diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix index 8246983..f9e8899 100644 --- a/hosts/carbon/configuration.nix +++ b/hosts/carbon/configuration.nix @@ -24,11 +24,9 @@ networking.useDHCP = false; # Local Router IPs networking.interfaces.lo.ipv6.addresses = [ - { address = "fd00:152:152:104::1"; prefixLength = 64; } { address = "fd00:152:152::1"; prefixLength = 128; } # Anycast ]; networking.interfaces.lo.ipv4.addresses = [ - { address = "10.152.104.1"; prefixLength = 24; } { address = "10.152.0.1"; prefixLength = 32; } # Anycast ]; # Network @@ -242,33 +240,7 @@ }; }; - networking.wireguard.enable = true; - networking.wireguard.interfaces = { - wg-gatekeeper4 = { - ips = [ "fe80::127:2/64" "169.254.127.2/24" ]; - peers = [ { - allowedIPs = [ "0.0.0.0/0" "::/0" ]; - endpoint = "78.47.183.82:50127"; - publicKey = "y+Bk5eIHgmnq9xuBDD+fk/OIkKRZU6AE4ISx4RdDDyg="; - persistentKeepalive = 25; - } ]; - allowedIPsAsRoutes = false; - privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper4"; - }; - wg-porter4 = { - ips = [ "fe80::138:2/64" "169.254.138.2/24" ]; - peers = [ { - allowedIPs = [ "0.0.0.0/0" "::/0" ]; - endpoint = "5.45.100.191:50138"; - publicKey = "aP6optNE7nVk6coo+USkSDtB62rAc/isfofRML9V2HM="; - persistentKeepalive = 25; - } ]; - allowedIPsAsRoutes = false; - privateKeyFile = "/var/src/secrets/wireguard/wg-porter4"; - }; - }; - - networking.firewall.allowedUDPPorts = [ 53 60001 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.extraCommands = '' @@ -301,167 +273,10 @@ }; - # Routing tables - # Table: 10000 - # - primary routes - # Table: 11000 - # - ospf routes - # Table: 20101 - # - default route to gatekeeper - # - # We will never use main table anymore - petabyte.policyrouting = { - enable = true; - rules6 = [ - # main routes first except default route - { rule = "lookup main suppress_prefixlength 0"; prio = 10000; } - # Prefixes defaulting to gatekeeper - #{ rule = "from xxx lookup 20101"; prio = 20000; } - # Everything else defaulting to main table after this - ]; - rules4 = [ - # main routes first except default route - { rule = "lookup main suppress_prefixlength 0"; prio = 10000; } - # Prefixes defaulting to gatekeeper - #{ rule = "from xxx lookup 20101"; prio = 20000; } - # Everything else defaulting to main table after this - ]; - }; - - services.bird2.enable = true; - services.bird2.config = '' - router id ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address }; - - ipv6 table gatekeeper6; - ipv4 table gatekeeper4; - - protocol static static_gatekeeper_6 { - ipv6 { - table gatekeeper6; - }; - route ::/0 via fd00:153:153:201::1; - } - protocol static static_gatekeeper_4 { - ipv4 { - table gatekeeper4; - }; - route 0.0.0.0/0 via 10.153.201.1; - } - - protocol kernel kernel_gatekeeper_6 { - ipv6 { - table gatekeeper6; - export filter { - krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv6.addresses).address }; - accept; - }; - import none; - }; - kernel table 20101; - } - protocol kernel kernel_gatekeeper_4 { - ipv4 { - table gatekeeper4; - export filter { - krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address }; - accept; - }; - import none; - }; - kernel table 20101; - } - - ipv6 table ospf6; - ipv4 table ospf4; - - protocol direct direct_lo { - interface "lo"; - ipv6 { - table ospf6; - }; - ipv4 { - table ospf4; - }; - } - - protocol direct direct_enp1s0_201 { - interface "enp1s0.201"; - ipv6 { - table ospf6; - }; - ipv4 { - table ospf4; - }; - } - - protocol kernel kernel_ospf6 { - ipv6 { - table ospf6; - export filter { - krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv6.addresses).address }; - accept; - }; - import none; - }; - } - - protocol kernel kernel_ospf4 { - ipv4 { - table ospf4; - export filter { - krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address }; - accept; - }; - import none; - }; - } - - protocol ospf v3 ospf_6 { - ipv6 { - table ospf6; - import all; - export all; - }; - area 0 { - interface "wg-gatekeeper4" { - cost 80; - type pointopoint; - }; - interface "wg-porter4" { - cost 80; - type pointopoint; - }; - }; - } - - protocol ospf v3 ospf_4 { - ipv4 { - table ospf4; - import all; - export all; - }; - area 0 { - interface "wg-gatekeeper4" { - cost 80; - type pointopoint; - }; - interface "wg-porter4" { - cost 80; - type pointopoint; - }; - }; - } - - protocol device { - scan time 10; - } - ''; - clerie.monitoring = { enable = true; id = "104"; pubkey = "sro9DUSMtVr5xV2o3GTgg+0vmLj+bRc8fN+3pIr6+HY="; - bird = true; }; services.unbound = {