initial commit

hosts/scotty-router/configuration.nix

@@ -0,0 +1,64 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ 
+      ./hardware-configuration.nix
+      ../../common/common.nix
+      ./nat.nix
+      ./dnsmasq.nix
+      ./wireguard.nix
+      ../../common/netdata.nix
+      ../../common/kvm.nix
+    ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  
+  networking.hostName = "router";
+  networking.useDHCP = false;
+  networking.interfaces.ens18.useDHCP = true;
+  networking.interfaces.ens18.ipv6.addresses = [{
+    address = "2001:638:904:ffcb::5";
+    prefixLength = 64;
+  }];
+  networking.interfaces.ens19.ipv4.addresses = [ {
+    address = "10.23.42.1";
+    prefixLength = 24;
+  }];
+  networking.interfaces.ens19.ipv6.addresses = [{
+    address = "2a01:4f8:c010:61dc:200::1";
+    prefixLength = 72;
+  }];
+
+  networking.defaultGateway6 = {
+    address = "fe80::d067:2680:4649:fba6";
+    interface = "ens18";
+  };
+
+  services.radvd = {
+    enable = true;
+    config = ''
+      interface ens19
+      {
+        AdvSendAdvert on;
+        AdvDefaultLifetime 1800;
+        prefix 2a01:4f8:c010:61dc:200::/72 {};
+        AdvSourceLLAddress on;
+        route ::/0 {};
+      };
+    '';
+  };
+
+  /*services.ndppd = {
+    enable = true;
+    proxies."pub0" = {
+      interface = "pub0";
+      rules."2a03:4000:45:5f3:200::/72" = {
+        method = "iface";
+        interface = "ens19";
+      };
+    };
+  };*/
+
+}

hosts/scotty-router/dnsmasq.nix

@@ -0,0 +1,24 @@
+{ config, pkgs, ...}:
+
+{
+    networking.firewall.allowedTCPPorts = [ 53 ];
+    networking.firewall.allowedUDPPorts = [ 67 ];
+    services.dnsmasq = {
+        enable = true;
+        resolveLocalQueries = true;
+        servers = [ "141.24.40.3" "141.24.40.4" ];
+        extraConfig = ''
+            domain-needed
+            bogus-priv
+            interface=ens19
+            expand-hosts
+            domain=gari
+            dhcp-range=10.23.42.50,10.23.42.200,12h
+            dhcp-option=3,10.23.42.1
+            dhcp-lease-max=150
+            dhcp-rapid-commit
+            listen-address=127.0.0.1
+            listen-address=10.23.42.1
+        '';
+    };
+} 

hosts/scotty-router/hardware-configuration.nix

@@ -0,0 +1,30 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/afd88905-a070-4032-a1a2-9c2b9c289220";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/2CFD-B740";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/f500aa6c-0971-429a-a651-1d7fed0d8101"; }
+    ];
+
+}

hosts/scotty-router/nat.nix

@@ -0,0 +1,10 @@
+{ config, pkgs, ...}:
+
+{
+  networking.nat = {
+    enable = true;
+    extraCommands = "iptables -A INPUT -p icmp -j ACCEPT";
+    externalInterface = "ens18";
+    internalInterfaces = [ "ens19" ];
+  };
+}

hosts/scotty-router/wireguard.nix

@@ -0,0 +1,40 @@
+{ config, pkgs, ...}:
+
+{
+    environment.systemPackages = with pkgs; [
+        wireguard
+        wireguard-tools
+    ];
+    boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
+
+    networking = {
+        firewall.allowedUDPPorts = [ 51820  52820];
+        firewall.trustedInterfaces = [ "wg0" "pub0" "ens19"];
+        
+        iproute2.enable = true;
+        iproute2.rttablesExtraConfig = ''
+        100 PUBLIC6
+        '';
+
+        wireguard.enable = true;
+        wireguard.interfaces = {
+            pub0 = {
+                ips = [ "fd33:ab07:ff00:2342:200::1/64" ];
+                privateKeyFile = "/run/keys/wg-scotty-router_priv";
+                listenPort = 52820;
+                allowedIPsAsRoutes = true;
+                postSetup = ''
+                    ip -6 rule add from 2a01:4f8:c010:61dc:200::0/72 lookup PUBLIC6
+                    ip -6 route add default via fd33:ab07:ff00:2342::1 dev pub0 table PUBLIC6
+                '';
+                #ip -6 route add fd33:ab07:f877:2342::1/64 dev pub0 table PUBLIC6
+                peers = [{
+                    publicKey = "4faakn5yfzukxRwo79iTawag4jzAFkErXHLeEvtoLCc=";
+                    allowedIPs = [ "::/0"  ];
+                    endpoint = "dyon.net.entr0py.de:51820";
+                    persistentKeepalive = 25;
+                }];
+            };
+        };
+    };
+}