2021-03-04 01:45:29 +01:00
|
|
|
{ pkgs, lib, config, hostRegistry, ... }:
|
2021-03-03 16:20:17 +01:00
|
|
|
|
|
|
|
let
|
2021-03-04 01:45:29 +01:00
|
|
|
host = hostRegistry.hosts.yggdrasil;
|
|
|
|
yggAddress = host.ygg;
|
2021-03-03 16:20:17 +01:00
|
|
|
yggPrefix = "301:4561:bb58:4dac"; # 301:4561:bb58:4dac::/64
|
|
|
|
# taken from the output of "yggdrasilctl getself".
|
2021-03-03 23:50:11 +01:00
|
|
|
port = 46823;
|
2021-03-03 16:20:17 +01:00
|
|
|
in {
|
|
|
|
|
|
|
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
|
|
|
# Forward traffic under the prefix.
|
|
|
|
|
|
|
|
boot.postBootCommands = ''
|
|
|
|
if [ ! -c /dev/net/tun ]; then
|
|
|
|
mkdir -p /dev/net
|
|
|
|
mknod -m 666 /dev/net/tun c 10 200
|
|
|
|
fi
|
|
|
|
'';
|
|
|
|
|
|
|
|
c3d2 = { isInHq = true; };
|
|
|
|
|
2021-03-04 01:45:29 +01:00
|
|
|
networking = {
|
2021-03-03 16:20:17 +01:00
|
|
|
hostName = "yggdrasil";
|
2021-03-03 23:50:11 +01:00
|
|
|
firewall.enable = false;
|
2021-03-04 01:45:29 +01:00
|
|
|
nat = {
|
|
|
|
enable = true;
|
|
|
|
# Provide routing for the house
|
|
|
|
extraCommands = ''
|
|
|
|
ip6tables -t nat -A POSTROUTING ! --src 200::/7 -o ygg -j MASQUERADE
|
|
|
|
'';
|
|
|
|
};
|
2021-03-03 16:20:17 +01:00
|
|
|
defaultGateway = "172.20.72.6";
|
2021-06-02 21:37:18 +02:00
|
|
|
defaultGateway6 = "2a00:8180:2c00:281::c3d2:3";
|
2021-03-04 01:44:39 +01:00
|
|
|
# systemd-networkd breaks setting default routes. so sad.
|
|
|
|
useNetworkd = pkgs.lib.mkForce false;
|
2021-03-03 16:20:17 +01:00
|
|
|
nameservers = [ "172.20.73.8" ];
|
2021-03-04 01:45:29 +01:00
|
|
|
interfaces.core = {
|
|
|
|
mtu = 1500;
|
2021-03-03 16:20:17 +01:00
|
|
|
ipv4 = {
|
|
|
|
addresses = [{
|
|
|
|
address = host.ip4;
|
2021-05-27 01:35:38 +02:00
|
|
|
prefixLength = 25;
|
2021-03-03 16:20:17 +01:00
|
|
|
}];
|
|
|
|
};
|
|
|
|
ipv6 = {
|
|
|
|
addresses = [
|
|
|
|
{
|
|
|
|
address = host.ip6;
|
|
|
|
prefixLength = 64;
|
|
|
|
}
|
2021-03-04 01:45:29 +01:00
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
interfaces.c3d2 = lib.mkForce {
|
|
|
|
ipv6 = {
|
|
|
|
addresses = [
|
2021-03-03 16:20:17 +01:00
|
|
|
{
|
|
|
|
address = yggPrefix + "::1";
|
|
|
|
prefixLength = 64;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.yggdrasil = {
|
|
|
|
enable = true;
|
|
|
|
persistentKeys = true;
|
|
|
|
config = {
|
2021-03-04 01:45:29 +01:00
|
|
|
IfName = "ygg";
|
2021-03-03 23:50:11 +01:00
|
|
|
Listen = [
|
|
|
|
"tcp://[::]:${toString port}"
|
|
|
|
];
|
2021-03-03 16:20:17 +01:00
|
|
|
Peers = [
|
|
|
|
# deutschland
|
|
|
|
"tcp://45.11.19.26:5001"
|
|
|
|
|
|
|
|
# czechia
|
|
|
|
"tcp://[2a03:3b40:fe:ab::1]:46370"
|
|
|
|
"tcp://[2a05:9403::8b]:7743"
|
|
|
|
|
|
|
|
# polen
|
|
|
|
"tcp://[2001:41d0:601:1100::cf2]:37145"
|
|
|
|
];
|
|
|
|
NodeInfo = {
|
|
|
|
# This information is visible to the network.
|
|
|
|
name = "y.c3d2.de";
|
|
|
|
location = "Dresden";
|
|
|
|
email = "ehmry@c3d2.de";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2021-03-04 01:45:29 +01:00
|
|
|
# Get routes on the core network, advertise Yggdrasil routes to ZW core
|
|
|
|
services.bird2 = {
|
|
|
|
enable = true;
|
|
|
|
config = ''
|
|
|
|
protocol kernel K4 {
|
|
|
|
ipv4 {
|
|
|
|
export all;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
protocol kernel K6 {
|
|
|
|
ipv6 {
|
|
|
|
export all;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
protocol device {
|
|
|
|
scan time 10;
|
|
|
|
}
|
|
|
|
|
2021-04-04 21:11:21 +02:00
|
|
|
# protocol radv {
|
|
|
|
# interface "c3d2" {
|
|
|
|
# min ra interval 10;
|
|
|
|
# max ra interval 60;
|
|
|
|
# prefix ${yggPrefix}/64 {
|
|
|
|
# preferred lifetime 20;
|
|
|
|
# valid lifetime 60;
|
|
|
|
# };
|
|
|
|
# };
|
|
|
|
# }
|
2021-03-04 01:45:29 +01:00
|
|
|
|
|
|
|
protocol ospf v2 ZW4 {
|
|
|
|
area 0 {
|
|
|
|
interface "core" {
|
|
|
|
authentication cryptographic;
|
|
|
|
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
protocol ospf v3 ZW6 {
|
|
|
|
area 0 {
|
|
|
|
networks {
|
|
|
|
fd23:42:c3d2:500::/56;
|
|
|
|
2a02:8106:208:5200::/56;
|
|
|
|
2a02:8106:211:e900::/56;
|
|
|
|
};
|
|
|
|
stubnet 200::/7 {};
|
|
|
|
interface "core" {};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
router id ${host.ip4};
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2021-03-03 16:20:17 +01:00
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
virtualHosts."y.c3d2.de" = {
|
|
|
|
default = true;
|
|
|
|
locations."/".proxyPass = "https://c3d2.de";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|