1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160 { config, ... }:
{
age.secrets.wireguard-privkey = {
file = ./. + "../../../../secrets/${config.networking.hostName}/wireguard-privkey.age";
mode = "640";
owner = "root";
group = "systemd-network";
};
systemd.network = {
enable = true;
wait-online.enable = false;
links = {
"5-dtagdsl" = {
matchConfig.PermanentMACAddress = "d0:37:45:06:de:de";
linkConfig.Name = "dtagdsl";
};
"10-iphone" = {
matchConfig.PermanentMACAddress = "aa:ab:b5:18:95:d9";
linkConfig.Name = "iphone";
};
};
netdevs = {
"20-brlan" = {
netdevConfig = {
Kind = "bridge";
Name = "brlan";
};
};
# "30-enp1s0.5" = {
# netdevConfig = {
# Kind = "vlan";
# Name = "enp1s0.5";
# };
# vlanConfig = {
# Id = 5;
# };
# };
"40-wg-pbb" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg-pbb";
};
wireguardConfig = {
PrivateKeyFile = config.age.secrets.wireguard-privkey.path;
ListenPort = 51820;
FirewallMark = 51820;
};
wireguardPeers = [{
Endpoint = "195.39.247.161:51820";
PublicKey = "kih/GnR4Bov/DM/7Rd21wK+PFQRUNH6sywVuNKkUAkk=";
AllowedIPs = [ "0.0.0.0/0" "::/0" ];
PersistentKeepalive = 10;
# RouteTable = "off";
}];
};
};
networks = {
"10-dtagdsl" = {
matchConfig = {
Name = "dtagdsl";
};
DHCP = "no";
};
"10-iphone" = {
matchConfig = {
Name = "iphone";
};
DHCP = "yes";
};
# "10-enp1s0.5" = {
# matchConfig = {
# Name = "enp1s0.5";
# };
# DHCP = "yes";
# };
"10-enp1s0" = {
matchConfig = {
Name = "enp1s0";
};
bridge = [ "brlan" ];
# vlan = [ "enp1s0.5" ];
};
"20-brlan" = {
matchConfig = {
Name = "brlan";
Driver = "bridge";
};
networkConfig = {
IPv6AcceptRA = "no";
DHCP = "no";
};
address = [
"10.0.0.1/24"
"195.39.246.42/28"
"2a0f:4ac0:acab::1/62"
];
routingPolicyRules = [
{
From = "195.39.246.32/28";
Table = 254;
Priority = 1900;
SuppressPrefixLength = 0;
}
{
From = "2a0f:4ac0:acab::/62";
Table = 254;
Priority = 1900;
SuppressPrefixLength = 0;
}
{
From = "195.39.246.32/28";
Table = 1234;
Priority = 2000;
}
{
From = "2a0f:4ac0:acab::/62";
Table = 1234;
Priority = 2000;
}
];
};
"30-wg-pbb" = {
matchConfig = {
Name = "wg-pbb";
};
linkConfig = {
MTUBytes = "1500";
};
routes = [
{
Destination = "0.0.0.0/0";
Table = "1234";
}
{
Destination = "::/0";
Table = "1234";
}
];
};
};
};
}