forked from zentralwerk/network
55 lines
1.5 KiB
Nix
55 lines
1.5 KiB
Nix
{ hostName, config, lib, ... }:
|
|
|
|
let
|
|
upstreamInterfaces =
|
|
lib.filterAttrs (_: { upstream, ... }: upstream != null)
|
|
config.site.hosts.${hostName}.interfaces;
|
|
|
|
firstUpstreamInterface =
|
|
if builtins.length (builtins.attrNames upstreamInterfaces) > 0
|
|
then builtins.head (
|
|
builtins.attrNames upstreamInterfaces
|
|
)
|
|
else null;
|
|
|
|
enabled = (firstUpstreamInterface != null);
|
|
in
|
|
{
|
|
systemd.network.networks = {
|
|
core = {
|
|
# systemd-networkd only requests Prefix Delegation via DHCPv6 on
|
|
# the upstream interface if another interface is configured for it.
|
|
# without this, the static ipv6 subnet won't be routed to us.
|
|
extraConfig = ''
|
|
[Network]
|
|
IPv6PrefixDelegation=dhcpv6
|
|
'';
|
|
dhcpV6PrefixDelegationConfig = {
|
|
SubnetId = "81";
|
|
# because we have static addresses, we don't actually use this
|
|
Assign = false;
|
|
};
|
|
};
|
|
} // builtins.mapAttrs (_: { upstream, ... }: {
|
|
DHCP = "yes";
|
|
networkConfig.IPv6AcceptRA = true;
|
|
dhcpV6Config.PrefixDelegationHint = "::/56";
|
|
|
|
# Traffic Shaping
|
|
extraConfig = ''
|
|
[CAKE]
|
|
Parent = root
|
|
# DOCSIS overhead
|
|
OverheadBytes = 18
|
|
Bandwidth = ${toString upstream.upBandwidth}K
|
|
'';
|
|
}) upstreamInterfaces;
|
|
|
|
networking.nat = lib.optionalAttrs enabled {
|
|
enable = true;
|
|
internalInterfaces = [ "core" ];
|
|
externalInterface = firstUpstreamInterface;
|
|
inherit (config.site.hosts.${hostName}) forwardPorts;
|
|
};
|
|
}
|