summaryrefslogtreecommitdiff
path: root/hosts/kay/modules/hurricane.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/kay/modules/hurricane.nix')
-rw-r--r--hosts/kay/modules/hurricane.nix47
1 files changed, 47 insertions, 0 deletions
diff --git a/hosts/kay/modules/hurricane.nix b/hosts/kay/modules/hurricane.nix
new file mode 100644
index 0000000..9d350ac
--- /dev/null
+++ b/hosts/kay/modules/hurricane.nix
@@ -0,0 +1,47 @@
+{ config, pkgs, ... }:
+
+let
+ iface = "hurricane";
+ tunEndIface = "ppp0";
+ remote = "216.218.221.42";
+ address = "2001:470:35:72a::2";
+ prefixLength = 64;
+in
+{
+ networking.sits.${iface} = {
+ inherit remote;
+ local = "127.0.0.1";
+ ttl = 225;
+ dev = tunEndIface;
+ };
+ networking.interfaces.${iface}.ipv6.addresses = [{
+ inherit prefixLength address;
+ }];
+
+ sops.secrets = {
+ "hurricane/username" = {};
+ "hurricane/update_key" = {};
+ "hurricane/tunnel_id" = {};
+ };
+
+ services.pppd.script."02-${iface}" = {
+ runtimeInputs = with pkgs; [ curl coreutils iproute2 ];
+ text = ''
+ wan_ip="$4"
+ username="$(cat ${config.sops.secrets."hurricane/username".path})"
+ update_key="$(cat ${config.sops.secrets."hurricane/update_key".path})"
+ tunnel_id="$(cat ${config.sops.secrets."hurricane/tunnel_id".path})"
+
+ auth_url="https://$username:$update_key@ipv4.tunnelbroker.net/nic/update?hostname=$tunnel_id"
+ until curl --silent "$auth_url"; do
+ sleep 5
+ done
+
+ while [ ! -e /sys/class/net/${iface} ]; do
+ sleep 1 # make sure ${iface} is up
+ done
+
+ ip tunnel change ${iface} local "$wan_ip" mode sit
+ '';
+ };
+}