summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2023-11-30 18:20:54 +0530
committersinanmohd <sinan@sinanmohd.com>2023-12-01 15:10:54 +0530
commit53c634233aa21c04c461af69cd819e05c3050eff (patch)
treef4b840cf73a7c1471107e757e5dedae2c55d5b0f
parentd5c9cab03b17950bdde4c9dfc85ff2580752419c (diff)
kay/network/he: init
-rw-r--r--hosts/kay/modules/hurricane.nix47
-rw-r--r--hosts/kay/modules/network.nix5
-rw-r--r--hosts/kay/secrets.yaml10
-rw-r--r--modules/pppd.nix2
4 files changed, 59 insertions, 5 deletions
diff --git a/hosts/kay/modules/hurricane.nix b/hosts/kay/modules/hurricane.nix
new file mode 100644
index 0000000..9d350ac
--- /dev/null
+++ b/hosts/kay/modules/hurricane.nix
@@ -0,0 +1,47 @@
+{ config, pkgs, ... }:
+
+let
+ iface = "hurricane";
+ tunEndIface = "ppp0";
+ remote = "216.218.221.42";
+ address = "2001:470:35:72a::2";
+ prefixLength = 64;
+in
+{
+ networking.sits.${iface} = {
+ inherit remote;
+ local = "127.0.0.1";
+ ttl = 225;
+ dev = tunEndIface;
+ };
+ networking.interfaces.${iface}.ipv6.addresses = [{
+ inherit prefixLength address;
+ }];
+
+ sops.secrets = {
+ "hurricane/username" = {};
+ "hurricane/update_key" = {};
+ "hurricane/tunnel_id" = {};
+ };
+
+ services.pppd.script."02-${iface}" = {
+ runtimeInputs = with pkgs; [ curl coreutils iproute2 ];
+ text = ''
+ wan_ip="$4"
+ username="$(cat ${config.sops.secrets."hurricane/username".path})"
+ update_key="$(cat ${config.sops.secrets."hurricane/update_key".path})"
+ tunnel_id="$(cat ${config.sops.secrets."hurricane/tunnel_id".path})"
+
+ auth_url="https://$username:$update_key@ipv4.tunnelbroker.net/nic/update?hostname=$tunnel_id"
+ until curl --silent "$auth_url"; do
+ sleep 5
+ done
+
+ while [ ! -e /sys/class/net/${iface} ]; do
+ sleep 1 # make sure ${iface} is up
+ done
+
+ ip tunnel change ${iface} local "$wan_ip" mode sit
+ '';
+ };
+}
diff --git a/hosts/kay/modules/network.nix b/hosts/kay/modules/network.nix
index cd90268..4714295 100644
--- a/hosts/kay/modules/network.nix
+++ b/hosts/kay/modules/network.nix
@@ -7,7 +7,10 @@ let
domain = config.userdata.domain;
in
{
- imports = [ ./router.nix ];
+ imports = [
+ ./router.nix
+ ./hurricane.nix
+ ];
sops.secrets = {
"ppp/chap-secrets" = {};
diff --git a/hosts/kay/secrets.yaml b/hosts/kay/secrets.yaml
index 6a6c81d..d23526d 100644
--- a/hosts/kay/secrets.yaml
+++ b/hosts/kay/secrets.yaml
@@ -2,6 +2,10 @@ ppp:
chap-secrets: ENC[AES256_GCM,data:4POH1o4VOKg0ZGYOZ+gIZJGlSxaRq101zMjjp/+BSlmZAz+cOc9+Kw==,iv:IC1Ii+rnTvFa0F2bi0fnEAEO7XWV7Wues9T+28bhDnc=,tag:Yatte1K8N3rrTFppc0p7Qw==,type:str]
pap-secrets: ENC[AES256_GCM,data:K92+nAzZtBEUijXUq26eidWNJL38VvoCx8PlCtWxxgAcZCA/CW1DVg==,iv:4kNHSZ3+FMA9ROLEgrU38IWd+MBt+vf8CV3WGHkRCCc=,tag:YLiRrrCiymVOCcVzs+AVFw==,type:str]
username: ENC[AES256_GCM,data:Xa6wBxpAtaKwsbEeudVvkpsX6CPG8E3Aku1zTi0o6Kdy9Q==,iv:yTRruKpMda4N2J3Z8MEesrFxqV4g1usbYoxTeKlWf4M=,tag:gTsn7HzgE3tHTIo2MVN12g==,type:str]
+hurricane:
+ username: ENC[AES256_GCM,data:NXfBArIE7B40,iv:stBkppjkDC9nvV/fHaEtfs6KskoiqqEKxCp/KC+Xxeo=,tag:UeSZc20JghP8oT+R8RubXw==,type:str]
+ update_key: ENC[AES256_GCM,data:5qYBHLJngitUoy1vzEho/MJtXUxKY8imsjW0trvyl37LdnVZs3ZKPQ==,iv:b93JvsfWppqlJtZxGAa3xbXgLEFs0A5Seq5pNjTnRW4=,tag:6ZlWGmgaMuxHsR3rSpV0fw==,type:str]
+ tunnel_id: ENC[AES256_GCM,data:Fb8qazGD,iv:W8k0pyrAQz+UWtm76uvmzodJ2lZG4ioxrVMWjX1kIVM=,tag:DpmLdvR1oOC4TKmQv/VqIw==,type:str]
misc:
namecheap.com: ENC[AES256_GCM,data:8sN1/APumZDclTAeYEy4nidGbvooDK6Us0yOZBbG4oU=,iv:WGof33ezbBpFmnWTWS9gzDayJpz2BVMTPsShYY+nuXY=,tag:ky/ucGEHWBtWwGcwK+1nhw==,type:str]
wireguard: ENC[AES256_GCM,data:4GIb92p8VE/TUqLc7AztSKRc6soS7n+O/i4v1ltSqZkU8cEPyZMNRpIvXRQ=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:wr1YJbcG1L5wI01rCwv1zQ==,type:str]
@@ -21,8 +25,8 @@ sops:
bUY4eisvWDIxdWplQjlod0hIcjVGNlUKYkA9hUTHuWgST3UUr7ACtmgC9s5SGEAp
ker5KUGGi1fHgGlsPKHmnJSvikkVFlOVAhVa8R6X02l8FJf0lcjOYA==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-09-11T09:19:36Z"
- mac: ENC[AES256_GCM,data:AD8zSHtdhNiRxas3N5EDnkdW2G5Eo3dChX99B2w6zPN5MhspS6CMY03whQkRkvPiWOxfMNE321lqlPvPgsqsfcyKeZuGWj902K1DFpz4YlrfqKZfmCk8xzd8OEMOAflpHGQ8lt0oSg96k/yXZ3bee/AEdpgeHmhOTzWTkaXGIOk=,iv:j4WhRUjOmOA3/AiIsOgjiRvm7GTT4Xi8MrLQloZAv24=,tag:u+Jp4GF42u3wm+6gMiP+eQ==,type:str]
+ lastmodified: "2023-12-01T04:04:29Z"
+ mac: ENC[AES256_GCM,data:H/UBa9IBJGjnUhfdOfaUsVpUN/P1bF+RgXXsV+TMvhDo9qX0VsjGV3F+dmzMdEeleTYUGSBL8vxudKaE2aZwXgAmz3ViuRqwAGCQa76twv4CwFBNIBMiZe9ljJe4GoHT2GGzeVhDnkuQuhkjrNKOqfX5jz4BUYby3Ku5UuBakxA=,iv:sjfMuqYgnfekK3SqYH6zKsAkmgj9nB7DFC1OnobdbCs=,tag:l0ndfqus1l12KSzCi+77Ig==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
- version: 3.7.3
+ version: 3.8.1
diff --git a/modules/pppd.nix b/modules/pppd.nix
index 772cb29..27b4170 100644
--- a/modules/pppd.nix
+++ b/modules/pppd.nix
@@ -153,7 +153,7 @@ in
# see the pppd(8) man page
for s in /etc/ppp/${name}.d/*.sh; do
- [ -x "$s" ] && "$s" "$@"
+ [ -x "$s" ] && "$s" "$@" &
done
'';
};