From 220732df77e7533e77421df7c1d8195dc6d0cdae Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Sat, 28 Oct 2023 22:58:37 +0530 Subject: kay/network: refactor --- hosts/kay/modules/network.nix | 43 ++++++++++++++++++++--------------------- hosts/kay/modules/router.nix | 6 ++++-- hosts/kay/modules/wireguard.nix | 4 ++-- 3 files changed, 27 insertions(+), 26 deletions(-) (limited to 'hosts') diff --git a/hosts/kay/modules/network.nix b/hosts/kay/modules/network.nix index 12788c6..95832d8 100644 --- a/hosts/kay/modules/network.nix +++ b/hosts/kay/modules/network.nix @@ -3,14 +3,11 @@ let inetVlan = 722; wanInterface = "enp4s0"; - domain = config.userdata.domain; nameServer = "1.0.0.1"; + domain = config.userdata.domain; in { - imports = [ - ./wireguard.nix - ./router.nix - ]; + imports = [ ./router.nix ]; sops.secrets = { "ppp/chap-secrets" = {}; @@ -20,7 +17,6 @@ in }; networking = { - enableIPv6 = false; vlans.wan = { id = inetVlan; interface = wanInterface; @@ -33,34 +29,37 @@ in settings.server = [ nameServer ]; }; pppd = { - secret = { - chap = config.sops.secrets."ppp/chap-secrets".path; - pap = config.sops.secrets."ppp/pap-secrets".path; - }; enable = true; config = '' plugin pppoe.so nic-wan defaultroute + persist + mtu 1380 noauth + noipv6 ''; - script."01-ddns" = { - runtimeInputs = with pkgs; [ curl coreutils ]; - text = '' - wan_ip="$4" - api_key="$(cat ${config.sops.secrets."misc/namecheap.com".path})" - auth_url="https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password=''${api_key}&ip=" - - until curl --silent "$auth_url$wan_ip"; do - sleep 5 - done - ''; - }; peers.bsnl = { enable = true; autostart = true; configFile = config.sops.secrets."ppp/username".path; }; + secret = { + chap = config.sops.secrets."ppp/chap-secrets".path; + pap = config.sops.secrets."ppp/pap-secrets".path; + }; + script."01-ddns" = { + runtimeInputs = with pkgs; [ curl coreutils ]; + text = '' + wan_ip="$4" + api_key="$(cat ${config.sops.secrets."misc/namecheap.com".path})" + auth_url="https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password=''${api_key}&ip=" + + until curl --silent "$auth_url$wan_ip"; do + sleep 5 + done + ''; + }; }; }; } diff --git a/hosts/kay/modules/router.nix b/hosts/kay/modules/router.nix index cf748ce..cc9aaae 100644 --- a/hosts/kay/modules/router.nix +++ b/hosts/kay/modules/router.nix @@ -1,15 +1,17 @@ { ... }: let - lanInterface = "enp4s0"; + lanInterface = "enp0s20u1"; wanInterface = "ppp0"; subnet = "10.0.0.0"; prefix = 24; host = "10.0.0.1"; leaseRangeStart = "10.0.0.100"; - leaseRangeEnd = "10.0.0.240"; + leaseRangeEnd = "10.0.0.254"; in { + imports = [ ./wireguard.nix ]; + networking = { nat = { enable = true; diff --git a/hosts/kay/modules/wireguard.nix b/hosts/kay/modules/wireguard.nix index efafdcb..af489ca 100644 --- a/hosts/kay/modules/wireguard.nix +++ b/hosts/kay/modules/wireguard.nix @@ -26,7 +26,7 @@ in wireguard.interfaces.${wgInterface} = { ips = [ "10.0.1.1/${toString prefix}" ]; listenPort = port; - mtu = 1380; # 1460 (ppp0) - 80 + mtu = 1300; # 1380 (ppp0) - 80 privateKeyFile = config.sops.secrets."misc/wireguard".path; peers = [ @@ -34,7 +34,7 @@ in publicKey = "IcMpAs/D0u8O/AcDBPC7pFUYSeFQXQpTqHpGOeVpjS8="; allowedIPs = [ "10.0.1.2/32" ]; } - { # veu + { # vex publicKey = "bJ9aqGYD2Jh4MtWIL7q3XxVHFuUdwGJwO8p7H3nNPj8="; allowedIPs = [ "10.0.1.3/32" ]; } -- cgit v1.2.3