheel" ];
    };
+    
+    # disable the default eth0 interface
+    virtualisation.qemu.networkingOptions = lib.mkForce [];
  };

  nodes.internet-pinger =
    { ... }:
    {
-      networking.interfaces.internet0.ipv4.addresses = [ (address internet-pinger-ip 0) ];
-      virtualisation.interfaces.internet0.vlan = vlans.the_internet;
+      imports = [ (internet-module internet-pinger-ip) ];
    }
  ;

@@ -56,6 +79,7 @@ in

    in
    {
+      imports = [ (internet-module doof-tunnel-ip) ];
      networking.wireguard.enable = true;
      networking.wireguard.interfaces.wg0 = {
        listenPort = 53263;
@@ -67,10 +91,14 @@ in
          }
        ];
      };
-
-      networking.interfaces.internet0.ipv4.addresses = [ (address doof-tunnel-ip 32) ];
-
-      virtualisation.interfaces.internet0.vlan = vlans.the_internet;
+      networking.interfaces.wg0.ipv4.routes = [ {
+        address = "205.201.63.13";
+        prefixLength = 32;
+      } ];
+      boot.kernel.sysctl = {
+        "net.ipv4.conf.all.forwarding" = true;
+        "net.ipv4.conf.default.forwarding" = true;
+      };
    }
  ;

@@ -166,12 +194,8 @@ in

  nodes.router =
    { lib, config, ... }:
-    let
-
-    in
    {
-      virtualisation.interfaces.internet0.vlan = vlans.the_internet;
-      virtualisation.interfaces.lan0.vlan = vlans.lan;
+      imports = [ (internet-module router-ip) ];

      networking.nat = {
        enable = true;
@@ -180,8 +204,8 @@ in
        externalInterface = "internet0";
      };

+      virtualisation.interfaces.lan0.vlan = vlans.lan;
      networking.interfaces = {
-        internet0.ipv4.addresses = [ (address router-ip 32) ];
        lan0.ipv4 = {
          addresses = [ (address "10.78.79.1" 32) ];
          routes = lan-routes;
--- a/triple-dezert/awootrip.nix
+++ b/triple-dezert/awootrip.nix
@@ -1,5 +1,6 @@
 {
  config,
+  lib,
  ...
 }:
 let
@@ -38,18 +39,14 @@ in
        Scope = "link";
      };
    } ];
-    routes = [ {
-      routeConfig = {
-        Gateway = cfg.ips.awootrip-awoo;
-        Table = tunnelName;
-      };
-    } ];
-    routingPolicyRules = [ {
-      routingPolicyRuleConfig = {
-        From = "${cfg.ips.awootrip-trip}/32";
-        Table = tunnelName;
-      };
-    } ];
+    routes = lib.singleton {
+      Gateway = cfg.ips.awootrip-awoo;
+      Table = tunnelName;
+    };
+    routingPolicyRules = lib.singleton {
+      From = "${cfg.ips.awootrip-trip}/32";
+      Table = tunnelName;
+    };
  };
  systemd.network.networks.${cfg.lan_bridge_network} = {
    address = with cfg.ips; [
--- a/triple-dezert/doofnet.nix
+++ b/triple-dezert/doofnet.nix
@@ -7,6 +7,7 @@ let
  inherit (lib) mkOption types;
  cfg = config.vacu.network;
  doof_if = "wg-doof";
+  tunnelName = "doofTun";
 in
 {
  options.vacu.network.doofPubKey = mkOption {
@@ -19,6 +20,8 @@ in
    };
    vacu.network.doofPubKey = "nuESyYEJ3YU0hTZZgAd7iHBz1ytWBVM5PjEL1VEoTkU=";
    sops.secrets.wireguardKey = {};
+    systemd.network.config.routeTables.${tunnelName} = 422;
+    systemd.network.config.addRouteTablesToIPRoute2 = true;
    systemd.network.netdevs.${doof_if} = {
      netdevConfig = {
        Kind = "tun";
@@ -38,6 +41,19 @@ in
    };
    systemd.network.networks."15-doof" = {
      name = doof_if;
+      routes = lib.singleton {
+        Table = tunnelName;
+      };
+      routingPolicyRules = [
+        # {
+        #   To = cfg.ips.t2dSubnets;
+        #   Type = "nop";
+        # }
+        {
+          From = "${cfg.ips.doofStatic4}/32";
+          Table = tunnelName;
+        }
+      ];
    };
    systemd.network.networks.${cfg.lan_bridge_network} = {
      address = [
--- a/triple-dezert/networking.nix
+++ b/triple-dezert/networking.nix
@@ -55,14 +55,14 @@ in
        "${cfg.ips.t2dLANStatic}/22"
      ];
      routes = [
-        { routeConfig = (lan_route // {
+        (lan_route // {
          Source = cfg.ips.t2dLANStatic;
          Destination = "0.0.0.0/0";
-        }); }
-        { routeConfig = (lan_route // {
+        })
+        (lan_route // {
          Source = "0.0.0.0/0";
          Destination = cfg.ips.t2dSubnets;
-        }); }
+        })
      ];
      dns = [ cfg.ips.t2dRouter ];
    };