From 4df84a3be0ffa85c62123169351689d53b7c6570 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Nov 2024 21:19:10 +0100 Subject: [PATCH] begin migration to VPN --- systems/LoutreOS/network.nix | 66 +++++++++++++++++------------------ systems/LoutreOS/services.nix | 16 ++++----- 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 0f83980..7008094 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -140,7 +140,7 @@ }; wireguardConfig = { PrivateKeyFile = "/run/keys/wireguard-privkey"; - RouteTable = "vpn"; + RouteTable = 3; }; wireguardPeers = [ { @@ -164,14 +164,14 @@ # Set DHCP client magic settings for Bouygues # Put routes in fiber table "40-bouygues" = { - dhcpV4Config.RouteTable = "fiber"; + dhcpV4Config.RouteMetric = 1; dhcpV6Config = { DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; WithoutRA = "solicit"; }; ipv6AcceptRAConfig = { DHCPv6Client = true; - RouteTable = "fiber"; + # RouteTable = 1; }; networkConfig = { KeepConfiguration = "dhcp-on-stop"; @@ -182,15 +182,15 @@ dhcpPrefixDelegationConfig.SubnetId = "0"; # Route everything to fiber link with a priority of 100 - routingPolicyRules = [ - { - routingPolicyRuleConfig = { - Table = "fiber"; - Priority = "100"; - Family = "both"; - }; - } - ]; + # routingPolicyRules = [ + # { + # routingPolicyRuleConfig = { + # Table = 1; + # Priority = 100; + # Family = "both"; + # }; + # } + # ]; }; # Don't check VLAN physical interface as it is not directly used @@ -202,18 +202,18 @@ # Put routes in lte table "40-enp0s21u1" = { - dhcpV4Config.RouteTable = "lte"; + dhcpV4Config.RouteTable = 2; # Route all to lte link with a priority of 200 - routingPolicyRules = [ - { - routingPolicyRuleConfig = { - Table = "lte"; - Priority = "200"; - Family = "both"; - }; - } - ]; + # routingPolicyRules = [ + # { + # routingPolicyRuleConfig = { + # Table = 2; + # Priority = 200; + # Family = "both"; + # }; + # } + # ]; }; ####### @@ -227,17 +227,17 @@ "89.234.141.196/32" "2a00:5881:8119:400::1/128" ]; - routingPolicyRules = [ - # Route outgoing emails to VPN table - { - routingPolicyRuleConfig = { - DestinationPort = "25"; - Table = "vpn"; - Priority = "50"; - Family = "both"; - }; - } - ]; + #routingPolicyRules = [ + # # Route outgoing emails to VPN table + # { + # routingPolicyRuleConfig = { + # DestinationPort = "25"; + # Table = 3; + # Priority = 50; + # Family = "both"; + # }; + # } + #]; }; ####### diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e4f0e79..fac5b6c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -77,14 +77,14 @@ in }; services = { - postfix = { - relayHost = "mailvps.nyanlout.re"; - relayPort = 587; - config = { - smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; - smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; - }; - }; + # postfix = { + # relayHost = "mailvps.nyanlout.re"; + # relayPort = 587; + # config = { + # smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; + # smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; + # }; + # }; rspamd.workers.controller.extraConfig = '' secure_ip = ["0.0.0.0/0", "::"];