mdlayher-homelab/nixos/routnerr-3/corerad.nix

{ lib, ... }:

let
  unstable = import <nixos-unstable-small> { };
  vars = import ./lib/vars.nix;

in {
  services.corerad = {
    enable = true;

    # Enable as necessary to get development builds of CoreRAD.
    package = unstable.corerad;

    settings = with vars.interfaces; {
      # Base non-interface configuration.
      debug = {
        # No risk exposing these off-host because of the WAN firewall.
        address = ":9430";
        prometheus = true;
        pprof = true;
      };

      interfaces =
        # Upstream monitoring interfaces.
        [{
          # Spectrum, Metronet does not provide IPv6 as of September 2023.
          names = [ "wan0" ];
          monitor = true;
        }]

        # Downstream advertising interfaces.
        ++ lib.forEach [ mgmt0 lab0 lan0 guest0 iot0 ] (ifi:
          {
            name = ifi.name;
            advertise = true;

            # Configure a higher preference for interfaces with more bandwidth.
            preference = ifi.preference;

            # Advertise all /64 prefixes on the interface.
            prefix = [ { } ];

            # Automatically use the appropriate interface address as a DNS server.
            rdnss = [ { } ];

            # Automatically propagate routes owned by loopback.
            route = [ { } ];
          } // (
            # Configure DNS search on some trusted LANs, or omit otherwise.
            #
            # TODO(mdlayher): probably rename to ifi.trusted.
            if ifi.internal_dns then {
              dnssl = [{ domain_names = [ vars.domain ]; }];
            } else
              { }));
    };
  };
}
nixos: fix nix-linter issues Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-07-08 14:22:48 +00:00			`{ lib, ... }:`
nixos: initial commit of router configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-01-04 22:16:31 +00:00
Revert "nixos/routnerr-2: CoreRAD stable" This reverts commit 315565a0baba63db586fb9217ec137fd9eea6334. 2023-04-30 22:17:22 +00:00			`let`
			`unstable = import <nixos-unstable-small> { };`
			`vars = import ./lib/vars.nix;`
nixos: initial commit of router configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-01-04 22:16:31 +00:00
			`in {`
			`services.corerad = {`
			`enable = true;`
nixos/routnerr-2: move back to unstable CoreRAD Signed-off-by: Matt Layher <mdlayher@gmail.com> 2021-01-03 14:06:02 +00:00
Revert "nixos/routnerr-2: CoreRAD stable" This reverts commit 315565a0baba63db586fb9217ec137fd9eea6334. 2023-04-30 22:17:22 +00:00			`# Enable as necessary to get development builds of CoreRAD.`
			`package = unstable.corerad;`

nixos/routnerr-2: use settings attribute list to configure CoreRAD Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-06-14 17:53:48 +00:00			`settings = with vars.interfaces; {`
			`# Base non-interface configuration.`
			`debug = {`
			`# No risk exposing these off-host because of the WAN firewall.`
			`address = ":9430";`
			`prometheus = true;`
			`pprof = true;`
			`};`

			`interfaces =`
			`# Upstream monitoring interfaces.`
nixos/routnerr-3: WAN simplifications 2023-09-15 19:12:31 +00:00			`[{`
			`# Spectrum, Metronet does not provide IPv6 as of September 2023.`
			`names = [ "wan0" ];`
nixos/routnerr-2: use settings attribute list to configure CoreRAD Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-06-14 17:53:48 +00:00			`monitor = true;`
nixos/routnerr-3: WAN simplifications 2023-09-15 19:12:31 +00:00			`}]`
nixos/routnerr-2: use settings attribute list to configure CoreRAD Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-06-14 17:53:48 +00:00
			`# Downstream advertising interfaces.`
nixos/routnerr-2: initial switch to systemd-networkd Signed-off-by: Matt Layher <mdlayher@gmail.com> 2022-03-02 15:30:10 +00:00			`++ lib.forEach [ mgmt0 lab0 lan0 guest0 iot0 ] (ifi:`
nixos/routnerr-2: fix CoreRAD optional DNSSL per interface expression 2021-06-30 11:20:31 +00:00			`{`
			`name = ifi.name;`
			`advertise = true;`

			`# Configure a higher preference for interfaces with more bandwidth.`
			`preference = ifi.preference;`

			`# Advertise all /64 prefixes on the interface.`
nixos/routnerr-2: regenerate hardware config and nixfmt Signed-off-by: Matt Layher <mdlayher@gmail.com> 2022-02-01 02:23:06 +00:00			`prefix = [ { } ];`
nixos/routnerr-2: fix CoreRAD optional DNSSL per interface expression 2021-06-30 11:20:31 +00:00
			`# Automatically use the appropriate interface address as a DNS server.`
nixos/routnerr-2: regenerate hardware config and nixfmt Signed-off-by: Matt Layher <mdlayher@gmail.com> 2022-02-01 02:23:06 +00:00			`rdnss = [ { } ];`
nixos/routnerr-2: CoreRAD automatic routes 2022-03-21 12:47:33 +00:00
			`# Automatically propagate routes owned by loopback.`
			`route = [ { } ];`
nixos/routnerr-2: fix CoreRAD optional DNSSL per interface expression 2021-06-30 11:20:31 +00:00			`} // (`
			`# Configure DNS search on some trusted LANs, or omit otherwise.`
nixos/routnerr-2: advertise ULA /48 unreachable route 2022-03-10 14:17:58 +00:00			`#`
			`# TODO(mdlayher): probably rename to ifi.trusted.`
nixos/routnerr-2: fix CoreRAD optional DNSSL per interface expression 2021-06-30 11:20:31 +00:00			`if ifi.internal_dns then {`
			`dnssl = [{ domain_names = [ vars.domain ]; }];`
			`} else`
			`{ }));`
nixos/routnerr-2: use settings attribute list to configure CoreRAD Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-06-14 17:53:48 +00:00			`};`
nixos: initial commit of router configuration Signed-off-by: Matt Layher <mdlayher@gmail.com> 2020-01-04 22:16:31 +00:00			`};`
			`}`