From 3efc57590276533c08b62723fb59248914a7c1aa Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Wed, 19 Mar 2025 16:48:11 +0100
Subject: [PATCH 1/3] hosts/astatine: Remove unused services
---
hosts/astatine/configuration.nix | 13 +----
hosts/astatine/ppp.nix | 90 --------------------------------
hosts/astatine/programs.nix | 9 ----
hosts/astatine/users.nix | 10 ----
4 files changed, 1 insertion(+), 121 deletions(-)
delete mode 100644 hosts/astatine/ppp.nix
delete mode 100644 hosts/astatine/programs.nix
delete mode 100644 hosts/astatine/users.nix
diff --git a/hosts/astatine/configuration.nix b/hosts/astatine/configuration.nix
index bb19fa7..1540759 100644
--- a/hosts/astatine/configuration.nix
+++ b/hosts/astatine/configuration.nix
@@ -4,29 +4,18 @@
imports =
[
./hardware-configuration.nix
-
- ./ppp.nix
- ./programs.nix
- ./users.nix
];
boot.kernelParams = [ "console=ttyS0,115200n8" ];
- # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
- # boot.loader.grub.efiSupport = true;
- # boot.loader.grub.efiInstallAsRemovable = true;
- # boot.loader.efi.efiSysMountPoint = "/boot/efi";
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+ boot.loader.grub.device = "/dev/sda";
boot.loader.grub.extraConfig = "
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
terminal_input serial
terminal_output serial
";
- #networking.firewall.enable = false;
-
services.wg-clerie = {
enable = true;
ipv6s = [ "2a01:4f8:c0c:15f1::8108/128" ];
diff --git a/hosts/astatine/ppp.nix b/hosts/astatine/ppp.nix
deleted file mode 100644
index 84d7b07..0000000
--- a/hosts/astatine/ppp.nix
+++ /dev/null
@@ -1,90 +0,0 @@
-{ pkgs, ... }:
-
-{
- # Make space for VLAN header in containing ethernet segment
- networking.interfaces."enp1s0".mtu = 1518;
-
- ## DSL-Uplink
- networking.vlans."enp1s0.7" = {
- id = 7;
- interface = "enp1s0";
- };
-
- services.pppd = {
- enable = true;
- peers.lns-test = {
- config = ''
- plugin pppoe.so enp1s0.7
- user "criese#regiotest@bsa-vdsl"
- ifname ppp-lns-test
- persist
- maxfail 0
- holdoff 5
- noipdefault
- lcp-echo-interval 20
- lcp-echo-failure 3
- hide-password
- nodefaultroute
- +ipv6
- debug
- '';
- };
- };
-
- /*
- networking.interfaces.lo.useDHCP = true;
- networking.interfaces.ppp-lns-test.useDHCP = true;
-
- networking.dhcpcd = {
- enable = true;
- extraConfig = ''
- interface ppp-lns-test
- ipv6rs
- ia_pd 0 lo/0
- '';
- };*/
-
- environment.etc."ppp/ip-up" = {
- text = ''
- #! ${pkgs.runtimeShell} -e
-
- ${pkgs.iproute2}/bin/ip route flush table 20001 || true
- ${pkgs.iproute2}/bin/ip route add default dev ppp-lns-test table 20001
- '';
- mode = "555";
- };
- environment.etc."ppp/ip-down" = {
- text = ''
- #! ${pkgs.runtimeShell} -e
-
- ${pkgs.iproute2}/bin/ip route flush table 20001 || true
- '';
- mode = "555";
- };
- environment.etc."ppp/ipv6-up" = {
- text = ''
- #! ${pkgs.runtimeShell} -e
-
- ${pkgs.iproute2}/bin/ip -6 route flush table 20001 || true
- ${pkgs.iproute2}/bin/ip -6 route add default dev ppp-lns-test table 20001
- '';
- mode = "555";
- };
- environment.etc."ppp/ipv6-down" = {
- text = ''
- #! ${pkgs.runtimeShell} -e
-
- ${pkgs.iproute2}/bin/ip -6 route flush table 20001 || true
- '';
- mode = "555";
- };
-
- petabyte.policyrouting = {
- enable = true;
- rules4 = [
- { rule = "from 212.218.16.237/32 lookup 20001"; prio = 19000; }
- { rule = "from 212.218.16.237/32 unreachable"; prio = 19001; }
- ];
- };
-
-}
diff --git a/hosts/astatine/programs.nix b/hosts/astatine/programs.nix
deleted file mode 100644
index f1e97de..0000000
--- a/hosts/astatine/programs.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-
-{
-
- environment.systemPackages = with pkgs; [
- tcpdump # for remote wireshark
- ];
-
-}
diff --git a/hosts/astatine/users.nix b/hosts/astatine/users.nix
deleted file mode 100644
index 3ccf4ad..0000000
--- a/hosts/astatine/users.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ ... }:
-
-{
- users.users.criese-nethinks = {
- extraGroups = [
- "wheel"
- ];
- };
-
-}
From 006877c4ae9d0cbe3b1623eb3048d6340a15ff0d Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Wed, 19 Mar 2025 20:07:37 +0100
Subject: [PATCH 2/3] hosts/astatine,hosts/beryllium,hosts/tungsten: Migrate to
systemd-networkd
Policy routing clashed with the fallback dhcp on any interface module
for some unknown reason, therefore wg-clerie is disabled on all of these
devices
---
hosts/astatine/configuration.nix | 16 ++++--
hosts/beryllium/configuration.nix | 67 ++++++++++++----------
hosts/tungsten/configuration.nix | 14 +++--
profiles/default.nix | 1 +
profiles/network-fallback-dhcp/default.nix | 22 +++++++
5 files changed, 79 insertions(+), 41 deletions(-)
create mode 100644 profiles/network-fallback-dhcp/default.nix
diff --git a/hosts/astatine/configuration.nix b/hosts/astatine/configuration.nix
index 1540759..ea8cac3 100644
--- a/hosts/astatine/configuration.nix
+++ b/hosts/astatine/configuration.nix
@@ -6,6 +6,8 @@
./hardware-configuration.nix
];
+ profiles.clerie.network-fallback-dhcp.enable = true;
+
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.loader.grub.enable = true;
@@ -16,11 +18,15 @@
terminal_output serial
";
- services.wg-clerie = {
- enable = true;
- ipv6s = [ "2a01:4f8:c0c:15f1::8108/128" ];
- ipv4s = [ "10.20.30.108/32" ];
- };
+ networking.useDHCP = false;
+
+ systemd.network.enable = true;
+
+ #services.wg-clerie = {
+ # enable = true;
+ # ipv6s = [ "2a01:4f8:c0c:15f1::8108/128" ];
+ # ipv4s = [ "10.20.30.108/32" ];
+ #};
clerie.monitoring = {
enable = true;
diff --git a/hosts/beryllium/configuration.nix b/hosts/beryllium/configuration.nix
index d053311..15235da 100644
--- a/hosts/beryllium/configuration.nix
+++ b/hosts/beryllium/configuration.nix
@@ -6,6 +6,8 @@
./hardware-configuration.nix
];
+ profiles.clerie.network-fallback-dhcp.enable = true;
+
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.loader.grub.enable = true;
@@ -18,42 +20,45 @@
networking.hostName = "beryllium";
+ networking.useDHCP = false;
+ systemd.network.enable = true;
+
networking.firewall.enable = false;
- networking.iproute2.enable = true;
- networking.iproute2.rttablesExtraConfig = ''
- 200 wg-clerie
- '';
+ #networking.iproute2.enable = true;
+ #networking.iproute2.rttablesExtraConfig = ''
+ # 200 wg-clerie
+ #'';
- petabyte.policyrouting = {
- enable = true;
- rules6 = [
- { rule = "from 2a01:4f8:c0c:15f1::8107/128 lookup wg-clerie"; prio = 20000; }
- { rule = "from 2a01:4f8:c0c:15f1::8107/128 unreachable"; prio = 20001; }
- ];
- rules4 = [
- { rule = "from 10.20.30.107/32 lookup wg-clerie"; prio = 20000; }
- { rule = "from 10.20.30.107/32 unreachable"; prio = 20001; }
- ];
- };
+ #petabyte.policyrouting = {
+ # enable = true;
+ # rules6 = [
+ # { rule = "from 2a01:4f8:c0c:15f1::8107/128 lookup wg-clerie"; prio = 20000; }
+ # { rule = "from 2a01:4f8:c0c:15f1::8107/128 unreachable"; prio = 20001; }
+ # ];
+ # rules4 = [
+ # { rule = "from 10.20.30.107/32 lookup wg-clerie"; prio = 20000; }
+ # { rule = "from 10.20.30.107/32 unreachable"; prio = 20001; }
+ # ];
+ #};
- networking.wireguard.enable = true;
- networking.wireguard.interfaces = {
- wg-clerie = {
- ips = [ "2a01:4f8:c0c:15f1::8107/128" "10.20.30.107/32" ];
- table = "wg-clerie";
- peers = [
- {
- endpoint = "vpn.clerie.de:51820";
- persistentKeepalive = 25;
- allowedIPs = [ "0.0.0.0/0" "::/0" "10.20.30.0/24" "2a01:4f8:c0c:15f1::/113" ];
- publicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=";
- }
- ];
- privateKeyFile = "/var/src/secrets/wireguard/wg-clerie";
- };
- };
+ #networking.wireguard.enable = true;
+ #networking.wireguard.interfaces = {
+ # wg-clerie = {
+ # ips = [ "2a01:4f8:c0c:15f1::8107/128" "10.20.30.107/32" ];
+ # table = "wg-clerie";
+ # peers = [
+ # {
+ # endpoint = "vpn.clerie.de:51820";
+ # persistentKeepalive = 25;
+ # allowedIPs = [ "0.0.0.0/0" "::/0" "10.20.30.0/24" "2a01:4f8:c0c:15f1::/113" ];
+ # publicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=";
+ # }
+ # ];
+ # privateKeyFile = "/var/src/secrets/wireguard/wg-clerie";
+ # };
+ #};
clerie.monitoring = {
enable = true;
diff --git a/hosts/tungsten/configuration.nix b/hosts/tungsten/configuration.nix
index d9b954e..f1028db 100644
--- a/hosts/tungsten/configuration.nix
+++ b/hosts/tungsten/configuration.nix
@@ -6,6 +6,8 @@
./hardware-configuration.nix
];
+ profiles.clerie.network-fallback-dhcp.enable = true;
+
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.loader.grub.enable = true;
@@ -16,14 +18,16 @@
terminal_output serial
";
+ networking.useDHCP = false;
+ systemd.network.enable = true;
networking.hostName = "tungsten";
- services.wg-clerie = {
- enable = true;
- ipv6s = [ "2a01:4f8:c0c:15f1::8112/128" ];
- ipv4s = [ "10.20.30.112/32" ];
- };
+ #services.wg-clerie = {
+ # enable = true;
+ # ipv6s = [ "2a01:4f8:c0c:15f1::8112/128" ];
+ # ipv4s = [ "10.20.30.112/32" ];
+ #};
clerie.monitoring = {
enable = true;
diff --git a/profiles/default.nix b/profiles/default.nix
index 6192023..04aecfb 100644
--- a/profiles/default.nix
+++ b/profiles/default.nix
@@ -8,6 +8,7 @@
./hetzner-cloud
./mercury-vm
./netcup
+ ./network-fallback-dhcp
];
}
diff --git a/profiles/network-fallback-dhcp/default.nix b/profiles/network-fallback-dhcp/default.nix
new file mode 100644
index 0000000..1d1402c
--- /dev/null
+++ b/profiles/network-fallback-dhcp/default.nix
@@ -0,0 +1,22 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+
+ options.profiles.clerie.network-fallback-dhcp = {
+ enable = mkEnableOption "Profile for systemd-network falling back to DHCP on all interfaces";
+ };
+
+ config = mkIf config.profiles.clerie.network-fallback-dhcp.enable {
+
+ systemd.network.wait-online.anyInterface = true;
+
+ systemd.network.networks."90-lan-dhcp" = {
+ matchConfig.Type = "ether";
+ networkConfig.DHCP = true;
+ linkConfig.RequiredForOnline = "routable";
+ };
+
+ };
+}
From a32e30bb7365099b5daa9f8ee73580f9241f259f Mon Sep 17 00:00:00 2001
From: Flake Update Bot <flake-update-bot@clerie.de>
Date: Thu, 20 Mar 2025 03:04:06 +0100
Subject: [PATCH 3/3] Update nixpkgs 2025-03-20-02-03
---
flake.lock | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/flake.lock b/flake.lock
index e7345fc..372528d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -533,11 +533,11 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1742069588,
- "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=",
+ "lastModified": 1742288794,
+ "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5",
+ "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42",
"type": "github"
},
"original": {