diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index c42c405..141298b 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -114,26 +114,15 @@ ]; }; - ################# - # ROUTING RULES # - ################# - - # 0: from all lookup local - # 50: from all ipproto tcp dport 25 lookup vpn - # 100: from all lookup fiber - # 200: from all lookup lte - # 32766: from all lookup main - # 32767: from all lookup default - - systemd.network = { + systemd.network = let + routeTables = { + vpn = 3; + }; + in { enable = true; config = { - routeTables = { - fiber = 1; - lte = 2; - vpn = 3; - }; + inherit routeTables; addRouteTablesToIPRoute2 = true; }; @@ -149,7 +138,7 @@ PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0"; # Wait for 24.11 # PrivateKey = "@network.wireguard.private.wg0"; - RouteTable = 3; + RouteTable = routeTables.vpn; }; wireguardPeers = [ { @@ -172,36 +161,26 @@ # FIBER # ######### + # Set route metric to highest priority # Set DHCP client magic settings for Bouygues - # Put routes in fiber table "40-bouygues" = { dhcpV4Config.RouteMetric = 1; + dhcpV6Config = { DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; WithoutRA = "solicit"; }; - ipv6AcceptRAConfig = { - DHCPv6Client = true; - # RouteTable = 1; - }; + + ipv6AcceptRAConfig.DHCPv6Client = true; + networkConfig = { KeepConfiguration = "dhcp-on-stop"; IPv6AcceptRA = true; DHCPPrefixDelegation = true; }; + # Static attribution of first IPv6 subnet dhcpPrefixDelegationConfig.SubnetId = "0"; - - # Route everything to fiber link with a priority of 100 - # routingPolicyRules = [ - # { - # routingPolicyRuleConfig = { - # Table = 1; - # Priority = 100; - # Family = "both"; - # }; - # } - # ]; }; # Don't check VLAN physical interface as it is not directly used @@ -211,32 +190,22 @@ # LTE # ####### - # Put routes in lte table - "40-enp0s21u1" = { - dhcpV4Config.RouteTable = 2; - - # Route all to lte link with a priority of 200 - # routingPolicyRules = [ - # { - # routingPolicyRuleConfig = { - # Table = 2; - # Priority = 200; - # Family = "both"; - # }; - # } - # ]; - }; + # Set LTE route to lower priority + "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; ####### # VPN # ####### # Wireguard ARN network configuation - "10-wg0" = { + "10-wg0" = let + vpnIPv4 = "89.234.141.196/32"; + vpnIPv6 = "2a00:5881:8119:400::1/128"; + in { matchConfig.Name = "wg0"; address = [ - "89.234.141.196/32" - "2a00:5881:8119:400::1/128" + vpnIPv4 + vpnIPv6 ]; routingPolicyRules = [ # Route outgoing emails to VPN table @@ -244,7 +213,7 @@ routingPolicyRuleConfig = { IncomingInterface = "lo"; DestinationPort = "25"; - Table = 3; + Table = routeTables.vpn; Priority = 50; Family = "both"; }; @@ -253,15 +222,15 @@ # Allow server to respond on the wg0 interface requests { routingPolicyRuleConfig = { - From = "89.234.141.196"; - Table = 3; + From = vpnIPv4; + Table = routeTables.vpn; Priority = 49; }; } { routingPolicyRuleConfig = { - From = "2a00:5881:8119:400::1"; - Table = 3; + From = vpnIPv6; + Table = routeTables.vpn; Priority = 49; }; }