shelvacu/nix-stuff
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stuff

Browse Source
This commit is contained in:
Shelvacu
2025-03-17 18:14:50 -07:00
committed by Shelvacu on fw
parent 6370602c9e
commit fce17b26d4
4 changed files with 65 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
tests/triple-dezert.nix
View File

@@ -30,6 +30,27 @@ let
(address "205.201.63.12" 32) #colin's doof ip (address "205.201.63.12" 32) #colin's doof ip
(address doof-shelvacu-ip 32) #my doof ip (address doof-shelvacu-ip 32) #my doof ip
]; ];
internet-module = publicAddr: { ... }: {
config = {
virtualisation.interfaces.internet0.vlan = vlans.the_internet;
networking.interfaces.internet0.ipv4 = {
addresses = [ (address publicAddr 32) ];
routes = [
{
address = "0.0.0.0";
prefixLength = 0;
options.scope = "link";
}
{
address = "205.201.63.0";
prefixLength = 24;
via = doof-tunnel-ip;
options.scope = "global";
}
];
};
};
};
in in
{ {
name = "trip-megatest"; name = "trip-megatest";
@@ -40,13 +61,15 @@ in
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
}; };
# disable the default eth0 interface
virtualisation.qemu.networkingOptions = lib.mkForce [];
}; };
nodes.internet-pinger = nodes.internet-pinger =
{ ... }: { ... }:
{ {
networking.interfaces.internet0.ipv4.addresses = [ (address internet-pinger-ip 0) ]; imports = [ (internet-module internet-pinger-ip) ];
virtualisation.interfaces.internet0.vlan = vlans.the_internet;
} }
; ;
@@ -56,6 +79,7 @@ in
in in
{ {
imports = [ (internet-module doof-tunnel-ip) ];
networking.wireguard.enable = true; networking.wireguard.enable = true;
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
listenPort = 53263; listenPort = 53263;
@@ -67,10 +91,14 @@ in
} }
]; ];
}; };
networking.interfaces.wg0.ipv4.routes = [ {
networking.interfaces.internet0.ipv4.addresses = [ (address doof-tunnel-ip 32) ]; address = "205.201.63.13";
prefixLength = 32;
virtualisation.interfaces.internet0.vlan = vlans.the_internet; } ];
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv4.conf.default.forwarding" = true;
};
} }
; ;
@@ -166,12 +194,8 @@ in
nodes.router = nodes.router =
{ lib, config, ... }: { lib, config, ... }:
let
in
{ {
virtualisation.interfaces.internet0.vlan = vlans.the_internet; imports = [ (internet-module router-ip) ];
virtualisation.interfaces.lan0.vlan = vlans.lan;
networking.nat = { networking.nat = {
enable = true; enable = true;
@@ -180,8 +204,8 @@ in
externalInterface = "internet0"; externalInterface = "internet0";
}; };
virtualisation.interfaces.lan0.vlan = vlans.lan;
networking.interfaces = { networking.interfaces = {
internet0.ipv4.addresses = [ (address router-ip 32) ];
lan0.ipv4 = { lan0.ipv4 = {
addresses = [ (address "10.78.79.1" 32) ]; addresses = [ (address "10.78.79.1" 32) ];
routes = lan-routes; routes = lan-routes;

21
triple-dezert/awootrip.nix
View File

@@ -1,5 +1,6 @@
{ {
config, config,
lib,
... ...
}: }:
let let
@@ -38,18 +39,14 @@ in
Scope = "link"; Scope = "link";
}; };
} ]; } ];
routes = [ { routes = lib.singleton {
routeConfig = { Gateway = cfg.ips.awootrip-awoo;
Gateway = cfg.ips.awootrip-awoo; Table = tunnelName;
Table = tunnelName; };
}; routingPolicyRules = lib.singleton {
} ]; From = "${cfg.ips.awootrip-trip}/32";
routingPolicyRules = [ { Table = tunnelName;
routingPolicyRuleConfig = { };
From = "${cfg.ips.awootrip-trip}/32";
Table = tunnelName;
};
} ];
}; };
systemd.network.networks.${cfg.lan_bridge_network} = { systemd.network.networks.${cfg.lan_bridge_network} = {
address = with cfg.ips; [ address = with cfg.ips; [

16
triple-dezert/doofnet.nix
View File

@@ -7,6 +7,7 @@ let
inherit (lib) mkOption types; inherit (lib) mkOption types;
cfg = config.vacu.network; cfg = config.vacu.network;
doof_if = "wg-doof"; doof_if = "wg-doof";
tunnelName = "doofTun";
in in
{ {
options.vacu.network.doofPubKey = mkOption { options.vacu.network.doofPubKey = mkOption {
@@ -19,6 +20,8 @@ in
}; };
vacu.network.doofPubKey = "nuESyYEJ3YU0hTZZgAd7iHBz1ytWBVM5PjEL1VEoTkU="; vacu.network.doofPubKey = "nuESyYEJ3YU0hTZZgAd7iHBz1ytWBVM5PjEL1VEoTkU=";
sops.secrets.wireguardKey = {}; sops.secrets.wireguardKey = {};
systemd.network.config.routeTables.${tunnelName} = 422;
systemd.network.config.addRouteTablesToIPRoute2 = true;
systemd.network.netdevs.${doof_if} = { systemd.network.netdevs.${doof_if} = {
netdevConfig = { netdevConfig = {
Kind = "tun"; Kind = "tun";
@@ -38,6 +41,19 @@ in
}; };
systemd.network.networks."15-doof" = { systemd.network.networks."15-doof" = {
name = doof_if; name = doof_if;
routes = lib.singleton {
Table = tunnelName;
};
routingPolicyRules = [
# {
# To = cfg.ips.t2dSubnets;
# Type = "nop";
# }
{
From = "${cfg.ips.doofStatic4}/32";
Table = tunnelName;
}
];
}; };
systemd.network.networks.${cfg.lan_bridge_network} = { systemd.network.networks.${cfg.lan_bridge_network} = {
address = [ address = [

8
triple-dezert/networking.nix
View File

@@ -55,14 +55,14 @@ in
"${cfg.ips.t2dLANStatic}/22" "${cfg.ips.t2dLANStatic}/22"
]; ];
routes = [ routes = [
{ routeConfig = (lan_route // { (lan_route // {
Source = cfg.ips.t2dLANStatic; Source = cfg.ips.t2dLANStatic;
Destination = "0.0.0.0/0"; Destination = "0.0.0.0/0";
}); } })
{ routeConfig = (lan_route // { (lan_route // {
Source = "0.0.0.0/0"; Source = "0.0.0.0/0";
Destination = cfg.ips.t2dSubnets; Destination = cfg.ips.t2dSubnets;
}); } })
]; ];
dns = [ cfg.ips.t2dRouter ]; dns = [ cfg.ips.t2dRouter ];
}; };