profiles/dn42-router: Take over config from configuration/dn42

2025-03-22 17:11:59 +01:00 · 2025-03-22 17:11:59 +01:00 · cfbeab8706
commit cfbeab8706
parent 032987bce5
2 changed files with 19 additions and 1 deletions
--- a/hosts/dn42-il-gw5/configuration.nix
+++ b/hosts/dn42-il-gw5/configuration.nix
@ -4,7 +4,6 @@
  imports =
    [
      ./hardware-configuration.nix
-      ../../configuration/dn42
    ];

  profiles.clerie.mercury-vm.enable = true;
--- a/profiles/dn42-router/default.nix
+++ b/profiles/dn42-router/default.nix
@ -103,6 +103,25 @@ in {
    };
    systemd.network.config.addRouteTablesToIPRoute2 = true;

+    environment.systemPackages = with pkgs; [
+      wireguard-tools
+    ];
+
+    boot.kernel.sysctl = {
+      "net.ipv4.ip_forward" = true;
+      "net.ipv6.conf.all.forwarding" = true;
+    };
+
+    networking.firewall.checkReversePath = false;
+
+    # Open Firewall for BGP
+    networking.firewall.allowedTCPPorts = [ 179 ];
+    # Open Fireall for OSPF
+    networking.firewall.extraCommands = ''
+      ip6tables -A INPUT -p ospfigp -j ACCEPT
+      iptables -A INPUT -p ospfigp -j ACCEPT
+    '';
+
    systemd.network.netdevs."10-lo-dn42" = {
      netdevConfig = {
        Kind = "dummy";