clerie/nixfiles
1
0
Fork 0
Code

Use pbb policy routing module

Browse Source
This commit is contained in:
clerie 2020-12-08 13:49:46 +01:00
parent 0be2b84fdc
commit 1b7c2c1b99
2 changed files with 60 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
hosts/dn42-il-gw5/configuration.nix
View File

@ -7,6 +7,7 @@
../../configuration/common ../../configuration/common
../../configuration/proxmox-vm ../../configuration/proxmox-vm
../../configuration/dn42 ../../configuration/dn42
../modules/policyrouting
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
@ -36,14 +37,15 @@
networking.defaultGateway6 = { address = "2001:638:904:ffc9::1"; interface = "ens21"; }; networking.defaultGateway6 = { address = "2001:638:904:ffc9::1"; interface = "ens21"; };
networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ]; networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
#networking.localCommands = '' petabyte.policyrouting = {
#ip -6 rule flush enable = true;
#ip -6 rule add lookup main prio 32000 rules6 = [
#ip -6 rule add from all to fd56:4902:eca0::/48 lookup 1337 prio 10000 { rule = "from all to fd56:4902:eca0::/48 lookup 1337"; prio = 10000; }
#ip -6 rule add from all to all lookup 2342 prio 10000 { rule = "from all to all lookup 2342"; prio = 10000; }
#ip -6 rule add from all to fd56:4902:eca0::/48 unreachable prio 20000 { rule = "from all to fd56:4902:eca0::/48 unreachable"; prio = 20000; }
#ip -6 rule add from fd56:4902:eca0::/48 to all unreachable prio 20000 { rule = "from fd56:4902:eca0::/48 to all unreachable"; prio = 20000; }
#''; ];
};
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
179 179

50
modules/policyrouting/default.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, ... }:
with lib;
let
cfg = config.petabyte.policyrouting;
ruleOpts = { ... }: {
options = {
prio = mkOption {
type = types.int;
};
rule = mkOption {
type = types.str;
};
};
};
in {
options = {
petabyte.policyrouting = {
enable = mkEnableOption "Declarative Policy-Routing";
rules = mkOption {
type = with types; listOf (submodule ruleOpts);
default = [];
};
rules6 = mkOption {
type = with types; listOf (submodule ruleOpts);
default = [];
};
rules4 = mkOption {
type = with types; listOf (submodule ruleOpts);
default = [];
};
};
};
config = mkIf cfg.enable {
petabyte.policyrouting.rules = [
{ rule = "lookup main"; prio = 32000; }
];
networking.localCommands = ''
set -x
ip -6 rule flush
ip -4 rule flush
${concatMapStringsSep "\n" ({ prio, rule }: "ip -6 rule add ${rule} prio ${toString prio}") (cfg.rules ++ cfg.rules6)}
${concatMapStringsSep "\n" ({ prio, rule }: "ip -4 rule add ${rule} prio ${toString prio}") (cfg.rules ++ cfg.rules4)}
'';
};
}