diff --git a/hosts/nonat/configuration.nix b/hosts/nonat/configuration.nix index 2487663..a92738f 100644 --- a/hosts/nonat/configuration.nix +++ b/hosts/nonat/configuration.nix @@ -16,15 +16,6 @@ networking.hostName = "nonat"; networking.useDHCP = false; - # Local Router IPs - networking.interfaces.lo.ipv6.addresses = [ - { address = "fd00:152:152:103::1"; prefixLength = 64; } - { address = "fd00:152:152::1"; prefixLength = 128; } # Anycast - ]; - networking.interfaces.lo.ipv4.addresses = [ - { address = "10.152.103.1"; prefixLength = 24; } - { address = "10.152.0.1"; prefixLength = 32; } # Anycast - ]; # Network networking.interfaces.ens18.ipv4.addresses = [ { address = "141.24.46.169"; prefixLength = 24; } @@ -39,140 +30,20 @@ networking.interfaces.ens19.ipv4.addresses = [ { address = "192.168.10.1"; prefixLength = 24; } ]; + networking.nat = { enableIPv6 = true; enable = true; externalInterface = "ens18"; - externalIPv6 = (lib.head config.networking.interfaces.ens18.ipv6.addresses).address; - externalIP = (lib.head config.networking.interfaces.ens18.ipv4.addresses).address; internalInterfaces = [ "ens19" ]; - internalIPv6s = [ "fd00:152:152::/48" ]; - internalIPs = [ "10.152.0.0/16" ]; }; - networking.wireguard.enable = true; - networking.wireguard.interfaces = { - wg-gatekeeper6 = { - ips = [ "fe80::128:2/64" "169.254.128.2/24" ]; - peers = [ { - allowedIPs = [ "0.0.0.0/0" "::/0" ]; - endpoint = "[2a01:4f8:c0c:15f1::1]:50128"; - publicKey = "7QHjiBbWhpOw4OX3Ye58v0YEOqhdfGJSyaHCdiCa20Q="; - } ]; - listenPort = 50128; - allowedIPsAsRoutes = false; - privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper6"; - }; - wg-porter6 = { - ips = [ "fe80::1337:2/64" "169.254.137.2/24" ]; - peers = [ { - allowedIPs = [ "0.0.0.0/0" "::/0" ]; - endpoint = "[2a03:4000:6:48d::1]:51337"; - publicKey = "TzQV60SvPZuJ9yTzvyGwejyXw1SlKkilS4UUvrQcyGk="; - } ]; - listenPort = 51337; - allowedIPsAsRoutes = false; - privateKeyFile = "/var/src/secrets/wireguard/wg-porter6"; - }; - }; - - networking.firewall.allowedUDPPorts = [ 50128 51337 ]; - - services.bird2.enable = true; - services.bird2.config = '' - router id ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address }; - - ipv6 table ospf6; - ipv4 table ospf4; - - protocol direct direct_lo { - interface "lo"; - ipv6 { - table ospf6; - }; - ipv4 { - table ospf4; - }; - } - - protocol direct direct_ens19 { - interface "ens19"; - ipv6 { - table ospf6; - }; - ipv4 { - table ospf4; - }; - } - - protocol kernel kernel_ospf6 { - ipv6 { - table ospf6; - export filter { - krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv6.addresses).address }; - accept; - }; - import none; - }; - } - - protocol kernel kernel_ospf4 { - ipv4 { - table ospf4; - export filter { - krt_prefsrc=${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address }; - accept; - }; - import none; - }; - } - - protocol ospf v3 ospf_6 { - ipv6 { - table ospf6; - import all; - export all; - }; - area 0 { - interface "wg-gatekeeper6" { - cost 80; - type pointopoint; - }; - interface "wg-porter6" { - cost 80; - type pointopoint; - }; - }; - } - - protocol ospf v3 ospf_4 { - ipv4 { - table ospf4; - import all; - export all; - }; - area 0 { - interface "wg-gatekeeper6" { - cost 80; - type pointopoint; - }; - interface "wg-porter6" { - cost 80; - type pointopoint; - }; - }; - } - - protocol device { - scan time 10; - } - ''; + networking.firewall.allowedUDPPorts = []; clerie.monitoring = { enable = true; id = "103"; pubkey = "BHRfdK+HsoBXQHgLXotMnfPgfRrsVNHdSg19fvS2kg4="; - bird = true; }; system.stateVersion = "21.03";