voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

Home: Advertise local v6 subnet.

Browse source
This commit is contained in:
Dmitry Voronin 2024-12-02 08:59:02 +03:00
parent 79a835b2bd
commit f1ddca8b18
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
3 changed files with 20 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
container/Dns.nix
View file

@ -112,7 +112,7 @@ in {
in { in {
# All subdomains to current host. # All subdomains to current host.
# ${config.container.domain} = config.container.host; # ${config.container.domain} = config.container.host;
"voronind.com" = "10.0.0.1"; "voronind.com" = "10.0.0.1,fd09:8d46:b26::1";
} }
// block "gosuslugi.ru" // block "gosuslugi.ru"
// block "rutube.ru" // block "rutube.ru"

22
host/x86_64-linux/home/Ddns.nix
View file

@ -1,22 +0,0 @@
{ ... }: {
services.cloudflare-dyndns = {
enable = true;
apiTokenFile = "/storage/hot/container/ddns/data/token";
deleteMissing = false;
ipv4 = true;
ipv6 = true;
proxied = false;
domains = let
domain = "voronind.com";
in [
domain
] ++ map (sub: "${sub}.${domain}") [
"cloud"
"git"
"mail"
"office"
"paste"
"vpn"
];
};
}

30
host/x86_64-linux/home/Network.nix
View file

@ -1,5 +1,5 @@
# 10.0.0.0/24 - phys clients (lan). # 10.0.0.0/24 & fd09:8d46:0b26::/48 - phys clients (lan).
# 10.1.0.0/24 - containers. # 10.1.0.0/24 & fd76:c80a:8e86::/48 - containers.
# 10.1.1.0/24 - vpn clients. # 10.1.1.0/24 - vpn clients.
{ {
config, config,
@ -8,9 +8,10 @@
util, util,
... ...
}: let }: let
external = "188.242.247.132"; # Wan host IP address. external = "188.242.247.132"; # Wan host IP address.
internal = "10.0.0.1"; # Lan host IP address. internal = "10.0.0.1"; # Lan host IP address.
wifi = "10.0.0.2"; # Wifi router IP address. external6 = "2a05:3580:f42c:c800:aaa1:59ff:fe47:fda2"; # Wan host IP6 address.
internal6 = "fd09:8d46:b26::1"; # Lan host IP6 address.
lan = "br0"; # Lan interface. lan = "br0"; # Lan interface.
wan = "enp8s0"; # Wan interface. wan = "enp8s0"; # Wan interface.
@ -78,10 +79,10 @@ in {
}; };
"30-${lan}" = { "30-${lan}" = {
matchConfig.Name = lan; matchConfig.Name = lan;
bridgeConfig = {};
linkConfig.RequiredForOnline = "carrier"; linkConfig.RequiredForOnline = "carrier";
address = [ address = [
"10.0.0.1/24" "${internal}/24"
"${internal6}/48"
]; ];
networkConfig = { networkConfig = {
DHCPPrefixDelegation = true; DHCPPrefixDelegation = true;
@ -90,16 +91,22 @@ in {
IPv6SendRA = true; IPv6SendRA = true;
}; };
ipv6SendRAConfig = { ipv6SendRAConfig = {
# EmitDNS = true; EmitDNS = true;
# DNS = ":self"; DNS = internal6;
}; };
ipv6Prefixes = [
{
AddressAutoconfiguration = true;
Prefix = "${internal6}/64";
}
];
dhcpPrefixDelegationConfig = { dhcpPrefixDelegationConfig = {
Announce = true; Announce = true;
SubnetId = 1; SubnetId = 1;
UplinkInterface = wan; UplinkInterface = wan;
}; };
dhcpServerConfig = { dhcpServerConfig = {
DNS = "10.0.0.1"; DNS = internal;
DefaultLeaseTimeSec = "12h"; DefaultLeaseTimeSec = "12h";
EmitDNS = true; EmitDNS = true;
EmitNTP = true; EmitNTP = true;
@ -108,7 +115,7 @@ in {
MaxLeaseTimeSec = "24h"; MaxLeaseTimeSec = "24h";
PoolOffset = 100; PoolOffset = 100;
PoolSize = 150; PoolSize = 150;
ServerAddress = "10.0.0.1/24"; ServerAddress = "${internal}/24";
Timezone = const.timeZone; Timezone = const.timeZone;
UplinkInterface = wan; UplinkInterface = wan;
}; };
@ -176,6 +183,7 @@ in {
# Full access from Lan. # Full access from Lan.
iptables -I INPUT -j ACCEPT -i ${lan} -d ${internal} iptables -I INPUT -j ACCEPT -i ${lan} -d ${internal}
ip6tables -I INPUT -j ACCEPT -i ${lan} -d ${internal6}
# Allow DHCP. # Allow DHCP.
iptables -I INPUT -j ACCEPT -i ${lan} -p udp --dport 67 iptables -I INPUT -j ACCEPT -i ${lan} -p udp --dport 67