0xa/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

nixpkgs-fmt

Browse source
This commit is contained in:
Grigory Shipunov 2022-07-13 15:52:14 +02:00
parent 9bdeafe7f0
commit 428a122acd
Signed by: 0xa
GPG key ID: 91FA5E5BF9AA901C
1 changed files with 205 additions and 199 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

404
hosts/microwave/network.nix
View file

@ -22,229 +22,235 @@
"${config.systemd.package}/lib/systemd/systemd-networkd-wait-online --any" "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online --any"
]; ];
systemd.network = { systemd.network = {
enable = true; enable = true;
# wait-online.ignoredInterfaces = [ "wlan0" "enp53s0" ]; # wait-online.ignoredInterfaces = [ "wlan0" "enp53s0" ];
# Interfaces on the machine # Interfaces on the machine
netdevs."10-james" = { netdevs."10-james" = {
netdevConfig = { netdevConfig = {
Name = "james"; Name = "james";
Kind = "bond"; Kind = "bond";
};
bondConfig = {
Mode = "active-backup";
PrimaryReselectPolicy = "always";
MIIMonitorSec = "1s";
};
}; };
networks."10-ether-bond" = { bondConfig = {
matchConfig = { Name = "enp53s0"; }; Mode = "active-backup";
networkConfig = { PrimaryReselectPolicy = "always";
Bond = "james"; MIIMonitorSec = "1s";
PrimarySlave = true;
};
}; };
networks."10-wlan-bond" = { };
matchConfig = { Name = "wlan0"; }; networks."10-ether-bond" = {
networkConfig = { matchConfig.Name = "enp53s0";
Bond = "james"; networkConfig = {
}; Bond = "james";
PrimarySlave = true;
}; };
networks."10-james-bond" = { };
matchConfig = { Name = "james"; }; networks."10-wlan-bond" = {
networkConfig = { matchConfig.Name = "wlan0";
DHCP = "yes"; networkConfig = {
IPv6AcceptRA = true; Bond = "james";
};
}; };
};
networks."10-james-bond" = {
matchConfig.Name = "james";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
# Wireguard # Wireguard
# Dump-dvb # Dump-dvb
netdevs."30-wg-dumpdvb" = { netdevs."30-wg-dumpdvb" = {
netdevConfig = { netdevConfig = {
Kind = "wireguard"; Kind = "wireguard";
Name = "wg-dumpdvb"; Name = "wg-dumpdvb";
Description = "dvb.solutions enterprise network"; Description = "dvb.solutions enterprise network";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."wg/wg-dvb-seckey".path;
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY=";
Endpoint = "academicstrokes.com:51820";
AllowedIPs = [ "10.13.37.0/24" ];
PersistentKeepalive = 25;
};
}
];
}; };
networks."30-wg-dumpdvb" = { wireguardConfig = {
matchConfig = { Name = "wg-dumpdvb"; }; PrivateKeyFile = config.sops.secrets."wg/wg-dvb-seckey".path;
networkConfig = {
Address = "10.13.37.3/24";
IPv6AcceptRA = true;
};
routes = [
{ routeConfig = { Gateway = "10.13.37.1"; Destination = "10.13.37.0/24"; }; }
];
}; };
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY=";
Endpoint = "academicstrokes.com:51820";
AllowedIPs = [ "10.13.37.0/24" ];
PersistentKeepalive = 25;
};
}
];
};
networks."30-wg-dumpdvb" = {
matchConfig.Name = "wg-dumpdvb";
networkConfig = {
Address = "10.13.37.3/24";
IPv6AcceptRA = true;
};
routes = [
{ routeConfig = { Gateway = "10.13.37.1"; Destination = "10.13.37.0/24"; }; }
];
};
# oxalab # oxalab
netdevs."10-wg-oxalab" = { netdevs."10-wg-oxalab" = {
netdevConfig = { netdevConfig = {
Kind = "wireguard"; Kind = "wireguard";
Name = "wg-oxalab"; Name = "wg-oxalab";
Description = "lab of oxa"; Description = "lab of oxa";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."wg/oxalab-seckey".path;
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E=";
Endpoint = "95.216.166.21:51820";
AllowedIPs = [ "10.66.66.0/24" ];
PersistentKeepalive = 25;
};
}
];
}; };
networks."10-wg-oxalab" = { wireguardConfig = {
matchConfig = { Name = "wg-oxalab"; }; PrivateKeyFile = config.sops.secrets."wg/oxalab-seckey".path;
networkConfig = {
Address = "10.66.66.10/24";
IPv6AcceptRA = true;
};
routes = [
{ routeConfig = { Gateway = "10.66.66.1"; Destination = "10.66.66.1/24"; }; }
];
}; };
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E=";
Endpoint = "95.216.166.21:51820";
AllowedIPs = [ "10.66.66.0/24" ];
PersistentKeepalive = 25;
};
}
];
};
networks."10-wg-oxalab" = {
matchConfig.Name = "wg-oxalab";
networkConfig = {
Address = "10.66.66.10/24";
IPv6AcceptRA = true;
};
routes = [
{ routeConfig = { Gateway = "10.66.66.1"; Destination = "10.66.66.1/24"; }; }
];
};
# zentralwerk # zentralwerk
netdevs."10-wg-zentralwerk" = { netdevs."10-wg-zentralwerk" = {
netdevConfig = { netdevConfig = {
Kind = "wireguard"; Kind = "wireguard";
Name = "wg-zentralwerk"; Name = "wg-zentralwerk";
Description = "Tunnel to the best basement in Dresden"; Description = "Tunnel to the best basement in Dresden";
}; };
wireguardConfig = { wireguardConfig = {
PrivateKeyFile = config.sops.secrets."wg/wg-zw-seckey".path; PrivateKeyFile = config.sops.secrets."wg/wg-zw-seckey".path;
}; };
wireguardPeers = [ wireguardPeers = [
{ {
wireguardPeerConfig = { wireguardPeerConfig = {
PublicKey = "PG2VD0EB+Oi+U5/uVMUdO5MFzn59fAck6hz8GUyLMRo="; PublicKey = "PG2VD0EB+Oi+U5/uVMUdO5MFzn59fAck6hz8GUyLMRo=";
Endpoint = "81.201.149.152:1337"; Endpoint = "81.201.149.152:1337";
AllowedIPs = [ "172.20.72.0/21" "172.22.90.0/24" ]; AllowedIPs = [ "172.20.72.0/21" "172.22.90.0/24" ];
PersistentKeepalive = 25; PersistentKeepalive = 25;
}; };
} }
]; ];
}; };
networks."10-wg-zentralwerk" = { networks."10-wg-zentralwerk" = {
matchConfig = { Name = "wg-zentralwerk"; }; matchConfig.Name = "wg-zentralwerk";
networkConfig = { networkConfig = {
Address = "172.20.76.226/21"; Address = "172.20.76.226/21";
IPv6AcceptRA = true; IPv6AcceptRA = true;
DNS = "172.20.73.8"; DNS = "172.20.73.8";
Domains = [ Domains = [
"~.c3d2.de" "~.c3d2.de"
"~.zentralwerk.org" "~.zentralwerk.org"
];
};
routes = [
{
routeConfig = {
Gateway = "172.20.72.4";
Destination = "172.20.72.0/21";
};
}
{
routeConfig = {
Gateway = "172.20.72.4";
Destination = "172.20.90.0/24";
};
}
]; ];
}; };
routes = [
{
routeConfig = {
Gateway = "172.20.72.4";
Destination = "172.20.72.0/21";
};
}
{
routeConfig = {
Gateway = "172.20.72.4";
Destination = "172.20.90.0/24";
};
}
];
};
# VPN # VPN
netdevs."10-wg-mullvad" = { netdevs."10-wg-mullvad" = {
netdevConfig = { netdevConfig = {
Kind = "wireguard"; Kind = "wireguard";
Name = "wg-mullvad"; Name = "wg-mullvad";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."wg/mlwd-nl-seckey".path;
FirewallMark = 34952; # 0x8888
RouteTable = "off";
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "C6SfQFOfq6/q9nHRdLDN98U/BTxH47Ec1l/PaQZuRk4=";
Endpoint = "169.150.196.2:51820";
AllowedIPs = [ "0.0.0.0/0" "::0/0" ];
};
}
];
}; };
networks."10-wg-mullvad" = { wireguardConfig = {
address = [ "10.65.79.164/32" "fc00:bbbb:bbbb:bb01::2:4fa3/128" ]; PrivateKeyFile = config.sops.secrets."wg/mlwd-nl-seckey".path;
matchConfig.Name = "wg-mullvad"; FirewallMark = 34952; # 0x8888
networkConfig = { RouteTable = "off";
DNS = "10.64.0.1"; };
DNSDefaultRoute = true; wireguardPeers = [
Domains = [ "~." ]; {
}; wireguardPeerConfig = {
routes = map (gate: { PublicKey = "C6SfQFOfq6/q9nHRdLDN98U/BTxH47Ec1l/PaQZuRk4=";
Endpoint = "169.150.196.2:51820";
AllowedIPs = [ "0.0.0.0/0" "::0/0" ];
};
}
];
};
networks."10-wg-mullvad" = {
matchConfig.Name = "wg-mullvad";
address = [ "10.65.79.164/32" "fc00:bbbb:bbbb:bb01::2:4fa3/128" ];
networkConfig = {
DNS = "10.64.0.1";
DNSDefaultRoute = true;
Domains = [ "~." ];
};
routes = map
(gate: {
routeConfig = { routeConfig = {
Gateway = gate; Gateway = gate;
Table = 1000; Table = 1000;
}; };
}) [ "0.0.0.0" "::" ]; }) [
"0.0.0.0"
"::"
];
routingPolicyRules = [ routingPolicyRules = [
{ {
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
Family = "both"; Family = "both";
FirewallMark = 34952; # 0x8888 FirewallMark = 34952; # 0x8888
InvertRule = true; InvertRule = true;
Table = "1000"; Table = "1000";
Priority = 10; Priority = 10;
}; };
} }
{ {
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
Family = "both"; Family = "both";
SuppressPrefixLength = 0; SuppressPrefixLength = 0;
Table = "main"; Table = "main";
Priority = 9; Priority = 9;
}; };
} }
] ++ map (net: { # only route global addresses over VPN ] ++ map
routingPolicyRuleConfig = { (net: {
Priority = 8; # only route global addresses over VPN
To = net; routingPolicyRuleConfig = {
}; Priority = 8;
}) [ To = net;
# Public };
"169.150.196.2/32" }) [
# "10.0.0.0/8" # Public
"10.13.37.0/24" "169.150.196.2/32"
"10.66.66.0/24" # "10.0.0.0/8"
# "172.16.0.0/12" "10.13.37.0/24"
"172.16.0.0/12" "10.66.66.0/24"
# "182.168.0.0/16" # "172.16.0.0/12"
"182.168.0.0/16" "172.16.0.0/12"
# "fc00::/7" # "182.168.0.0/16"
]; "182.168.0.0/16"
# "fc00::/7"
];
}; };
}; };
} }