nixos-config/machines/NixOS-VPS/network.nix

{ config, lib, pkgs, ... }:
let
  inherit (import ./hardware/networks.nix) interfaces domain hasIPv6;
in {
  services.resolved.enable = true;
  networking = {
    enableIPv6 = lib.mkForce hasIPv6;
    usePredictableInterfaceNames = lib.mkForce true;
    useDHCP = false;
    dhcpcd.enable = false;
    nftables.enable = false; # incompatible with tailscale and docker
    hostName = config.device;
    domain = domain;
  };

  systemd.network = with interfaces.main'; {
    enable = true;
    wait-online.ignoredInterfaces = [ "lo" ];
    networks = {
      "40-${ifname}" = {
        matchConfig.Name = ifname;
        linkConfig.RequiredForOnline = "enslaved";
        networkConfig.Bridge = bridgeName;
        networkConfig.DHCP = "no";
      };
      "60-${bridgeName}" = {
        matchConfig.Name = bridgeName;
        address = [
          IPv4.address
          "192.168.0.1/24"
        ] ++ lib.optionals hasIPv6 [
          IPv6.address
          "fc00::1/64"
        ];
        linkConfig.RequiredForOnline = "routable";
        networkConfig = {
          DHCPServer = true;
          IPForward = true;
          # IPv6PrivacyExtensions = "kernel";
          DNS = IPv4.dns ++ lib.optionals hasIPv6 IPv6.dns;
        };
        routes = [{
          routeConfig.Gateway = IPv4.gateway;
          routeConfig.GatewayOnLink = true;
        }] ++ lib.optionals hasIPv6 [{
          routeConfig.Gateway = IPv6.gateway;
          routeConfig.GatewayOnLink = true;
        }];
        dhcpServerConfig = {
          ServerAddress = "192.168.0.1/24";
          PoolOffset = 100;
          PoolSize = 100;
        };
      };
    };
    netdevs = {
      "60-${bridgeName}" = {
        netdevConfig = {
          Kind = "bridge";
          Name = bridgeName;
          MACAddress = mac;
        };
      };
    };
  };

  system.activationScripts.udp-gro-forwarding = {
    text = with interfaces.main'; ''
      ${pkgs.ethtool}/bin/ethtool -K ${bridgeName} rx-udp-gro-forwarding on rx-gro-list off
    '';
  };
}
some settings for vps 2024-08-04 13:47:36 +03:00			`{ config, lib, pkgs, ... }:`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`let`
move nixos-vps to another machine 2024-07-17 12:56:22 +03:00			`inherit (import ./hardware/networks.nix) interfaces domain hasIPv6;`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`in {`
			`services.resolved.enable = true;`
			`networking = {`
move nixos-vps to another machine 2024-07-17 12:56:22 +03:00			`enableIPv6 = lib.mkForce hasIPv6;`
			`usePredictableInterfaceNames = lib.mkForce true;`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`useDHCP = false;`
			`dhcpcd.enable = false;`
			`nftables.enable = false; # incompatible with tailscale and docker`
			`hostName = config.device;`
			`domain = domain;`
			`};`

			`systemd.network = with interfaces.main'; {`
			`enable = true;`
			`wait-online.ignoredInterfaces = [ "lo" ];`
			`networks = {`
			`"40-${ifname}" = {`
			`matchConfig.Name = ifname;`
			`linkConfig.RequiredForOnline = "enslaved";`
			`networkConfig.Bridge = bridgeName;`
			`networkConfig.DHCP = "no";`
			`};`
			`"60-${bridgeName}" = {`
			`matchConfig.Name = bridgeName;`
			`address = [`
			`IPv4.address`
			`"192.168.0.1/24"`
move nixos-vps to another machine 2024-07-17 12:56:22 +03:00			`] ++ lib.optionals hasIPv6 [`
			`IPv6.address`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`"fc00::1/64"`
			`];`
			`linkConfig.RequiredForOnline = "routable";`
			`networkConfig = {`
add libvirt to nixos-vps 2024-01-12 23:57:57 +03:00			`DHCPServer = true;`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`IPForward = true;`
add libvirt to nixos-vps 2024-01-12 23:57:57 +03:00			`# IPv6PrivacyExtensions = "kernel";`
move nixos-vps to another machine 2024-07-17 12:56:22 +03:00			`DNS = IPv4.dns ++ lib.optionals hasIPv6 IPv6.dns;`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`};`
			`routes = [{`
			`routeConfig.Gateway = IPv4.gateway;`
			`routeConfig.GatewayOnLink = true;`
move nixos-vps to another machine 2024-07-17 12:56:22 +03:00			`}] ++ lib.optionals hasIPv6 [{`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`routeConfig.Gateway = IPv6.gateway;`
			`routeConfig.GatewayOnLink = true;`
add libvirt to nixos-vps 2024-01-12 23:57:57 +03:00			`}];`
			`dhcpServerConfig = {`
			`ServerAddress = "192.168.0.1/24";`
			`PoolOffset = 100;`
			`PoolSize = 100;`
			`};`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`};`
			`};`
			`netdevs = {`
			`"60-${bridgeName}" = {`
			`netdevConfig = {`
			`Kind = "bridge";`
			`Name = bridgeName;`
add libvirt to nixos-vps 2024-01-12 23:57:57 +03:00			`MACAddress = mac;`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`};`
			`};`
			`};`
			`};`
some settings for vps 2024-08-04 13:47:36 +03:00
			`system.activationScripts.udp-gro-forwarding = {`
			`text = with interfaces.main'; ''`
fix udp-gpo-forwarding 2024-09-11 18:03:05 +03:00			`${pkgs.ethtool}/bin/ethtool -K ${bridgeName} rx-udp-gro-forwarding on rx-gro-list off`
some settings for vps 2024-08-04 13:47:36 +03:00			`'';`
			`};`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`}`