Intra-AS211024 routing

2023-12-20 01:30:27 +00:00
parent 21136e98b2
commit 68bf705e85
6 changed files with 63 additions and 10 deletions
--- a/nixos/boxes/britway/default.nix
+++ b/nixos/boxes/britway/default.nix
@@ -83,6 +83,10 @@ in
            networking = { inherit domain; };

            systemd.network = {
+              config = {
+                routeTables.ts-extra = 1337;
+              };
+
              links = {
                "10-veth0" = {
                  matchConfig.PermanentMACAddress = "56:00:04:ac:6e:06";
@@ -94,7 +98,7 @@ in
                "20-veth0" = mkMerge [
                  (networkdAssignment "veth0" assignments.vultr)
                  {
-                    address = [ assignedV6 ];
+                    address = [ "${assignedV6}/64" ];
                  }
                ];
                "90-l2mesh-as211024" = mkMerge [
@@ -111,6 +115,20 @@ in
                        Destination = lib.my.c.home.prefixes.all.v4;
                        Gateway = lib.my.c.home.vips.as211024.v4;
                      }
+
+                      {
+                        # Just when routing traffic from Tailscale nodes, otherwise use WAN
+                        Destination = lib.my.c.colony.prefixes.all.v6;
+                        Gateway = allAssignments.estuary.as211024.ipv6.address;
+                        Table = "ts-extra";
+                      }
+                    ];
+                    routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
+                      {
+                        IncomingInterface = "tailscale0";
+                        To = lib.my.c.colony.prefixes.all.v6;
+                        Table = "ts-extra";
+                      }
                    ];
                  }
                ];
@@ -138,8 +156,6 @@ in
                    chain postrouting {
                      iifname tailscale0 oifname veth0 snat ip to ${assignments.vultr.ipv4.address}
                      iifname tailscale0 oifname veth0 snat ip6 to ${assignments.vultr.ipv6.address}
-                      iifname tailscale0 oifname as211024 snat ip to ${assignments.as211024.ipv4.address}
-                      iifname tailscale0 oifname as211024 snat ip6 to ${assignments.as211024.ipv6.address}
                    }
                  }
                '';
--- a/nixos/boxes/britway/tailscale.nix
+++ b/nixos/boxes/britway/tailscale.nix
@@ -43,10 +43,7 @@ in
          db_type = "sqlite3";
          db_path = "/var/lib/headscale/db.sqlite3";
          noise.private_key_path = "/var/lib/headscale/noise_private.key";
-          ip_prefixes = [
-            "100.64.0.0/10"
-            "fd7a:115c:a1e0::/48"
-          ];
+          ip_prefixes = with lib.my.c.tailscale.prefix; [ v4 v6 ];
          dns_config = {
            domains = [
              domain