summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2023-10-28 22:58:37 +0530
committersinanmohd <sinan@sinanmohd.com>2023-10-29 11:14:08 +0530
commit220732df77e7533e77421df7c1d8195dc6d0cdae (patch)
tree0d0bf2d385876d7c7888b8e923218f0970538f3c /hosts
parente3dfb27a38de7231c2fd9addc8a7b2f8c3a0409e (diff)
kay/network: refactor
Diffstat (limited to 'hosts')
-rw-r--r--hosts/kay/modules/network.nix43
-rw-r--r--hosts/kay/modules/router.nix6
-rw-r--r--hosts/kay/modules/wireguard.nix4
3 files changed, 27 insertions, 26 deletions
diff --git a/hosts/kay/modules/network.nix b/hosts/kay/modules/network.nix
index 12788c6..95832d8 100644
--- a/hosts/kay/modules/network.nix
+++ b/hosts/kay/modules/network.nix
@@ -3,14 +3,11 @@
let
inetVlan = 722;
wanInterface = "enp4s0";
- domain = config.userdata.domain;
nameServer = "1.0.0.1";
+ domain = config.userdata.domain;
in
{
- imports = [
- ./wireguard.nix
- ./router.nix
- ];
+ imports = [ ./router.nix ];
sops.secrets = {
"ppp/chap-secrets" = {};
@@ -20,7 +17,6 @@ in
};
networking = {
- enableIPv6 = false;
vlans.wan = {
id = inetVlan;
interface = wanInterface;
@@ -33,34 +29,37 @@ in
settings.server = [ nameServer ];
};
pppd = {
- secret = {
- chap = config.sops.secrets."ppp/chap-secrets".path;
- pap = config.sops.secrets."ppp/pap-secrets".path;
- };
enable = true;
config = ''
plugin pppoe.so
nic-wan
defaultroute
+ persist
+ mtu 1380
noauth
+ noipv6
'';
- script."01-ddns" = {
- runtimeInputs = with pkgs; [ curl coreutils ];
- text = ''
- wan_ip="$4"
- api_key="$(cat ${config.sops.secrets."misc/namecheap.com".path})"
- auth_url="https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password=''${api_key}&ip="
-
- until curl --silent "$auth_url$wan_ip"; do
- sleep 5
- done
- '';
- };
peers.bsnl = {
enable = true;
autostart = true;
configFile = config.sops.secrets."ppp/username".path;
};
+ secret = {
+ chap = config.sops.secrets."ppp/chap-secrets".path;
+ pap = config.sops.secrets."ppp/pap-secrets".path;
+ };
+ script."01-ddns" = {
+ runtimeInputs = with pkgs; [ curl coreutils ];
+ text = ''
+ wan_ip="$4"
+ api_key="$(cat ${config.sops.secrets."misc/namecheap.com".path})"
+ auth_url="https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password=''${api_key}&ip="
+
+ until curl --silent "$auth_url$wan_ip"; do
+ sleep 5
+ done
+ '';
+ };
};
};
}
diff --git a/hosts/kay/modules/router.nix b/hosts/kay/modules/router.nix
index cf748ce..cc9aaae 100644
--- a/hosts/kay/modules/router.nix
+++ b/hosts/kay/modules/router.nix
@@ -1,15 +1,17 @@
{ ... }:
let
- lanInterface = "enp4s0";
+ lanInterface = "enp0s20u1";
wanInterface = "ppp0";
subnet = "10.0.0.0";
prefix = 24;
host = "10.0.0.1";
leaseRangeStart = "10.0.0.100";
- leaseRangeEnd = "10.0.0.240";
+ leaseRangeEnd = "10.0.0.254";
in
{
+ imports = [ ./wireguard.nix ];
+
networking = {
nat = {
enable = true;
diff --git a/hosts/kay/modules/wireguard.nix b/hosts/kay/modules/wireguard.nix
index efafdcb..af489ca 100644
--- a/hosts/kay/modules/wireguard.nix
+++ b/hosts/kay/modules/wireguard.nix
@@ -26,7 +26,7 @@ in
wireguard.interfaces.${wgInterface} = {
ips = [ "10.0.1.1/${toString prefix}" ];
listenPort = port;
- mtu = 1380; # 1460 (ppp0) - 80
+ mtu = 1300; # 1380 (ppp0) - 80
privateKeyFile = config.sops.secrets."misc/wireguard".path;
peers = [
@@ -34,7 +34,7 @@ in
publicKey = "IcMpAs/D0u8O/AcDBPC7pFUYSeFQXQpTqHpGOeVpjS8=";
allowedIPs = [ "10.0.1.2/32" ];
}
- { # veu
+ { # vex
publicKey = "bJ9aqGYD2Jh4MtWIL7q3XxVHFuUdwGJwO8p7H3nNPj8=";
allowedIPs = [ "10.0.1.3/32" ];
}