remove comments
This commit is contained in:
parent
8ad48e5aa4
commit
0d64372b57
@ -114,26 +114,15 @@
|
||||
];
|
||||
};
|
||||
|
||||
#################
|
||||
# ROUTING RULES #
|
||||
#################
|
||||
|
||||
# 0: from all lookup local
|
||||
# 50: from all ipproto tcp dport 25 lookup vpn
|
||||
# 100: from all lookup fiber
|
||||
# 200: from all lookup lte
|
||||
# 32766: from all lookup main
|
||||
# 32767: from all lookup default
|
||||
|
||||
systemd.network = {
|
||||
systemd.network = let
|
||||
routeTables = {
|
||||
vpn = 3;
|
||||
};
|
||||
in {
|
||||
enable = true;
|
||||
|
||||
config = {
|
||||
routeTables = {
|
||||
fiber = 1;
|
||||
lte = 2;
|
||||
vpn = 3;
|
||||
};
|
||||
inherit routeTables;
|
||||
addRouteTablesToIPRoute2 = true;
|
||||
};
|
||||
|
||||
@ -149,7 +138,7 @@
|
||||
PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0";
|
||||
# Wait for 24.11
|
||||
# PrivateKey = "@network.wireguard.private.wg0";
|
||||
RouteTable = 3;
|
||||
RouteTable = routeTables.vpn;
|
||||
};
|
||||
wireguardPeers = [
|
||||
{
|
||||
@ -172,36 +161,26 @@
|
||||
# FIBER #
|
||||
#########
|
||||
|
||||
# Set route metric to highest priority
|
||||
# Set DHCP client magic settings for Bouygues
|
||||
# Put routes in fiber table
|
||||
"40-bouygues" = {
|
||||
dhcpV4Config.RouteMetric = 1;
|
||||
|
||||
dhcpV6Config = {
|
||||
DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68";
|
||||
WithoutRA = "solicit";
|
||||
};
|
||||
ipv6AcceptRAConfig = {
|
||||
DHCPv6Client = true;
|
||||
# RouteTable = 1;
|
||||
};
|
||||
|
||||
ipv6AcceptRAConfig.DHCPv6Client = true;
|
||||
|
||||
networkConfig = {
|
||||
KeepConfiguration = "dhcp-on-stop";
|
||||
IPv6AcceptRA = true;
|
||||
DHCPPrefixDelegation = true;
|
||||
};
|
||||
|
||||
# Static attribution of first IPv6 subnet
|
||||
dhcpPrefixDelegationConfig.SubnetId = "0";
|
||||
|
||||
# Route everything to fiber link with a priority of 100
|
||||
# routingPolicyRules = [
|
||||
# {
|
||||
# routingPolicyRuleConfig = {
|
||||
# Table = 1;
|
||||
# Priority = 100;
|
||||
# Family = "both";
|
||||
# };
|
||||
# }
|
||||
# ];
|
||||
};
|
||||
|
||||
# Don't check VLAN physical interface as it is not directly used
|
||||
@ -211,32 +190,22 @@
|
||||
# LTE #
|
||||
#######
|
||||
|
||||
# Put routes in lte table
|
||||
"40-enp0s21u1" = {
|
||||
dhcpV4Config.RouteTable = 2;
|
||||
|
||||
# Route all to lte link with a priority of 200
|
||||
# routingPolicyRules = [
|
||||
# {
|
||||
# routingPolicyRuleConfig = {
|
||||
# Table = 2;
|
||||
# Priority = 200;
|
||||
# Family = "both";
|
||||
# };
|
||||
# }
|
||||
# ];
|
||||
};
|
||||
# Set LTE route to lower priority
|
||||
"40-enp0s21u1".dhcpV4Config.RouteMetric = 1024;
|
||||
|
||||
#######
|
||||
# VPN #
|
||||
#######
|
||||
|
||||
# Wireguard ARN network configuation
|
||||
"10-wg0" = {
|
||||
"10-wg0" = let
|
||||
vpnIPv4 = "89.234.141.196/32";
|
||||
vpnIPv6 = "2a00:5881:8119:400::1/128";
|
||||
in {
|
||||
matchConfig.Name = "wg0";
|
||||
address = [
|
||||
"89.234.141.196/32"
|
||||
"2a00:5881:8119:400::1/128"
|
||||
vpnIPv4
|
||||
vpnIPv6
|
||||
];
|
||||
routingPolicyRules = [
|
||||
# Route outgoing emails to VPN table
|
||||
@ -244,7 +213,7 @@
|
||||
routingPolicyRuleConfig = {
|
||||
IncomingInterface = "lo";
|
||||
DestinationPort = "25";
|
||||
Table = 3;
|
||||
Table = routeTables.vpn;
|
||||
Priority = 50;
|
||||
Family = "both";
|
||||
};
|
||||
@ -253,15 +222,15 @@
|
||||
# Allow server to respond on the wg0 interface requests
|
||||
{
|
||||
routingPolicyRuleConfig = {
|
||||
From = "89.234.141.196";
|
||||
Table = 3;
|
||||
From = vpnIPv4;
|
||||
Table = routeTables.vpn;
|
||||
Priority = 49;
|
||||
};
|
||||
}
|
||||
{
|
||||
routingPolicyRuleConfig = {
|
||||
From = "2a00:5881:8119:400::1";
|
||||
Table = 3;
|
||||
From = vpnIPv6;
|
||||
Table = routeTables.vpn;
|
||||
Priority = 49;
|
||||
};
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user