mirror of
https://github.com/mdlayher/homelab.git
synced 2024-12-14 11:47:32 +00:00
52 lines
1.4 KiB
Nix
52 lines
1.4 KiB
Nix
{ lib, ... }:
|
|
|
|
let vars = import ./lib/vars.nix;
|
|
|
|
in {
|
|
services.corerad = {
|
|
enable = true;
|
|
|
|
settings = with vars.interfaces; {
|
|
# Base non-interface configuration.
|
|
debug = {
|
|
# No risk exposing these off-host because of the WAN firewall.
|
|
address = ":9430";
|
|
prometheus = true;
|
|
pprof = true;
|
|
};
|
|
|
|
interfaces =
|
|
# Upstream monitoring interfaces.
|
|
lib.forEach [ wan0 ] (ifi: {
|
|
name = ifi.name;
|
|
monitor = true;
|
|
})
|
|
|
|
# Downstream advertising interfaces.
|
|
++ lib.forEach [ mgmt0 lab0 lan0 guest0 iot0 ] (ifi:
|
|
{
|
|
name = ifi.name;
|
|
advertise = true;
|
|
|
|
# Configure a higher preference for interfaces with more bandwidth.
|
|
preference = ifi.preference;
|
|
|
|
# Advertise all /64 prefixes on the interface.
|
|
prefix = [ { } ];
|
|
|
|
# Automatically use the appropriate interface address as a DNS server.
|
|
rdnss = [ { } ];
|
|
|
|
# Automatically propagate routes owned by loopback.
|
|
route = [ { } ];
|
|
} // (
|
|
# Configure DNS search on some trusted LANs, or omit otherwise.
|
|
#
|
|
# TODO(mdlayher): probably rename to ifi.trusted.
|
|
if ifi.internal_dns then {
|
|
dnssl = [{ domain_names = [ vars.domain ]; }];
|
|
} else
|
|
{ }));
|
|
};
|
|
};
|
|
}
|