remove comments
This commit is contained in:
parent
8ad48e5aa4
commit
0d64372b57
@ -114,26 +114,15 @@
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
#################
|
systemd.network = let
|
||||||
# ROUTING RULES #
|
routeTables = {
|
||||||
#################
|
vpn = 3;
|
||||||
|
};
|
||||||
# 0: from all lookup local
|
in {
|
||||||
# 50: from all ipproto tcp dport 25 lookup vpn
|
|
||||||
# 100: from all lookup fiber
|
|
||||||
# 200: from all lookup lte
|
|
||||||
# 32766: from all lookup main
|
|
||||||
# 32767: from all lookup default
|
|
||||||
|
|
||||||
systemd.network = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
routeTables = {
|
inherit routeTables;
|
||||||
fiber = 1;
|
|
||||||
lte = 2;
|
|
||||||
vpn = 3;
|
|
||||||
};
|
|
||||||
addRouteTablesToIPRoute2 = true;
|
addRouteTablesToIPRoute2 = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -149,7 +138,7 @@
|
|||||||
PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0";
|
PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0";
|
||||||
# Wait for 24.11
|
# Wait for 24.11
|
||||||
# PrivateKey = "@network.wireguard.private.wg0";
|
# PrivateKey = "@network.wireguard.private.wg0";
|
||||||
RouteTable = 3;
|
RouteTable = routeTables.vpn;
|
||||||
};
|
};
|
||||||
wireguardPeers = [
|
wireguardPeers = [
|
||||||
{
|
{
|
||||||
@ -172,36 +161,26 @@
|
|||||||
# FIBER #
|
# FIBER #
|
||||||
#########
|
#########
|
||||||
|
|
||||||
|
# Set route metric to highest priority
|
||||||
# Set DHCP client magic settings for Bouygues
|
# Set DHCP client magic settings for Bouygues
|
||||||
# Put routes in fiber table
|
|
||||||
"40-bouygues" = {
|
"40-bouygues" = {
|
||||||
dhcpV4Config.RouteMetric = 1;
|
dhcpV4Config.RouteMetric = 1;
|
||||||
|
|
||||||
dhcpV6Config = {
|
dhcpV6Config = {
|
||||||
DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68";
|
DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68";
|
||||||
WithoutRA = "solicit";
|
WithoutRA = "solicit";
|
||||||
};
|
};
|
||||||
ipv6AcceptRAConfig = {
|
|
||||||
DHCPv6Client = true;
|
ipv6AcceptRAConfig.DHCPv6Client = true;
|
||||||
# RouteTable = 1;
|
|
||||||
};
|
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
KeepConfiguration = "dhcp-on-stop";
|
KeepConfiguration = "dhcp-on-stop";
|
||||||
IPv6AcceptRA = true;
|
IPv6AcceptRA = true;
|
||||||
DHCPPrefixDelegation = true;
|
DHCPPrefixDelegation = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Static attribution of first IPv6 subnet
|
# Static attribution of first IPv6 subnet
|
||||||
dhcpPrefixDelegationConfig.SubnetId = "0";
|
dhcpPrefixDelegationConfig.SubnetId = "0";
|
||||||
|
|
||||||
# Route everything to fiber link with a priority of 100
|
|
||||||
# routingPolicyRules = [
|
|
||||||
# {
|
|
||||||
# routingPolicyRuleConfig = {
|
|
||||||
# Table = 1;
|
|
||||||
# Priority = 100;
|
|
||||||
# Family = "both";
|
|
||||||
# };
|
|
||||||
# }
|
|
||||||
# ];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Don't check VLAN physical interface as it is not directly used
|
# Don't check VLAN physical interface as it is not directly used
|
||||||
@ -211,32 +190,22 @@
|
|||||||
# LTE #
|
# LTE #
|
||||||
#######
|
#######
|
||||||
|
|
||||||
# Put routes in lte table
|
# Set LTE route to lower priority
|
||||||
"40-enp0s21u1" = {
|
"40-enp0s21u1".dhcpV4Config.RouteMetric = 1024;
|
||||||
dhcpV4Config.RouteTable = 2;
|
|
||||||
|
|
||||||
# Route all to lte link with a priority of 200
|
|
||||||
# routingPolicyRules = [
|
|
||||||
# {
|
|
||||||
# routingPolicyRuleConfig = {
|
|
||||||
# Table = 2;
|
|
||||||
# Priority = 200;
|
|
||||||
# Family = "both";
|
|
||||||
# };
|
|
||||||
# }
|
|
||||||
# ];
|
|
||||||
};
|
|
||||||
|
|
||||||
#######
|
#######
|
||||||
# VPN #
|
# VPN #
|
||||||
#######
|
#######
|
||||||
|
|
||||||
# Wireguard ARN network configuation
|
# Wireguard ARN network configuation
|
||||||
"10-wg0" = {
|
"10-wg0" = let
|
||||||
|
vpnIPv4 = "89.234.141.196/32";
|
||||||
|
vpnIPv6 = "2a00:5881:8119:400::1/128";
|
||||||
|
in {
|
||||||
matchConfig.Name = "wg0";
|
matchConfig.Name = "wg0";
|
||||||
address = [
|
address = [
|
||||||
"89.234.141.196/32"
|
vpnIPv4
|
||||||
"2a00:5881:8119:400::1/128"
|
vpnIPv6
|
||||||
];
|
];
|
||||||
routingPolicyRules = [
|
routingPolicyRules = [
|
||||||
# Route outgoing emails to VPN table
|
# Route outgoing emails to VPN table
|
||||||
@ -244,7 +213,7 @@
|
|||||||
routingPolicyRuleConfig = {
|
routingPolicyRuleConfig = {
|
||||||
IncomingInterface = "lo";
|
IncomingInterface = "lo";
|
||||||
DestinationPort = "25";
|
DestinationPort = "25";
|
||||||
Table = 3;
|
Table = routeTables.vpn;
|
||||||
Priority = 50;
|
Priority = 50;
|
||||||
Family = "both";
|
Family = "both";
|
||||||
};
|
};
|
||||||
@ -253,15 +222,15 @@
|
|||||||
# Allow server to respond on the wg0 interface requests
|
# Allow server to respond on the wg0 interface requests
|
||||||
{
|
{
|
||||||
routingPolicyRuleConfig = {
|
routingPolicyRuleConfig = {
|
||||||
From = "89.234.141.196";
|
From = vpnIPv4;
|
||||||
Table = 3;
|
Table = routeTables.vpn;
|
||||||
Priority = 49;
|
Priority = 49;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
routingPolicyRuleConfig = {
|
routingPolicyRuleConfig = {
|
||||||
From = "2a00:5881:8119:400::1";
|
From = vpnIPv6;
|
||||||
Table = 3;
|
Table = routeTables.vpn;
|
||||||
Priority = 49;
|
Priority = 49;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user