Katherina Walshe-Grey
07c49c3d37
Includes a workaround for https://github.com/NixOS/nixpkgs/issues/375960
49 lines
1.3 KiB
Nix
49 lines
1.3 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
systemd.network.enable = true;
|
|
networking.useDHCP = false;
|
|
|
|
systemd.network.networks."10-wan" = {
|
|
matchConfig.Name = "enp1s0f1";
|
|
networkConfig = {
|
|
DHCP = "ipv4";
|
|
IPv6AcceptRA = true;
|
|
Tunnel = "sit-he-ipv6";
|
|
};
|
|
linkConfig.RequiredForOnline = "routable";
|
|
};
|
|
|
|
systemd.network.netdevs."25-he-ipv6" = {
|
|
netdevConfig = {
|
|
Name = "sit-he-ipv6";
|
|
Kind = "sit";
|
|
Description = "Hurricane Electric IPv6 Tunnel";
|
|
MTUBytes = 1480;
|
|
};
|
|
|
|
tunnelConfig = {
|
|
Remote = "216.66.88.98";
|
|
TTL = 255;
|
|
};
|
|
};
|
|
|
|
systemd.network.networks."25-he-ipv6" = {
|
|
matchConfig.Name = "sit-he-ipv6";
|
|
networkConfig.Address = [ "2001:470:1f1c:3e::2/64" ];
|
|
routes = [{ Destination = [ "::/0" ]; }];
|
|
};
|
|
|
|
birdsong.peering = {
|
|
enable = true;
|
|
privateKeyFile = "/etc/wireguard/privatekey";
|
|
persistentKeepalive = 29;
|
|
};
|
|
|
|
# restricted to fit within the 6in4 tunnel
|
|
systemd.network.netdevs."30-birdsong".netdevConfig.MTUBytes = 1280;
|
|
# these two lines work around this bug: https://github.com/NixOS/nixpkgs/issues/375960
|
|
systemd.network.netdevs."30-birdsong".netdevConfig.Kind = "wireguard";
|
|
systemd.network.netdevs."30-birdsong".netdevConfig.Name = "wg-birdsong";
|
|
}
|