2020-05-29 21:00:30 +00:00
|
|
|
{ lib, ... }:
|
2020-01-04 22:16:31 +00:00
|
|
|
|
|
|
|
|
let
|
2020-04-28 13:22:01 +00:00
|
|
|
vars = import ./lib/vars.nix;
|
2020-01-04 22:16:31 +00:00
|
|
|
|
2020-01-24 17:10:03 +00:00
|
|
|
# Produces the configuration for a LAN interface.
|
|
|
|
|
mkInterface = (ifi: {
|
|
|
|
|
ipv4.addresses = [{
|
|
|
|
|
address = "${ifi.ipv4}";
|
|
|
|
|
prefixLength = 24;
|
|
|
|
|
}];
|
|
|
|
|
ipv6.addresses = [
|
|
|
|
|
{
|
|
|
|
|
address = "${ifi.ipv6.lla}";
|
|
|
|
|
prefixLength = 64;
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
address = "${ifi.ipv6.ula}";
|
|
|
|
|
prefixLength = 64;
|
|
|
|
|
}
|
|
|
|
|
];
|
2020-04-21 20:35:30 +00:00
|
|
|
tempAddress = "disabled";
|
2020-01-24 17:10:03 +00:00
|
|
|
});
|
|
|
|
|
|
2020-05-29 21:00:30 +00:00
|
|
|
mkPeer = (peer: {
|
|
|
|
|
publicKey = peer.public_key;
|
|
|
|
|
allowedIPs = peer.allowed_ips;
|
|
|
|
|
});
|
|
|
|
|
|
2020-01-04 22:16:31 +00:00
|
|
|
in {
|
|
|
|
|
# LAN interface.
|
|
|
|
|
networking = {
|
|
|
|
|
hostName = "routnerr-2";
|
2020-04-28 12:51:24 +00:00
|
|
|
nameservers = with vars.localhost; [ "${ipv4}" "${ipv6}" ];
|
2020-01-04 22:16:31 +00:00
|
|
|
|
|
|
|
|
dhcpcd = {
|
|
|
|
|
enable = true;
|
|
|
|
|
# Do not remove interface configuration on shutdown.
|
|
|
|
|
persistent = true;
|
2020-04-28 12:51:24 +00:00
|
|
|
allowInterfaces = [ "${vars.interfaces.wan0.name}" ];
|
|
|
|
|
extraConfig = with vars.interfaces; ''
|
2020-01-04 22:16:31 +00:00
|
|
|
noipv6rs
|
|
|
|
|
interface ${wan0.name}
|
|
|
|
|
ipv6rs
|
|
|
|
|
# DHCPv6-PD.
|
|
|
|
|
ia_na 0
|
2020-06-23 02:15:44 +00:00
|
|
|
ia_pd 1/::/56 ${enp2s0.name}/0/64 ${lab0.name}/2/64 ${guest0.name}/9/64 ${lan0.name}/10/64 ${corp0.name}/30/64 ${iot0.name}/66/64 ${tengb0.name}/110/64
|
2020-01-04 22:16:31 +00:00
|
|
|
|
|
|
|
|
# IPv4 DHCP ISP settings overrides.
|
|
|
|
|
static domain_name_servers=${vars.localhost.ipv4}
|
|
|
|
|
static domain_search=
|
|
|
|
|
static domain_name=
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2020-06-23 01:59:48 +00:00
|
|
|
iproute2 = {
|
|
|
|
|
enable = true;
|
|
|
|
|
rttablesExtraConfig = ''
|
|
|
|
|
10 wwan0
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-28 12:51:24 +00:00
|
|
|
interfaces = with vars.interfaces; {
|
2020-05-24 14:20:45 +00:00
|
|
|
${enp2s0.name} = mkInterface enp2s0;
|
2020-01-24 17:10:03 +00:00
|
|
|
${lan0.name} = mkInterface lan0;
|
2020-06-14 18:51:12 +00:00
|
|
|
${corp0.name} = mkInterface corp0;
|
2020-01-24 17:10:03 +00:00
|
|
|
${lab0.name} = mkInterface lab0;
|
|
|
|
|
${guest0.name} = mkInterface guest0;
|
|
|
|
|
${iot0.name} = mkInterface iot0;
|
2020-05-24 16:30:08 +00:00
|
|
|
${tengb0.name} = mkInterface tengb0;
|
2020-06-23 01:59:48 +00:00
|
|
|
"backup0" = {
|
|
|
|
|
ipv4.addresses = [{
|
|
|
|
|
address = "192.168.40.1";
|
|
|
|
|
prefixLength = 24;
|
|
|
|
|
}];
|
|
|
|
|
tempAddress = "disabled";
|
|
|
|
|
};
|
2020-01-04 22:16:31 +00:00
|
|
|
};
|
|
|
|
|
|
2020-04-28 12:51:24 +00:00
|
|
|
vlans = with vars.interfaces; {
|
2020-01-04 22:16:31 +00:00
|
|
|
${lab0.name} = {
|
|
|
|
|
id = 2;
|
2020-05-24 14:20:45 +00:00
|
|
|
interface = "${enp2s0.name}";
|
2020-01-04 22:16:31 +00:00
|
|
|
};
|
|
|
|
|
${guest0.name} = {
|
|
|
|
|
id = 9;
|
2020-05-24 14:20:45 +00:00
|
|
|
interface = "${enp2s0.name}";
|
|
|
|
|
};
|
|
|
|
|
${lan0.name} = {
|
|
|
|
|
id = 10;
|
|
|
|
|
interface = "${enp2s0.name}";
|
2020-06-14 18:51:12 +00:00
|
|
|
};
|
|
|
|
|
${corp0.name} = {
|
|
|
|
|
id = 30;
|
|
|
|
|
interface = "${enp2s0.name}";
|
2020-06-23 01:59:48 +00:00
|
|
|
};
|
|
|
|
|
"backup0" = {
|
|
|
|
|
id = 40;
|
|
|
|
|
interface = "${enp2s0.name}";
|
2020-01-04 22:16:31 +00:00
|
|
|
};
|
|
|
|
|
${iot0.name} = {
|
|
|
|
|
id = 66;
|
2020-05-24 14:20:45 +00:00
|
|
|
interface = "${enp2s0.name}";
|
2020-01-04 22:16:31 +00:00
|
|
|
};
|
2020-05-24 16:30:08 +00:00
|
|
|
${tengb0.name} = {
|
|
|
|
|
id = 100;
|
|
|
|
|
interface = "${enp2s0.name}";
|
|
|
|
|
};
|
2020-01-04 22:16:31 +00:00
|
|
|
};
|
|
|
|
|
|
2020-05-29 21:00:30 +00:00
|
|
|
wireguard = with vars.wireguard; {
|
2020-01-04 22:16:31 +00:00
|
|
|
enable = true;
|
|
|
|
|
interfaces = {
|
2020-04-28 12:51:24 +00:00
|
|
|
${name} = {
|
2020-01-04 22:16:31 +00:00
|
|
|
listenPort = 51820;
|
2020-05-29 21:15:06 +00:00
|
|
|
ips = with subnet; [
|
|
|
|
|
"${ipv4}"
|
|
|
|
|
"${ipv6.gua}"
|
|
|
|
|
"${ipv6.ula}"
|
|
|
|
|
"${ipv6.lla}"
|
|
|
|
|
];
|
2020-04-28 12:51:24 +00:00
|
|
|
privateKeyFile = "/var/lib/wireguard/${name}.key";
|
2020-05-29 21:00:30 +00:00
|
|
|
peers = lib.forEach peers mkPeer;
|
2020-01-04 22:16:31 +00:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nat.enable = false;
|
|
|
|
|
firewall.enable = false;
|
|
|
|
|
};
|
2020-04-30 22:42:04 +00:00
|
|
|
|
|
|
|
|
# Enable Prometheus exporter and set up peer key/name mappings.
|
|
|
|
|
# TODO: nixify the configuration.
|
|
|
|
|
services.wireguard_exporter = {
|
|
|
|
|
enable = true;
|
|
|
|
|
config = ''
|
2020-05-29 21:15:06 +00:00
|
|
|
${lib.concatMapStrings (peer: ''
|
|
|
|
|
[[peer]]
|
|
|
|
|
public_key = "${peer.public_key}"
|
|
|
|
|
name = "${peer.name}"
|
|
|
|
|
'') vars.wireguard.peers}
|
2020-04-30 22:42:04 +00:00
|
|
|
'';
|
|
|
|
|
};
|
2020-01-04 22:16:31 +00:00
|
|
|
}
|
