From 11570385252a925a5a08f591fe7f43727bb7431f Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 15 Aug 2024 18:43:29 +0200 Subject: [PATCH 1/6] hosts/carbon: Start kea after network setup --- hosts/carbon/configuration.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix index 0a352e0..0841856 100644 --- a/hosts/carbon/configuration.nix +++ b/hosts/carbon/configuration.nix @@ -55,6 +55,15 @@ }; }; + systemd.services.kea-dhcp4-server = { + after = [ + "network-setup.service" + ]; + requires = [ + "network-setup.service" + ]; + }; + clerie.firewall.enable = true; clerie.monitoring = { From df2acebfefe06e363e8fed74020ee9bc45430567 Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 15 Aug 2024 19:21:29 +0200 Subject: [PATCH 2/6] hosts/carbon: Enable DHCPv6PD --- hosts/carbon/ppp.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/hosts/carbon/ppp.nix b/hosts/carbon/ppp.nix index 8a22cf6..7502205 100644 --- a/hosts/carbon/ppp.nix +++ b/hosts/carbon/ppp.nix @@ -57,4 +57,23 @@ ip46tables -t mangle -A forward-mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1416 ''; + networking.interfaces.net-heimnetz.useDHCP = true; + networking.interfaces.ppp-dtagdsl.useDHCP = true; + + networking.dhcpcd = { + enable = true; + allowInterfaces = [ + "net-heimnetz" + "ppp-dtagdsl" + ]; + wait = "ipv6"; + extraConfig = '' + ipv6only + noipv6rs + interface ppp-dtagdsl + ipv6rs + ia_pd 1/::/56 net-heimnetz/201/64 + ''; + }; + } From ae4de7f03a089131dd98fa05c53f6d359a88206c Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 15 Aug 2024 19:36:01 +0200 Subject: [PATCH 3/6] hosts/carbon: Move net-gastnetz to bridge --- hosts/carbon/net-gastnetz.nix | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/hosts/carbon/net-gastnetz.nix b/hosts/carbon/net-gastnetz.nix index 932c374..9b1d968 100644 --- a/hosts/carbon/net-gastnetz.nix +++ b/hosts/carbon/net-gastnetz.nix @@ -7,16 +7,19 @@ id = 202; interface = "enp1s0"; }; - networking.interfaces."enp1s0.202".ipv6.addresses = [ + networking.bridges."net-gastnetz".interfaces = [ + "enp1s0.202" + ]; + networking.interfaces."net-gastnetz".ipv6.addresses = [ { address = "fd00:3214:9453:4920::1"; prefixLength = 64; } { address = "2001:4cd8:100:1313::1"; prefixLength = 64; } # public IPs for local network ]; - networking.interfaces."enp1s0.202".ipv4.addresses = [ + networking.interfaces."net-gastnetz".ipv4.addresses = [ { address = "192.168.32.1"; prefixLength = 24; } ]; services.radvd.config = '' - interface enp1s0.202 { + interface net-gastnetz { AdvSendAdvert on; prefix 2001:4cd8:100:1313::/64 {}; RDNSS 2620:fe::fe 2620:fe::9 {}; # Quad 9 @@ -26,7 +29,7 @@ services.kea.dhcp4 = { settings = { interfaces-config = { - interfaces = [ "enp1s0.202" ]; + interfaces = [ "net-gastnetz" ]; }; subnet4 = [ # Gastnetz @@ -55,9 +58,9 @@ # net-gastnetz can only access internet clerie.firewall.extraForwardFilterCommands = '' - ip46tables -A forward-filter -i enp1s0.202 -o ppp-dtagdsl -j ACCEPT - ip46tables -A forward-filter -i enp1s0.202 -j DROP - ip46tables -A forward-filter -o enp1s0.202 -j DROP + ip46tables -A forward-filter -i net-gastnetz -o ppp-dtagdsl -j ACCEPT + ip46tables -A forward-filter -i net-gastnetz -j DROP + ip46tables -A forward-filter -o net-gastnetz -j DROP ''; } From 60376e768864150276f45e11e8b80e309e3ea851 Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 15 Aug 2024 19:40:37 +0200 Subject: [PATCH 4/6] hosts/carbon: Remove static IPv6 addressing --- hosts/carbon/net-gastnetz.nix | 6 ++++-- hosts/carbon/net-heimnetz.nix | 6 ++++-- hosts/carbon/net-iot.nix | 5 ++++- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/hosts/carbon/net-gastnetz.nix b/hosts/carbon/net-gastnetz.nix index 9b1d968..361cc46 100644 --- a/hosts/carbon/net-gastnetz.nix +++ b/hosts/carbon/net-gastnetz.nix @@ -12,7 +12,6 @@ ]; networking.interfaces."net-gastnetz".ipv6.addresses = [ { address = "fd00:3214:9453:4920::1"; prefixLength = 64; } - { address = "2001:4cd8:100:1313::1"; prefixLength = 64; } # public IPs for local network ]; networking.interfaces."net-gastnetz".ipv4.addresses = [ { address = "192.168.32.1"; prefixLength = 24; } @@ -21,7 +20,10 @@ services.radvd.config = '' interface net-gastnetz { AdvSendAdvert on; - prefix 2001:4cd8:100:1313::/64 {}; + prefix ::/64 { + AdvValidLifetime 60; + AdvPreferredLifetime 30; + }; RDNSS 2620:fe::fe 2620:fe::9 {}; # Quad 9 }; ''; diff --git a/hosts/carbon/net-heimnetz.nix b/hosts/carbon/net-heimnetz.nix index 60e0bc6..36e42dd 100644 --- a/hosts/carbon/net-heimnetz.nix +++ b/hosts/carbon/net-heimnetz.nix @@ -14,7 +14,6 @@ networking.interfaces."net-heimnetz".ipv6.addresses = [ { address = "fe80::1"; prefixLength = 64; } { address = "fd00:152:152:4::1"; prefixLength = 64; } - { address = "2001:4cd8:100:1337::1"; prefixLength = 64; } # public IPs for local network ]; networking.interfaces."net-heimnetz".ipv4.addresses = [ { address = "10.152.4.1"; prefixLength = 24; } @@ -23,7 +22,10 @@ services.radvd.config = '' interface net-heimnetz { AdvSendAdvert on; - prefix 2001:4cd8:100:1337::/64 {}; + prefix ::/64 { + AdvValidLifetime 60; + AdvPreferredLifetime 30; + }; RDNSS fd00:152:152::1 {}; DNSSL net.clerie.de {}; }; diff --git a/hosts/carbon/net-iot.nix b/hosts/carbon/net-iot.nix index 43e3c57..96da523 100644 --- a/hosts/carbon/net-iot.nix +++ b/hosts/carbon/net-iot.nix @@ -23,7 +23,10 @@ services.radvd.config = '' interface net-iot { AdvSendAdvert on; - prefix fd00:152:152:205::/64 {}; + prefix ::/64 { + AdvValidLifetime 60; + AdvPreferredLifetime 30; + }; RDNSS fd00:152:152::1 {}; DNSSL iot.clerie.de {}; }; From ee5d2330c534c27933cddfa2152faae591e34f45 Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 15 Aug 2024 20:03:01 +0200 Subject: [PATCH 5/6] hosts/carbon: Renew delegated IPv6 prefixes on ppp reconnect --- hosts/carbon/ppp.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hosts/carbon/ppp.nix b/hosts/carbon/ppp.nix index 7502205..55c1e93 100644 --- a/hosts/carbon/ppp.nix +++ b/hosts/carbon/ppp.nix @@ -76,4 +76,13 @@ ''; }; + environment.etc."ppp/ipv6-up" = { + text = '' + #!${pkgs.runtimeShell} + + set -euo pipefail + + ${pkgs.dhcpcd}/bin/dhcpcd --renew $1 + ''; + }; } From f67be8aa8a17459c5bfb60a063bd8b1f2eca5aba Mon Sep 17 00:00:00 2001 From: Flake Update Bot Date: Fri, 16 Aug 2024 03:04:04 +0200 Subject: [PATCH 6/6] Update nixpkgs 2024-08-16-01-03 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 06a5176..2114771 100644 --- a/flake.lock +++ b/flake.lock @@ -288,11 +288,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1723637854, + "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9", "type": "github" }, "original": {