nixos/routnerr-2: advertise ULA /48 unreachable route

2024-12-14 11:47:32 +00:00 · 2022-03-10 09:17:58 -05:00 · 2022-03-10 09:17:58 -05:00 · 0272a09c8b
commit 0272a09c8b
parent e4b7f42af4
2 changed files with 20 additions and 0 deletions
--- a/nixos/routnerr-2/corerad.nix
+++ b/nixos/routnerr-2/corerad.nix
@ -41,8 +41,15 @@ in {
            rdnss = [ { } ];
          } // (
            # Configure DNS search on some trusted LANs, or omit otherwise.
+            #
+            # TODO(mdlayher): probably rename to ifi.trusted.
            if ifi.internal_dns then {
              dnssl = [{ domain_names = [ vars.domain ]; }];
+
+              # This router owns the ULA /48.
+              #
+              # TODO(mdlayher): ::/N wildcard syntax.
+              route = [{ prefix = "fd9e:1a04:f01d::/48"; }];
            } else
              { }));
    };
--- a/nixos/routnerr-2/networking.nix
+++ b/nixos/routnerr-2/networking.nix
@ -77,6 +77,19 @@ in {
  systemd.network = {
    enable = true;

+    # Loopback.
+    networks."5-lo" = {
+      matchConfig.Name = "lo";
+      routes = [{
+        # We own the ULA /48, create a blanket unreachable route which will be
+        # superseded by more specific /64s.
+        routeConfig = {
+          Destination = "fd9e:1a04:f01d::/48";
+          Type = "unreachable";
+        };
+      }];
+    };
+
    # Wired WAN.
    links."10-wan0" = ethLink "wan0" "00:0d:b9:53:ea:cc";
    networks."10-wan0" = {