1
0
vcp-bula-nixfiles/hosts/pre-router/ipv6.nix

59 lines
1.8 KiB
Nix
Raw Normal View History

2022-07-07 11:15:52 +02:00
{ config, pkgs, ...}:
{
environment.systemPackages = with pkgs; [
wireguard-tools
];
networking = {
firewall.allowedUDPPorts = [ 51820 ];
firewall.trustedInterfaces = [ "ens19"];
iproute2.enable = true;
iproute2.rttablesExtraConfig = ''
100 PUBLIC6
'';
wireguard.enable = true;
wireguard.interfaces = {
wg0 = {
ips = [ "fe80::42:10:1/64" ];
privateKeyFile = "/var/src/secrets/wireguard/wg0";
2022-07-07 11:15:52 +02:00
listenPort = 51820;
allowedIPsAsRoutes = false;
postSetup = ''
ip -6 rule add from 2a01:4f8:1c0c:8221::/64 lookup PUBLIC6
ip -6 route add default via fe80::1 dev wg0 table PUBLIC6
'';
peers = [{
publicKey = "Y++eB9SfU17zB4mJ/6AaN761tngXAyTNoVaPNKmuvls=";
allowedIPs = [ "::/0" ];
endpoint = "78.47.183.82:51876";
#endpoint = "gatekeeper.net.clerie.de:51876";
persistentKeepalive = 25;
}];
};
};
};
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking.interfaces.ens19.ipv6.addresses = [
{ address = "fd00:10:42:10::25"; prefixLength = 64; }
{ address = "2a01:4f8:1c0c:8221::1"; prefixLength = 64; }
{ address = "2a01:4f8:1c0c:8221::25"; prefixLength = 64; }
];
2022-07-07 11:15:52 +02:00
services.corerad = {
enable = true;
settings = {
interfaces = [
{
name = "ens19";
advertise = true;
prefix = [{ prefix = "2a01:4f8:1c0c:8221::/64";}];
mtu = 1420;
}];
debug = {
address = "localhost:9430";
prometheus = true;
};
};
};
}