use bridge on vps
This commit is contained in:
parent
153a602772
commit
f05ffe6404
@ -11,18 +11,39 @@ in {
|
|||||||
usePredictableInterfaceNames = true;
|
usePredictableInterfaceNames = true;
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
dhcpcd.enable = false;
|
dhcpcd.enable = false;
|
||||||
|
nftables.enable = true;
|
||||||
# nftables.enable = true;
|
|
||||||
domain = "wg.ataraxiadev.com";
|
domain = "wg.ataraxiadev.com";
|
||||||
};
|
};
|
||||||
# enp0s18
|
# enp0s18
|
||||||
systemd.network = {
|
systemd.network = with interfaces.main'; {
|
||||||
enable = true;
|
enable = true;
|
||||||
wait-online.ignoredInterfaces = [ "lo" ];
|
wait-online.ignoredInterfaces = [ "lo" ];
|
||||||
networks = {
|
networks = {
|
||||||
"10-wan" = with interfaces.main'; {
|
"10-wan" = {
|
||||||
matchConfig.Name = ifname;
|
matchConfig.Name = ifname;
|
||||||
address = [ IPv4.address IPv6.address ];
|
linkConfig.RequiredForOnline = "enslaved";
|
||||||
|
networkConfig.Bridge = "br0";
|
||||||
|
networkConfig.DHCP = "no";
|
||||||
|
networkConfig.LinkLocalAddressing = "no";
|
||||||
|
networkConfig.IPv6AcceptRA = false;
|
||||||
|
};
|
||||||
|
"20-br0" = {
|
||||||
|
matchConfig.Name = "br0";
|
||||||
|
address = [
|
||||||
|
IPv4.address IPv6.address
|
||||||
|
"192.168.0.1/24" "fc00::1/64"
|
||||||
|
];
|
||||||
|
linkConfig.RequiredForOnline = "routable";
|
||||||
|
|
||||||
|
domains = [ config.networking.domain ];
|
||||||
|
networkConfig = {
|
||||||
|
DHCP = "no";
|
||||||
|
IPForward = true;
|
||||||
|
IPv6PrivacyExtensions = true;
|
||||||
|
LinkLocalAddressing = "no";
|
||||||
|
IPv6AcceptRA = false;
|
||||||
|
DNS = IPv4.dns ++ IPv6.dns;
|
||||||
|
};
|
||||||
routes = [
|
routes = [
|
||||||
{
|
{
|
||||||
routeConfig.Gateway = IPv4.gateway;
|
routeConfig.Gateway = IPv4.gateway;
|
||||||
@ -33,16 +54,14 @@ in {
|
|||||||
routeConfig.GatewayOnLink = true;
|
routeConfig.GatewayOnLink = true;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
linkConfig.RequiredForOnline = true;
|
};
|
||||||
domains = [ config.networking.domain ];
|
};
|
||||||
networkConfig = {
|
netdevs = {
|
||||||
DHCP = "no";
|
"20-br0" = {
|
||||||
IPForward = true;
|
netdevConfig = {
|
||||||
IPv6PrivacyExtensions = true;
|
Kind = "bridge";
|
||||||
LinkLocalAddressing = "ipv6";
|
Name = "br0";
|
||||||
IPv6AcceptRA = true;
|
MACAddress = "e6:95:b5:a6:28:c0";
|
||||||
|
|
||||||
DNS = IPv4.dns ++ IPv6.dns;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@ -6,7 +6,6 @@ let
|
|||||||
in {
|
in {
|
||||||
environment.systemPackages = [ pkgs.wireguard-tools ];
|
environment.systemPackages = [ pkgs.wireguard-tools ];
|
||||||
|
|
||||||
networking.nftables.enable = true;
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
allowedUDPPorts = [ wireguardPort ];
|
allowedUDPPorts = [ wireguardPort ];
|
||||||
checkReversePath = false;
|
checkReversePath = false;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user