diff options
author | sinanmohd <sinan@sinanmohd.com> | 2023-10-28 22:58:37 +0530 |
---|---|---|
committer | sinanmohd <sinan@sinanmohd.com> | 2023-10-29 11:14:08 +0530 |
commit | 220732df77e7533e77421df7c1d8195dc6d0cdae (patch) | |
tree | 0d0bf2d385876d7c7888b8e923218f0970538f3c /hosts | |
parent | e3dfb27a38de7231c2fd9addc8a7b2f8c3a0409e (diff) |
kay/network: refactor
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/kay/modules/network.nix | 43 | ||||
-rw-r--r-- | hosts/kay/modules/router.nix | 6 | ||||
-rw-r--r-- | hosts/kay/modules/wireguard.nix | 4 |
3 files changed, 27 insertions, 26 deletions
diff --git a/hosts/kay/modules/network.nix b/hosts/kay/modules/network.nix index 12788c6..95832d8 100644 --- a/hosts/kay/modules/network.nix +++ b/hosts/kay/modules/network.nix @@ -3,14 +3,11 @@ let inetVlan = 722; wanInterface = "enp4s0"; - domain = config.userdata.domain; nameServer = "1.0.0.1"; + domain = config.userdata.domain; in { - imports = [ - ./wireguard.nix - ./router.nix - ]; + imports = [ ./router.nix ]; sops.secrets = { "ppp/chap-secrets" = {}; @@ -20,7 +17,6 @@ in }; networking = { - enableIPv6 = false; vlans.wan = { id = inetVlan; interface = wanInterface; @@ -33,34 +29,37 @@ in settings.server = [ nameServer ]; }; pppd = { - secret = { - chap = config.sops.secrets."ppp/chap-secrets".path; - pap = config.sops.secrets."ppp/pap-secrets".path; - }; enable = true; config = '' plugin pppoe.so nic-wan defaultroute + persist + mtu 1380 noauth + noipv6 ''; - script."01-ddns" = { - runtimeInputs = with pkgs; [ curl coreutils ]; - text = '' - wan_ip="$4" - api_key="$(cat ${config.sops.secrets."misc/namecheap.com".path})" - auth_url="https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password=''${api_key}&ip=" - - until curl --silent "$auth_url$wan_ip"; do - sleep 5 - done - ''; - }; peers.bsnl = { enable = true; autostart = true; configFile = config.sops.secrets."ppp/username".path; }; + secret = { + chap = config.sops.secrets."ppp/chap-secrets".path; + pap = config.sops.secrets."ppp/pap-secrets".path; + }; + script."01-ddns" = { + runtimeInputs = with pkgs; [ curl coreutils ]; + text = '' + wan_ip="$4" + api_key="$(cat ${config.sops.secrets."misc/namecheap.com".path})" + auth_url="https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password=''${api_key}&ip=" + + until curl --silent "$auth_url$wan_ip"; do + sleep 5 + done + ''; + }; }; }; } diff --git a/hosts/kay/modules/router.nix b/hosts/kay/modules/router.nix index cf748ce..cc9aaae 100644 --- a/hosts/kay/modules/router.nix +++ b/hosts/kay/modules/router.nix @@ -1,15 +1,17 @@ { ... }: let - lanInterface = "enp4s0"; + lanInterface = "enp0s20u1"; wanInterface = "ppp0"; subnet = "10.0.0.0"; prefix = 24; host = "10.0.0.1"; leaseRangeStart = "10.0.0.100"; - leaseRangeEnd = "10.0.0.240"; + leaseRangeEnd = "10.0.0.254"; in { + imports = [ ./wireguard.nix ]; + networking = { nat = { enable = true; diff --git a/hosts/kay/modules/wireguard.nix b/hosts/kay/modules/wireguard.nix index efafdcb..af489ca 100644 --- a/hosts/kay/modules/wireguard.nix +++ b/hosts/kay/modules/wireguard.nix @@ -26,7 +26,7 @@ in wireguard.interfaces.${wgInterface} = { ips = [ "10.0.1.1/${toString prefix}" ]; listenPort = port; - mtu = 1380; # 1460 (ppp0) - 80 + mtu = 1300; # 1380 (ppp0) - 80 privateKeyFile = config.sops.secrets."misc/wireguard".path; peers = [ @@ -34,7 +34,7 @@ in publicKey = "IcMpAs/D0u8O/AcDBPC7pFUYSeFQXQpTqHpGOeVpjS8="; allowedIPs = [ "10.0.1.2/32" ]; } - { # veu + { # vex publicKey = "bJ9aqGYD2Jh4MtWIL7q3XxVHFuUdwGJwO8p7H3nNPj8="; allowedIPs = [ "10.0.1.3/32" ]; } |