2020-07-08 14:22:48 +00:00
|
|
|
{ lib, ... }:
|
2020-01-04 22:16:31 +00:00
|
|
|
|
2022-03-01 15:40:06 +00:00
|
|
|
let vars = import ./lib/vars.nix;
|
2020-01-04 22:16:31 +00:00
|
|
|
|
|
|
|
|
in {
|
|
|
|
|
services.corerad = {
|
|
|
|
|
enable = true;
|
2021-01-03 14:06:02 +00:00
|
|
|
|
2022-01-09 17:14:36 +00:00
|
|
|
# Enable as necessary to get development builds of CoreRAD.
|
2022-03-01 15:40:06 +00:00
|
|
|
# package = unstable.corerad;
|
2021-06-28 17:03:51 +00:00
|
|
|
|
2020-06-14 17:53:48 +00:00
|
|
|
settings = with vars.interfaces; {
|
|
|
|
|
# Base non-interface configuration.
|
|
|
|
|
debug = {
|
|
|
|
|
# No risk exposing these off-host because of the WAN firewall.
|
|
|
|
|
address = ":9430";
|
|
|
|
|
prometheus = true;
|
|
|
|
|
pprof = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
interfaces =
|
|
|
|
|
# Upstream monitoring interfaces.
|
|
|
|
|
lib.forEach [ wan0 ] (ifi: {
|
|
|
|
|
name = ifi.name;
|
|
|
|
|
monitor = true;
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
# Downstream advertising interfaces.
|
2021-07-30 15:25:04 +00:00
|
|
|
++ lib.forEach [ enp2s0 lab0 lan0 guest0 iot0 ] (ifi:
|
2021-06-30 11:20:31 +00:00
|
|
|
{
|
|
|
|
|
name = ifi.name;
|
|
|
|
|
advertise = true;
|
|
|
|
|
|
|
|
|
|
# Configure a higher preference for interfaces with more bandwidth.
|
|
|
|
|
preference = ifi.preference;
|
|
|
|
|
|
|
|
|
|
# Advertise all /64 prefixes on the interface.
|
2022-02-01 02:23:06 +00:00
|
|
|
prefix = [ { } ];
|
2021-06-30 11:20:31 +00:00
|
|
|
|
|
|
|
|
# Automatically use the appropriate interface address as a DNS server.
|
2022-02-01 02:23:06 +00:00
|
|
|
rdnss = [ { } ];
|
2021-06-30 11:20:31 +00:00
|
|
|
} // (
|
|
|
|
|
# Configure DNS search on some trusted LANs, or omit otherwise.
|
|
|
|
|
if ifi.internal_dns then {
|
|
|
|
|
dnssl = [{ domain_names = [ vars.domain ]; }];
|
|
|
|
|
} else
|
|
|
|
|
{ }));
|
2020-06-14 17:53:48 +00:00
|
|
|
};
|
2020-01-04 22:16:31 +00:00
|
|
|
};
|
|
|
|
|
}
|
