From 83a094bbd03a7f6825e0ba7a321c0dc1a1f41a5a Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 13 Apr 2025 17:05:37 +0200
Subject: [PATCH] hosts/*: Disable DHCPv6Client on every host
---
hosts/backup-4/configuration.nix | 1 +
hosts/clerie-backup/configuration.nix | 1 +
hosts/dn42-il-gw1/configuration.nix | 3 +++
hosts/dn42-il-gw5/configuration.nix | 5 +++++
hosts/dn42-il-gw6/configuration.nix | 4 ++++
hosts/dn42-ildix-clerie/configuration.nix | 3 +++
hosts/dn42-ildix-service/configuration.nix | 4 ++++
hosts/hydra-1/configuration.nix | 2 ++
hosts/hydra-2/configuration.nix | 1 +
hosts/monitoring-3/configuration.nix | 2 ++
hosts/nonat/configuration.nix | 2 ++
hosts/osmium/configuration.nix | 2 ++
hosts/palladium/configuration.nix | 1 +
hosts/porter/configuration.nix | 1 +
hosts/storage-2/configuration.nix | 2 ++
profiles/hetzner-cloud/default.nix | 1 +
16 files changed, 35 insertions(+)
diff --git a/hosts/backup-4/configuration.nix b/hosts/backup-4/configuration.nix
index 2200526..443220a 100644
--- a/hosts/backup-4/configuration.nix
+++ b/hosts/backup-4/configuration.nix
@@ -26,6 +26,7 @@
{ Gateway = "2001:638:904:ffcb::1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
services.nginx.enable = true;
diff --git a/hosts/clerie-backup/configuration.nix b/hosts/clerie-backup/configuration.nix
index 0fd7e09..dfb7525 100644
--- a/hosts/clerie-backup/configuration.nix
+++ b/hosts/clerie-backup/configuration.nix
@@ -22,6 +22,7 @@
{ Gateway ="2001:638:904:ffc1::1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
services.nginx.enable = true;
diff --git a/hosts/dn42-il-gw1/configuration.nix b/hosts/dn42-il-gw1/configuration.nix
index f447802..57acbb5 100644
--- a/hosts/dn42-il-gw1/configuration.nix
+++ b/hosts/dn42-il-gw1/configuration.nix
@@ -20,6 +20,7 @@
{ Gateway = "2001:638:904:ffc9::1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-nat-netz-mercury" = {
matchConfig.Name = "ens18";
@@ -30,10 +31,12 @@
{ Gateway = "192.168.10.1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-dn42-ospf-netz" = {
matchConfig.Name = "ens19";
linkConfig.RequiredForOnline = "no";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
networking.wireguard.enable = true;
diff --git a/hosts/dn42-il-gw5/configuration.nix b/hosts/dn42-il-gw5/configuration.nix
index c6befb3..ceef936 100644
--- a/hosts/dn42-il-gw5/configuration.nix
+++ b/hosts/dn42-il-gw5/configuration.nix
@@ -20,6 +20,7 @@
{ Gateway = "2001:638:904:ffc9::1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-nat-netz-mercury" = {
matchConfig.Name = "ens18";
@@ -30,15 +31,18 @@
{ Gateway = "192.168.10.1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-dn42-ospf-netz" = {
matchConfig.Name = "ens19";
linkConfig.RequiredForOnline = "no";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-dn42-lokales-netz" = {
# Aktuell nicht verwendet, da in lo-dn42 umgezogen
matchConfig.Name = "ens20";
linkConfig.RequiredForOnline = "no";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-dn42-ildix" = {
matchConfig.Name = "ens22";
@@ -46,6 +50,7 @@
"fd81:edb3:71d8:ffff:2574::5/64"
];
linkConfig.RequiredForOnline = "no";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
profiles.clerie.dn42-router = {
diff --git a/hosts/dn42-il-gw6/configuration.nix b/hosts/dn42-il-gw6/configuration.nix
index 4e9354f..e7b4dc3 100644
--- a/hosts/dn42-il-gw6/configuration.nix
+++ b/hosts/dn42-il-gw6/configuration.nix
@@ -20,6 +20,7 @@
{ Gateway = "2001:638:904:ffc9::1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-nat-netz-mercury" = {
matchConfig.Name = "ens20";
@@ -30,10 +31,12 @@
{ Gateway = "192.168.10.1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-dn42-ospf-netz" = {
matchConfig.Name = "ens21";
linkConfig.RequiredForOnline = "no";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-dn42-ildix" = {
matchConfig.Name = "ens19";
@@ -41,6 +44,7 @@
"fd81:edb3:71d8:ffff:2574::6/64"
];
linkConfig.RequiredForOnline = "no";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
profiles.clerie.dn42-router = {
diff --git a/hosts/dn42-ildix-clerie/configuration.nix b/hosts/dn42-ildix-clerie/configuration.nix
index be9fd50..6022322 100644
--- a/hosts/dn42-ildix-clerie/configuration.nix
+++ b/hosts/dn42-ildix-clerie/configuration.nix
@@ -20,6 +20,7 @@
{ Gateway = "2001:638:904:ffcb::1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-nat-netz-mercury" = {
matchConfig.Name = "ens18";
@@ -30,6 +31,7 @@
{ Gateway = "192.168.10.1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-dn42-ildix" = {
matchConfig.Name = "ens19";
@@ -41,6 +43,7 @@
{ Destination = "fd81:edb3:71d8::/48"; Gateway = "fd81:edb3:71d8:ffff:2953::1"; }
];
linkConfig.RequiredForOnline = "no";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
# Open Firewall for BGP
diff --git a/hosts/dn42-ildix-service/configuration.nix b/hosts/dn42-ildix-service/configuration.nix
index 15c21b5..6fe1d56 100644
--- a/hosts/dn42-ildix-service/configuration.nix
+++ b/hosts/dn42-ildix-service/configuration.nix
@@ -33,6 +33,7 @@
"fd81:edb3:71d8::53/128"
];
linkConfig.RequiredForOnline = "no";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-wan" = {
matchConfig.Name = "ens20";
@@ -43,6 +44,7 @@
{ Gateway = "2001:638:904:ffc9::1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-nat-netz-mercury" = {
matchConfig.Name = "ens18";
@@ -53,6 +55,7 @@
{ Gateway = "192.168.10.1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-dn42-ildix" = {
matchConfig.Name = "ens19";
@@ -60,6 +63,7 @@
"fd81:edb3:71d8:ffff:2953::1/64"
];
linkConfig.RequiredForOnline = "no";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
services.nginx.enable = true;
diff --git a/hosts/hydra-1/configuration.nix b/hosts/hydra-1/configuration.nix
index c4d58d6..33958ac 100644
--- a/hosts/hydra-1/configuration.nix
+++ b/hosts/hydra-1/configuration.nix
@@ -31,6 +31,7 @@
{ Gateway = "2001:638:904:ffcb::1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-nat-netz-mercury" = {
matchConfig.Name = "ens19";
@@ -41,6 +42,7 @@
{ Gateway = "192.168.10.1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
services.nginx.enable = true;
diff --git a/hosts/hydra-2/configuration.nix b/hosts/hydra-2/configuration.nix
index 870701c..753f77a 100644
--- a/hosts/hydra-2/configuration.nix
+++ b/hosts/hydra-2/configuration.nix
@@ -29,6 +29,7 @@
{ Gateway = "141.24.50.1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
clerie.monitoring = {
diff --git a/hosts/monitoring-3/configuration.nix b/hosts/monitoring-3/configuration.nix
index e7c3e8e..1187e9c 100644
--- a/hosts/monitoring-3/configuration.nix
+++ b/hosts/monitoring-3/configuration.nix
@@ -27,6 +27,7 @@
{ Gateway = "2001:638:904:ffca::1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-nat-netz-mercury" = {
matchConfig.Name = "ens18";
@@ -37,6 +38,7 @@
{ Gateway = "192.168.10.1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
services.prometheus.exporters.node.enable = true;
diff --git a/hosts/nonat/configuration.nix b/hosts/nonat/configuration.nix
index 47d7495..5bddcb6 100644
--- a/hosts/nonat/configuration.nix
+++ b/hosts/nonat/configuration.nix
@@ -23,6 +23,7 @@
{ Gateway = "2001:638:904:ffca::1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-nat-netz-mercury" = {
matchConfig.Name = "ens19";
@@ -30,6 +31,7 @@
"192.168.10.1/24"
];
linkConfig.RequiredForOnline = "no";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
networking.nat = {
diff --git a/hosts/osmium/configuration.nix b/hosts/osmium/configuration.nix
index 0203384..a3f5ee3 100644
--- a/hosts/osmium/configuration.nix
+++ b/hosts/osmium/configuration.nix
@@ -29,6 +29,7 @@
{ Gateway = "2001:638:904:ffc7::1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-nat-netz-mercury" = {
matchConfig.Name = "ens18";
@@ -39,6 +40,7 @@
{ Gateway = "192.168.10.1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
environment.systemPackages = with pkgs; [
diff --git a/hosts/palladium/configuration.nix b/hosts/palladium/configuration.nix
index 7790fce..f07c5fd 100644
--- a/hosts/palladium/configuration.nix
+++ b/hosts/palladium/configuration.nix
@@ -37,6 +37,7 @@
];
networkConfig.DHCP = true;
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
# Keeping the harddrives quiet
diff --git a/hosts/porter/configuration.nix b/hosts/porter/configuration.nix
index 30d3851..d4a24a3 100644
--- a/hosts/porter/configuration.nix
+++ b/hosts/porter/configuration.nix
@@ -23,6 +23,7 @@
{ Gateway = "5.45.100.1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
clerie.nginx-port-forward = {
diff --git a/hosts/storage-2/configuration.nix b/hosts/storage-2/configuration.nix
index 88f13cc..9cc111e 100644
--- a/hosts/storage-2/configuration.nix
+++ b/hosts/storage-2/configuration.nix
@@ -24,6 +24,7 @@
{ Gateway = "2001:638:904:ffc0::1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
systemd.network.networks."10-nat-netz-mercury" = {
matchConfig.Name = "ens19";
@@ -34,6 +35,7 @@
{ Gateway = "192.168.10.1"; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
services.nginx.enable = true;
diff --git a/profiles/hetzner-cloud/default.nix b/profiles/hetzner-cloud/default.nix
index 0de705b..9f5e6cc 100644
--- a/profiles/hetzner-cloud/default.nix
+++ b/profiles/hetzner-cloud/default.nix
@@ -19,6 +19,7 @@ with lib;
{ Gateway = "172.31.1.1"; GatewayOnLink = true; }
];
linkConfig.RequiredForOnline = "routable";
+ ipv6AcceptRAConfig.DHCPv6Client = "no";
};
networking.nameservers = [