begin migration to VPN

2024-11-20 21:19:10 +01:00 · 2024-11-20 21:19:10 +01:00 · 4df84a3be0
commit 4df84a3be0
parent ca01004c86
2 changed files with 41 additions and 41 deletions
--- a/systems/LoutreOS/network.nix
+++ b/systems/LoutreOS/network.nix
@ -140,7 +140,7 @@
        };
        wireguardConfig = {
          PrivateKeyFile = "/run/keys/wireguard-privkey";
-          RouteTable = "vpn";
+          RouteTable = 3;
        };
        wireguardPeers = [
          {
@ -164,14 +164,14 @@
      # Set DHCP client magic settings for Bouygues
      # Put routes in fiber table
      "40-bouygues" = {
-        dhcpV4Config.RouteTable = "fiber";
+        dhcpV4Config.RouteMetric = 1;
        dhcpV6Config = {
          DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68";
          WithoutRA = "solicit";
        };
        ipv6AcceptRAConfig = {
          DHCPv6Client = true;
-          RouteTable = "fiber";
+          # RouteTable = 1;
        };
        networkConfig = {
          KeepConfiguration = "dhcp-on-stop";
@ -182,15 +182,15 @@
        dhcpPrefixDelegationConfig.SubnetId = "0";

        # Route everything to fiber link with a priority of 100
-        routingPolicyRules = [
-          {
-            routingPolicyRuleConfig = {
-              Table = "fiber";
-              Priority = "100";
-              Family = "both";
-            };
-          }
-        ];
+        # routingPolicyRules = [
+        #   {
+        #     routingPolicyRuleConfig = {
+        #       Table = 1;
+        #       Priority = 100;
+        #       Family = "both";
+        #     };
+        #   }
+        # ];
      };

      # Don't check VLAN physical interface as it is not directly used
@ -202,18 +202,18 @@

      # Put routes in lte table
      "40-enp0s21u1" = {
-        dhcpV4Config.RouteTable = "lte";
+        dhcpV4Config.RouteTable = 2;

        # Route all to lte link with a priority of 200
-        routingPolicyRules = [
-          {
-            routingPolicyRuleConfig = {
-              Table = "lte";
-              Priority = "200";
-              Family = "both";
-            };
-          }
-        ];
+        # routingPolicyRules = [
+        #   {
+        #     routingPolicyRuleConfig = {
+        #       Table = 2;
+        #       Priority = 200;
+        #       Family = "both";
+        #     };
+        #   }
+        # ];
      };

      #######
@ -227,17 +227,17 @@
          "89.234.141.196/32"
          "2a00:5881:8119:400::1/128"
        ];
-        routingPolicyRules = [
-          # Route outgoing emails to VPN table
-          {
-            routingPolicyRuleConfig = {
-              DestinationPort = "25";
-              Table = "vpn";
-              Priority = "50";
-              Family = "both";
-            };
-          }
-        ];
+        #routingPolicyRules = [
+        #  # Route outgoing emails to VPN table
+        #  {
+        #    routingPolicyRuleConfig = {
+        #      DestinationPort = "25";
+        #      Table = 3;
+        #      Priority = 50;
+        #      Family = "both";
+        #    };
+        #  }
+        #];
      };

      #######
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@ -77,14 +77,14 @@ in
  };

  services = {
-    postfix = {
-      relayHost = "mailvps.nyanlout.re";
-      relayPort = 587;
-      config = {
-        smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt";
-        smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key";
-      };
-    };
+    # postfix = {
+    #   relayHost = "mailvps.nyanlout.re";
+    #   relayPort = 587;
+    #   config = {
+    #     smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt";
+    #     smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key";
+    #   };
+    # };

    rspamd.workers.controller.extraConfig = ''
      secure_ip = ["0.0.0.0/0", "::"];