140 lines
3.8 KiB
Nix
140 lines
3.8 KiB
Nix
config:
|
|
let
|
|
cfg = config.router;
|
|
mkIfConfig = {
|
|
name_,
|
|
domain_,
|
|
p4_, # /24
|
|
p4Size_ ? 24,
|
|
p6_, # /64
|
|
p6Size_ ? 64,
|
|
ulaPrefix_, # /64
|
|
ulaSize_ ? 64,
|
|
token? cfg.defaultToken,
|
|
ip6Token_? "::${toString token}",
|
|
ulaToken_? "::${toString token}",
|
|
}: rec {
|
|
name = name_;
|
|
domain = domain_;
|
|
p4 = p4_;
|
|
p4Size = p4Size_;
|
|
net4 = "${p4}.0/${toString p4Size}";
|
|
addr4 = "${p4}.${toString token}";
|
|
addr4Sized = "${addr4}/${toString p4Size}";
|
|
p6 = p6_;
|
|
p6Size = p6Size_;
|
|
net6 = "${p6}::/${toString p6Size}";
|
|
ip6Token = ip6Token_;
|
|
addr6 = "${p6}${ip6Token}";
|
|
addr6Sized = "${addr6}/${toString p6Size}";
|
|
ulaPrefix = ulaPrefix_;
|
|
ulaSize = ulaSize_;
|
|
ulaNet = "${ulaPrefix}::/${toString ulaSize}";
|
|
ulaToken = ulaToken_;
|
|
ulaAddr = "${ulaPrefix}${ulaToken}";
|
|
ulaAddrSized = "${ulaAddr}/${toString ulaSize}";
|
|
};
|
|
in
|
|
rec {
|
|
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFobB87yYVwhuYrA+tfztLuks3s9jZOqEFktwGw1mo83 root@grouter";
|
|
domain = "cazzzer.com";
|
|
ldomain = "l.${domain}";
|
|
sysdomain = "sys.${domain}";
|
|
links = {
|
|
wanMAC = cfg.wanMAC;
|
|
lanMAC = cfg.lanMAC;
|
|
wanLL = cfg.wanLL;
|
|
lanLL = cfg.lanLL;
|
|
};
|
|
|
|
p4 = "10.17"; # .0.0/16
|
|
pdFromWan = cfg.pdFromWan; # ::/60
|
|
ulaPrefix = "fdab:07d3:581d"; # ::/48
|
|
ifs = rec {
|
|
wan = rec {
|
|
name = "wan";
|
|
addr4 = cfg.wanAddr4;
|
|
addr4Sized = "${addr4}/24";
|
|
gw4 = cfg.wanGw4;
|
|
};
|
|
lan = mkIfConfig {
|
|
name_ = "lan";
|
|
domain_ = "lan.${ldomain}";
|
|
p4_ = "${p4}.1"; # .0/24
|
|
p6_ = "${pdFromWan}f"; # ::/64
|
|
ulaPrefix_ = "${ulaPrefix}:0001"; # ::/64
|
|
};
|
|
lan10 = mkIfConfig {
|
|
name_ = "${lan.name}.10";
|
|
domain_ = "lab.${ldomain}";
|
|
p4_ = "${p4}.10"; # .0/24
|
|
p6_ = "${pdFromWan}e"; # ::/64
|
|
ulaPrefix_ = "${ulaPrefix}:0010"; # ::/64
|
|
};
|
|
lan20 = mkIfConfig {
|
|
name_ = "${lan.name}.20";
|
|
domain_ = "life.${ldomain}";
|
|
p4_ = "${p4}.20"; # .0/24
|
|
p6_ = "${pdFromWan}0"; # ::/64 managed by Att box
|
|
ulaPrefix_ = "${ulaPrefix}:0020"; # ::/64
|
|
ip6Token_ = "::1:${toString cfg.defaultToken}"; # override ipv6 for lan20, since the Att box uses ::1 here
|
|
};
|
|
lan30 = mkIfConfig {
|
|
name_ = "${lan.name}.30";
|
|
domain_ = "iot.${ldomain}";
|
|
p4_ = "${p4}.30"; # .0/24
|
|
p6_ = "${pdFromWan}c"; # ::/64
|
|
ulaPrefix_ = "${ulaPrefix}:0030"; # ::/64
|
|
};
|
|
lan40 = mkIfConfig {
|
|
name_ = "${lan.name}.40";
|
|
domain_ = "kube.${ldomain}";
|
|
p4_ = "${p4}.40"; # .0/24
|
|
p6_ = "${pdFromWan}b"; # ::/64
|
|
ulaPrefix_ = "${ulaPrefix}:0040"; # ::/64
|
|
};
|
|
lan50 = mkIfConfig {
|
|
name_ = "${lan.name}.50";
|
|
domain_ = "prox.${ldomain}";
|
|
p4_ = "${p4}.50"; # .0/24
|
|
p6_ = "${pdFromWan}a"; # ::/64
|
|
ulaPrefix_ = "${ulaPrefix}:0050"; # ::/64
|
|
};
|
|
wg0 = mkIfConfig {
|
|
name_ = "wg0";
|
|
domain_ = "wg0.${ldomain}";
|
|
p4_ = "10.18.16"; # .0/24
|
|
p6_ = "${pdFromWan}9:0:6"; # ::/96
|
|
p6Size_ = 96;
|
|
ulaPrefix_ = "${ulaPrefix}:0100:0:6"; # ::/96
|
|
ulaSize_ = 96;
|
|
} // {
|
|
listenPort = 51944;
|
|
};
|
|
};
|
|
|
|
extra = {
|
|
opnsense = rec {
|
|
addr4 = "${ifs.lan.p4}.250";
|
|
ulaAddr = "${ifs.lan.ulaPrefix}::250";
|
|
p6 = "${pdFromWan}d";
|
|
net6 = "${p6}::/64";
|
|
# VPN routes on opnsense
|
|
routes = [
|
|
{
|
|
Destination = "10.6.0.0/24";
|
|
Gateway = addr4;
|
|
}
|
|
{
|
|
Destination = "10.18.0.0/20";
|
|
Gateway = addr4;
|
|
}
|
|
{
|
|
Destination = net6;
|
|
Gateway = ulaAddr;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
}
|