diff options
Diffstat (limited to 'modules/router.nix')
| -rw-r--r-- | modules/router.nix | 69 |
1 files changed, 35 insertions, 34 deletions
diff --git a/modules/router.nix b/modules/router.nix index 3bc7dab..e6cbacb 100644 --- a/modules/router.nix +++ b/modules/router.nix @@ -145,7 +145,7 @@ let requires = [ "network-online.target" ]; after = [ "network.target" "network-online.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.iproute ]; + path = [ pkgs.iproute2 ]; script = '' ip -6 rule add from 2001:470:1f06:1194::2 table main priority 19000 suppress_prefixlength 0 || true ip -6 rule add from 2001:470:1f06:1194::2 table he priority 20000 || true @@ -188,37 +188,38 @@ let settings.server = [ "1.1.1.1" "8.8.8.8" "8.8.4.4" ]; resolveLocalQueries = false; - extraConfig = '' - no-resolv - no-hosts - log-debug - - dhcp-authoritative - enable-ra - - address=/localhost/::1 - address=/localhost/127.0.0.1 - - dhcp-range=tag:servers-vport,172.20.20.10,172.20.20.254,5m - dhcp-option=tag:servers-vport,option:router,172.20.20.1 - dhcp-option=tag:servers-vport,option:dns-server,172.20.20.1 - dhcp-range=tag:servers-vport,::,static,constructor:servers-vport,5m - dhcp-host=id:*,tag:servers-vport,172.20.20.2 - dhcp-host=id:00:01:00:01:2e:a3:07:37:d0:bf:9c:45:a6:ec,tag:servers-vport,[::d] - #dhcp-host=tag:servers-vport,id:dragon,::d - - dhcp-range=tag:lan-vport,172.20.100.10,172.20.100.254,5m - dhcp-option=tag:lan-vport,option:router,172.20.100.1 - dhcp-option=tag:lan-vport,option:dns-server,172.20.100.1 - dhcp-range=tag:lan-vport,::2,::1000,constructor:lan-vport,ra-only - - dhcp-range=tag:vpnlan-vport,172.20.30.10,172.20.30.254,5m - dhcp-option=tag:vpnlan-vport,option:router,172.20.30.1 - dhcp-option=tag:vpnlan-vport,option:dns-server,193.138.218.74 - dhcp-range=tag:vpnlan-vport,::2,::1000,constructor:vpnlan-vport,ra-only,5m - dhcp-host=id:00:04:33:32:31:37:37:31:58:4d:32:35:31:37:30:30:4a:44,tag:vpnlan-vport,[::2] - dhcp-host=id:vpn,tag:vpnlan-vport,172.20.30.2 - ''; + settings = { + no-resolv = true; + no-hosts = true; + log-debug = true; + + dhcp-authoritative = true; + enable-ra = true; + + "address" = ["/localhost/::1" "/localhost/127.0.0.1"]; + + dhcp-range = [ + "tag:servers-vport,172.20.20.10,172.20.20.254,5m" + "tag:lan-vport,172.20.100.10,172.20.100.254,5m" + "tag:servers-vport,::,static,constructor:servers-vport,5m" + "tag:lan-vport,::2,::1000,constructor:lan-vport,ra-only" + "tag:vpnlan-vport,172.20.30.10,172.20.30.254,5m" + "tag:vpnlan-vport,::2,::1000,constructor:vpnlan-vport,ra-only,5m"]; + + dhcp-option = [ + "tag:servers-vport,option:router,172.20.20.1" + "tag:servers-vport,option:dns-server,172.20.20.1" + "tag:lan-vport,option:router,172.20.100.1" + "tag:lan-vport,option:dns-server,172.20.100.1" + "tag:vpnlan-vport,option:router,172.20.30.1" + "tag:vpnlan-vport,option:dns-server,193.138.218.74"]; + + + dhcp-host = [ + "id:00:01:00:01:2e:a3:07:37:d0:bf:9c:45:a6:ec,tag:servers-vport,[::d]" + "id:00:04:33:32:31:37:37:31:58:4d:32:35:31:37:30:30:4a:44,tag:vpnlan-vport,[::2]" + "id:vpn,tag:vpnlan-vport,172.20.30.2"]; + }; }; networking.dhcpcd = { @@ -350,7 +351,7 @@ in { description = "router network namespace"; after = ["network-pre.target"]; before = ["network.target" "wireguard-muddvad.service"]; - path = with pkgs; [bash iproute]; + path = with pkgs; [bash iproute2]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; @@ -441,7 +442,7 @@ in { systemd.services.update-dynamic-dns = { description = "Update dynamic dns records"; after = ["container@router.target"]; - path = with pkgs; [ bash dnsutils nettools gawk iproute curl ]; + path = with pkgs; [ bash dnsutils nettools gawk iproute2 curl ]; startLimitIntervalSec = 5; script = toString ../tools/update-dns.sh; }; |