]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/networking.nix
coturn: install on mermet (for prosody)
[sourcephile-nix.git] / machines / losurdo / networking.nix
1 { pkgs, lib, config, machineName, machines, wireguard, ... }:
2 with builtins;
3 let
4 #lanIPv4 = "192.168.1.215";
5 lanNet = "192.168.1.0/24";
6 #lanIPv4Gateway = "192.168.1.1";
7 in
8 {
9 imports = [
10 networking/nftables.nix
11 networking/ssh.nix
12 networking/wireguard.nix
13 ];
14
15 boot.initrd.network = {
16 enable = true;
17 flushBeforeStage2 = true;
18 # This will automatically load the zfs password prompt on login
19 # and kill the other prompt so boot can continue
20 # The pkill zfs kills the zfs load-key from the console
21 # allowing the boot to continue.
22 postCommands = ''
23 echo >>/root/.profile "zfs load-key ${machineName} && pkill zfs"
24 '';
25 };
26
27 /* WARNING: using ipconfig (the ip= kernel parameter) IS NOT RELIABLE:
28 a 91.216.110.35/32 becomes a 91.216.110.35/8
29 boot.kernelParams = map
30 (ip: "ip=${ip.clientIP}:${ip.serverIP}:${ip.gatewayIP}:${ip.netmask}:${ip.hostname}:${ip.device}:${ip.autoconf}")
31 [ { clientIP = netIPv4; serverIP = "";
32 gatewayIP = networking.defaultGateway.address;
33 netmask = "255.255.255.255";
34 hostname = ""; device = networking.defaultGateway.interface;
35 autoconf = "off";
36 }
37 { clientIP = lanIPv4; serverIP = "";
38 gatewayIP = "";
39 netmask = "255.255.255.0";
40 hostname = ""; device = "enp2s0";
41 autoconf = "off";
42 }
43 ];
44 */
45 /* DIY network config, but a right one */
46 /*
47 boot.initrd.preLVMCommands = ''
48 set -x
49
50 # IPv4 lan
51 ip link set enp5s0 up
52 ip address add ${lanIPv4}/32 dev enp5s0
53 ip route add ${lanIPv4Gateway} dev enp5s0
54 ip route add ${lanNet} dev enp5s0 src ${lanIPv4} proto kernel
55 # NOTE: ${lanIPv4}/24 would not work with initrd's ip, hence ${lanNet}
56 ip route add default via ${lanIPv4Gateway} dev enp5s0
57
58 # IPv6 net
59 #ip -6 address add ''${lanIPv6} dev enp5s0
60 #ip -6 route add ''${lanIPv6Gateway} dev enp5s0
61 #ip -6 route add default via ''${lanIPv6Gateway} dev enp5s0
62
63 ip -4 address
64 ip -4 route
65 #ip -6 address
66 #ip -6 route
67
68 set +x
69
70 # Since boot.initrd.network's preLVMCommands won't set hasNetwork=1
71 # we have to run the postCommands ourselves.
72 ${config.boot.initrd.network.postCommands}
73 '';
74 */
75 # Workaround https://github.com/NixOS/nixpkgs/issues/56822
76 #boot.initrd.kernelModules = [ "ipv6" ];
77
78 # Useless without an out-of-band access, and unsecure
79 # (though / may still be encrypted at this point).
80 # boot.kernelParams = [ "boot.shell_on_fail" ];
81
82 /*
83 # Disable IPv6 entirely until it's available
84 boot.kernel.sysctl = {
85 "net.ipv6.conf.enp5s0.disable_ipv6" = 1;
86 };
87 */
88
89 networking = {
90 hostName = machineName;
91 domain = "sourcephile.fr";
92
93 useDHCP = false;
94 /*
95 defaultGateway = {
96 address = lanIPv4Gateway;
97 interface = "enp5s0";
98 };
99 defaultGateway6 = {
100 address = lanIPv6Gateway;
101 interface = "enp5s0";
102 };
103 */
104 #nameservers = [ ];
105 };
106
107 networking.nftables.ruleset = ''
108 add rule inet filter input iifname "enp5s0" goto net2fw
109 add rule inet filter output oifname "enp5s0" jump fw2net
110 add rule inet filter output oifname "enp5s0" log level warn prefix "fw2net: " counter drop
111 add rule inet filter fw2net ip daddr ${lanNet} counter accept comment "LAN"
112 add rule inet filter fw2net ip daddr 224.0.0.0/4 udp dport 1900 counter accept comment "UPnP"
113 '';
114 networking.interfaces.enp5s0 = {
115 useDHCP = true;
116 #ipv4.addresses = [ { address = lanIPv4; prefixLength = 24; } ];
117 #ipv4.routes = [ { address = networking.defaultGateway.address; prefixLength = 32; } ];
118
119 /*
120 ipv6.addresses = [ { address = lanIPv6; prefixLength = 64; }
121 { address = "fe80::1"; prefixLength = 10; }
122 ];
123 ipv6.routes = [ { address = networking.defaultGateway6.address; prefixLength = 64; } ];
124 */
125 };
126 networking.interfaces.wlp4s0 = {
127 useDHCP = false;
128 };
129 }