58 lines
1.4 KiB
Nix
58 lines
1.4 KiB
Nix
{ lib, config, hostName, ... }:
|
|
|
|
let
|
|
hostConf = config.site.hosts.${hostName};
|
|
cfg = hostConf.services.yggdrasil;
|
|
in lib.mkIf cfg.enable {
|
|
networking.firewall.enable = false;
|
|
|
|
boot.postBootCommands = ''
|
|
if [ ! -c /dev/net/tun ]; then
|
|
mkdir -p /dev/net
|
|
mknod -m 666 /dev/net/tun c 10 200
|
|
fi
|
|
'';
|
|
|
|
# Forward traffic under the prefix.
|
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
|
networking.nat = {
|
|
enable = true;
|
|
# Provide NAT66 for everyone with addresses foreign to Yggdrasil
|
|
extraCommands = ''
|
|
ip6tables -t nat -A POSTROUTING ! --src 200::/7 -o ygg -j MASQUERADE
|
|
'';
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /var/lib/yggdrasil 0700 root root -"
|
|
"L+ /var/lib/yggdrasil/keys.json - - - - ${builtins.toFile "keys.json" cfg.keys}"
|
|
];
|
|
|
|
services.yggdrasil = {
|
|
enable = true;
|
|
persistentKeys = true;
|
|
config = {
|
|
IfName = "ygg";
|
|
Peers = # https://publicpeers.neilalexander.dev/
|
|
[
|
|
# czechia
|
|
"tcp://[2a03:3b40:fe:ab::1]:46370" # emery vpsfree.cz
|
|
|
|
# poland
|
|
"tls://[2001:41d0:601:1100::cf2]:11129"
|
|
];
|
|
Listen = [
|
|
"tcp://[::]:1337"
|
|
# Not needed as `sysctl net.ipv6.bindv6only=0` by default
|
|
# "tcp://0.0.0.0:1337"
|
|
];
|
|
NodeInfo = {
|
|
# This information is visible to the network.
|
|
name = "y.c3d2.de";
|
|
location = "Dresden";
|
|
email = "ehmry@c3d2.de";
|
|
};
|
|
};
|
|
};
|
|
}
|