-
Notifications
You must be signed in to change notification settings - Fork 10
/
packet-type-0.nix
161 lines (143 loc) · 3.48 KB
/
packet-type-0.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
{ secrets }:
{
boot = {
kernel.sysctl = {
"net.ipv4.forwarding" = 1; # BGP ^.^
};
initrd = {
availableKernelModules = [
"ehci_pci" "ahci" "usbhid" "sd_mod"
];
};
kernelModules = [ "kvm-intel" ];
kernelParams = [ "console=ttyS1,115200n8" ];
extraModulePackages = [ ];
loader = {
grub = {
devices = [ "/dev/sda" ];
enable = true;
version = 2;
extraConfig = ''
serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
terminal_output serial console
terminal_input serial console
'';
};
};
};
deployment = {
targetHost = "147.75.97.237"; # "2604:1380:0:d00::1";
# targetPort = 443;
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
};
hardware = {
enableAllFirmware = true;
};
nix = {
maxJobs = 4;
};
services.openssh.enable = true;
services.bird = {
enable = true;
config = ''
filter packetdns {
# IPs to announce (the elastic ip in our case)
# Doesn't have to be /32. Can be lower
if net = 147.75.96.102/32 then accept;
}
# your (Private) bond0 IP below here
router id 10.100.5.1;
protocol direct {
interface "lo"; # Restrict network interfaces it works with
}
protocol kernel {
# learn; # Learn all alien routes from the kernel
persist; # Don't remove routes on bird shutdown
scan time 20; # Scan kernel routing table every 20 seconds
import all; # Default is import all
export all; # Default is export none
# kernel table 5; # Kernel table to synchronize with (default: main)
}
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
# your default gateway IP below here
protocol bgp {
export filter packetdns;
local as 65000;
neighbor 10.100.5.0 as 65530;
password "${secrets.zoidberg_bgp_password}";
}
'';
};
networking = {
hostId = "7a13df42";
hostName = "zoidberg";
dhcpcd.enable = false;
nameservers = [ "4.2.2.1" "4.2.2.2" "2001:4860:4860::8888" ];
bonds = {
bond0 = {
driverOptions.mode = "balance-tlb";
interfaces = [
"enp0s20f0" "enp0s20f1"
];
};
};
defaultGateway = {
address = "147.75.97.236";
interface = "bond0";
};
defaultGateway6 = {
address = "2604:1380:0:d00::";
interface = "bond0";
};
interfaces = {
lo = {
useDHCP = false;
ipv4.addresses = [
{
# BGP ^.^
address = "147.75.96.102";
prefixLength = 32;
}
];
};
bond0 = {
useDHCP = true;
ipv4 = {
routes = [
{
address = "10.0.0.0";
prefixLength = 8;
via = "10.100.5.0";
}
];
addresses = [
{
address = "147.75.97.237";
prefixLength = 31;
}
{
address = "10.100.5.1";
prefixLength = 31;
}
];
};
ipv6 = {
addresses = [
{
address = "2604:1380:0:d00::1";
prefixLength = 127;
}
];
};
};
};
};
}