diff options
Diffstat (limited to 'hosts/kay/modules/hurricane.nix')
| -rw-r--r-- | hosts/kay/modules/hurricane.nix | 55 |
1 files changed, 49 insertions, 6 deletions
diff --git a/hosts/kay/modules/hurricane.nix b/hosts/kay/modules/hurricane.nix index 25e0721..d0a0531 100644 --- a/hosts/kay/modules/hurricane.nix +++ b/hosts/kay/modules/hurricane.nix @@ -4,16 +4,25 @@ let iface = "hurricane"; remote = "216.218.221.42"; address = "2001:470:35:72a::2"; + gateway = "2001:470:35:72a::1"; prefixLength = 64; + prefix = "2001:470:35:72a::/${toString prefixLength}"; in { - networking.sits.${iface} = { - inherit remote; - ttl = 225; + networking = { + sits.${iface} = { + inherit remote; + ttl = 225; + }; + interfaces.${iface}.ipv6.addresses = [{ + inherit prefixLength address; + }]; + + iproute2 = { + enable = true; + rttablesExtraConfig = "200 hurricane"; + }; }; - networking.interfaces.${iface}.ipv6.addresses = [{ - inherit prefixLength address; - }]; sops.secrets = { "hurricane/username" = {}; @@ -21,6 +30,40 @@ in "hurricane/tunnel_id" = {}; }; + systemd.services."network-route-${iface}" = { + description = "Routing configuration of ${iface}"; + wantedBy = [ + "network-setup.service" + "network.target" + ]; + before = [ "network-setup.service" ]; + bindsTo = [ "network-addresses-hurricane.service" ]; + after = [ "network-pre.target" "network-addresses-hurricane.service" ]; + # restart rather than stop+start this unit to prevent the + # network from dying during switch-to-configuration. + stopIfChanged = false; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + path = [ pkgs.iproute2 ]; + script = '' + echo -n "adding route ${prefix}... " + + ip -6 rule add from ${prefix} table hurricane || exit 1 + ip -6 route add default via ${gateway} dev hurricane table hurricane || exit 1 + ''; + preStop = '' + echo -n "deleting route $prefix... " + + ip -6 route del default via ${gateway} dev hurricane table hurricane || exit 1 + ip -6 rule del from ${prefix} table hurricane || exit 1 + ''; + }; + + services.pppd.script."02-${iface}" = { runtimeInputs = with pkgs; [ curl coreutils iproute2 ]; text = '' |