1
0

Use pbb policy routing module

This commit is contained in:
clerie 2020-12-08 13:49:46 +01:00
parent 0be2b84fdc
commit 1b7c2c1b99
2 changed files with 60 additions and 8 deletions

View File

@ -7,6 +7,7 @@
../../configuration/common
../../configuration/proxmox-vm
../../configuration/dn42
../modules/policyrouting
];
boot.loader.grub.enable = true;
@ -36,14 +37,15 @@
networking.defaultGateway6 = { address = "2001:638:904:ffc9::1"; interface = "ens21"; };
networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
#networking.localCommands = ''
#ip -6 rule flush
#ip -6 rule add lookup main prio 32000
#ip -6 rule add from all to fd56:4902:eca0::/48 lookup 1337 prio 10000
#ip -6 rule add from all to all lookup 2342 prio 10000
#ip -6 rule add from all to fd56:4902:eca0::/48 unreachable prio 20000
#ip -6 rule add from fd56:4902:eca0::/48 to all unreachable prio 20000
#'';
petabyte.policyrouting = {
enable = true;
rules6 = [
{ rule = "from all to fd56:4902:eca0::/48 lookup 1337"; prio = 10000; }
{ rule = "from all to all lookup 2342"; prio = 10000; }
{ rule = "from all to fd56:4902:eca0::/48 unreachable"; prio = 20000; }
{ rule = "from fd56:4902:eca0::/48 to all unreachable"; prio = 20000; }
];
};
networking.firewall.allowedTCPPorts = [
179

View File

@ -0,0 +1,50 @@
{ config, lib, ... }:
with lib;
let
cfg = config.petabyte.policyrouting;
ruleOpts = { ... }: {
options = {
prio = mkOption {
type = types.int;
};
rule = mkOption {
type = types.str;
};
};
};
in {
options = {
petabyte.policyrouting = {
enable = mkEnableOption "Declarative Policy-Routing";
rules = mkOption {
type = with types; listOf (submodule ruleOpts);
default = [];
};
rules6 = mkOption {
type = with types; listOf (submodule ruleOpts);
default = [];
};
rules4 = mkOption {
type = with types; listOf (submodule ruleOpts);
default = [];
};
};
};
config = mkIf cfg.enable {
petabyte.policyrouting.rules = [
{ rule = "lookup main"; prio = 32000; }
];
networking.localCommands = ''
set -x
ip -6 rule flush
ip -4 rule flush
${concatMapStringsSep "\n" ({ prio, rule }: "ip -6 rule add ${rule} prio ${toString prio}") (cfg.rules ++ cfg.rules6)}
${concatMapStringsSep "\n" ({ prio, rule }: "ip -4 rule add ${rule} prio ${toString prio}") (cfg.rules ++ cfg.rules4)}
'';
};
}