nixos: Production network configuration

2022-07-01 01:02:55 +01:00 · 2022-07-01 01:02:55 +01:00 · 4fd6330274
commit 4fd6330274
parent a92358f28b
3 changed files with 22 additions and 16 deletions
--- a/lib/default.nix
+++ b/lib/default.nix
@ -181,7 +181,7 @@ rec {
    start = {
      all = {
        v4 = "10.100.";
-        v6 = "2a0e:97c0:4d0:ccc";
+        v6 = "2a0e:97c0:4d1:1";
      };
      base = {
        v4 = "${start.all.v4}0.";
--- a/nixos/boxes/colony/vms/estuary/default.nix
+++ b/nixos/boxes/colony/vms/estuary/default.nix
@ -10,13 +10,16 @@
        altNames = [ "fw" ];
        domain = lib.my.colony.domain;
        ipv4 = {
-          address = "188.141.14.136";
-          gateway = null;
+          address = "212.83.51.97";
+          mask = 24;
+          gateway = "212.83.51.1";
          genPTR = false;
        };
        ipv6 = {
-          address = "2a0e:97c0:4d0:cccf::1";
-          gateway = "fe80::215:17ff:fe4b:494a";
+          address = "2a00:f48:103:2::10";
+          mask = 64;
+          gateway = "2a00:f48:103:2::1";
+          genPTR = false;
        };
      };
      base = {
@ -71,10 +74,15 @@

            systemd.network = {
              links = {
-                "10-wan" = {
+                "10-phy1g0" = {
                  matchConfig.MACAddress = "d0:50:99:fa:a7:99";
+                  linkConfig.Name = "phy1g0";
+                };
+                "10-wan" = {
+                  matchConfig.MACAddress = "00:02:c9:56:24:6e";
                  linkConfig.Name = "wan";
                };
+
                "10-base" = {
                  matchConfig.MACAddress = "52:54:00:15:1a:53";
                  linkConfig.Name = "base";
@ -84,16 +92,14 @@
              networks = {
                "80-wan" = {
                  matchConfig.Name = "wan";
-                  DHCP = "ipv4";
-                  dhcpV4Config = {
-                    UseDNS = false;
-                    UseHostname = false;
-                  };
-                  address = [
-                    (with assignments.internal.ipv6; "${address}/${toString mask}")
+                  DHCP = "no";
+                  address = with assignments.internal; [
+                    (with ipv4; "${address}/${toString mask}")
+                    (with ipv6; "${address}/${toString mask}")
                  ];
-                  gateway = [
-                    assignments.internal.ipv6.gateway
+                  gateway = with assignments.internal; [
+                    ipv4.gateway
+                    ipv6.gateway
                  ];
                  networkConfig.IPv6AcceptRA = false;
                };
--- a/nixos/boxes/colony/vms/estuary/dns.nix
+++ b/nixos/boxes/colony/vms/estuary/dns.nix
@ -7,7 +7,7 @@ let
  ptrDots = 2;
  reverseZone = "100.10.in-addr.arpa";
  ptrDots6 = 17;
-  reverseZone6 = "c.c.c.0.d.4.0.0.c.7.9.e.0.a.2.ip6.arpa";
+  reverseZone6 = "1.0.0.1.d.4.0.0.c.7.9.e.0.a.2.ip6.arpa";

  authZones = attrNames config.my.pdns.auth.bind.zones;
 in