kay/network/he: init

2 files changed, 51 insertions, 1 deletions

diff --git a/hosts/kay/modules/hurricane.nix b/hosts/kay/modules/hurricane.nix
new file mode 100644
index 0000000..9d350ac
--- /dev/null
+++ b/hosts/kay/modules/hurricane.nix
@@ -0,0 +1,47 @@
+{ config, pkgs, ... }:
+
+let
+  iface = "hurricane";
+  tunEndIface = "ppp0";
+  remote = "216.218.221.42";
+  address = "2001:470:35:72a::2";
+  prefixLength = 64;
+in
+{
+  networking.sits.${iface} = {
+    inherit remote;
+    local = "127.0.0.1";
+    ttl = 225;
+    dev = tunEndIface;
+  };
+  networking.interfaces.${iface}.ipv6.addresses = [{
+    inherit prefixLength address;
+  }];
+
+  sops.secrets = {
+    "hurricane/username" = {};
+    "hurricane/update_key" = {};
+    "hurricane/tunnel_id" = {};
+  };
+
+  services.pppd.script."02-${iface}" = {
+    runtimeInputs = with pkgs; [ curl coreutils iproute2 ];
+    text = ''
+      wan_ip="$4"
+      username="$(cat ${config.sops.secrets."hurricane/username".path})"
+      update_key="$(cat ${config.sops.secrets."hurricane/update_key".path})"
+      tunnel_id="$(cat ${config.sops.secrets."hurricane/tunnel_id".path})"
+
+      auth_url="https://$username:$update_key@ipv4.tunnelbroker.net/nic/update?hostname=$tunnel_id"
+      until curl --silent "$auth_url"; do
+          sleep 5
+      done
+
+      while [ ! -e /sys/class/net/${iface} ]; do
+        sleep 1 # make sure ${iface} is up
+      done
+
+      ip tunnel change ${iface} local "$wan_ip" mode sit
+    '';
+  };
+}
diff --git a/hosts/kay/modules/network.nix b/hosts/kay/modules/network.nix
index cd90268..4714295 100644
--- a/hosts/kay/modules/network.nix
+++ b/hosts/kay/modules/network.nix
@@ -7,7 +7,10 @@ let
   domain = config.userdata.domain;
 in
 {
-  imports = [ ./router.nix ];
+  imports = [
+    ./router.nix
+    ./hurricane.nix
+  ];
 
   sops.secrets = {
     "ppp/chap-secrets" = {};