forked from M-Labs/it-infra
aux: ipv6
This commit is contained in:
parent
fb745a11e3
commit
a7450362ce
@ -4,6 +4,7 @@ let
|
|||||||
netifWan = "enp0s25";
|
netifWan = "enp0s25";
|
||||||
netifLan = "enp3s0";
|
netifLan = "enp3s0";
|
||||||
netifWifi = "wlp1s0";
|
netifWifi = "wlp1s0";
|
||||||
|
netifSit = "henet0";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
@ -43,18 +44,43 @@ in
|
|||||||
address = "192.168.1.1";
|
address = "192.168.1.1";
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
}];
|
}];
|
||||||
|
ipv6.addresses = [{
|
||||||
|
address = "2001:470:f891:1::";
|
||||||
|
prefixLength = 64;
|
||||||
|
}];
|
||||||
};
|
};
|
||||||
networking.interfaces."${netifWifi}" = {
|
networking.interfaces."${netifWifi}" = {
|
||||||
ipv4.addresses = [{
|
ipv4.addresses = [{
|
||||||
address = "192.168.15.1";
|
address = "192.168.15.1";
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
}];
|
}];
|
||||||
|
ipv6.addresses = [{
|
||||||
|
address = "2001:470:f891:2::";
|
||||||
|
prefixLength = 64;
|
||||||
|
}];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.sits."${netifSit}" = {
|
||||||
|
dev = netifWan;
|
||||||
|
remote = "216.218.221.6";
|
||||||
|
local = "94.190.212.123";
|
||||||
|
ttl = 255;
|
||||||
|
};
|
||||||
|
networking.interfaces."${netifSit}".ipv6 = {
|
||||||
|
addresses = [{ address = "2001:470:18:390::2"; prefixLength = 64; }];
|
||||||
|
routes = [{ address = "::"; prefixLength = 0; }];
|
||||||
|
};
|
||||||
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = "1";
|
||||||
|
boot.kernel.sysctl."net.ipv6.conf.default.forwarding" = "1";
|
||||||
|
boot.kernel.sysctl."net.ipv6.conf.${netifLan}.accept_dad" = "0";
|
||||||
|
boot.kernel.sysctl."net.ipv6.conf.${netifWifi}.accept_dad" = "0";
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
allowedTCPPorts = [ 53 ];
|
allowedTCPPorts = [ 53 ];
|
||||||
allowedUDPPorts = [ 53 67 ];
|
allowedUDPPorts = [ 53 67 ];
|
||||||
trustedInterfaces = [ netifLan ];
|
trustedInterfaces = [ netifLan ];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.bind = {
|
services.bind = {
|
||||||
enable = true;
|
enable = true;
|
||||||
listenOn = [];
|
listenOn = [];
|
||||||
@ -72,6 +98,9 @@ in
|
|||||||
bind-interfaces
|
bind-interfaces
|
||||||
dhcp-range=interface:${netifLan},192.168.1.81,192.168.1.254,24h
|
dhcp-range=interface:${netifLan},192.168.1.81,192.168.1.254,24h
|
||||||
dhcp-range=interface:${netifWifi},192.168.15.10,192.168.15.254,24h
|
dhcp-range=interface:${netifWifi},192.168.15.10,192.168.15.254,24h
|
||||||
|
enable-ra
|
||||||
|
dhcp-range=interface:${netifLan},::,constructor:${netifLan},ra-names
|
||||||
|
dhcp-range=interface:${netifWifi},::,constructor:${netifWifi},ra-only
|
||||||
|
|
||||||
no-resolv
|
no-resolv
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user