forked from M-Labs/it-infra
nixbld: consistent netif variables
This commit is contained in:
parent
233998b8f3
commit
9383227c5b
|
@ -6,6 +6,8 @@ let
|
|||
netifLan = "enp5s0f1";
|
||||
netifWifi = "wlp6s0";
|
||||
netifSit = "henet0";
|
||||
netifAlt = "alt0";
|
||||
netifAltVlan = "vlan0";
|
||||
hydraWwwOutputs = "/var/www/hydra-outputs";
|
||||
in
|
||||
{
|
||||
|
@ -179,7 +181,7 @@ in
|
|||
|
||||
iptables -w -N pccw-sucks
|
||||
iptables -A pccw-sucks -o ${netifSit} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1360
|
||||
iptables -A pccw-sucks -o alt0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1380
|
||||
iptables -A pccw-sucks -o ${netifAlt} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1380
|
||||
iptables -w -A FORWARD -j pccw-sucks
|
||||
'';
|
||||
extraStopCommands = ''
|
||||
|
@ -202,14 +204,14 @@ in
|
|||
addresses = [{ address = "2001:470:18:390::2"; prefixLength = 64; }];
|
||||
routes = [{ address = "::"; prefixLength = 0; }];
|
||||
};
|
||||
greTunnels.alt0 = {
|
||||
greTunnels."${netifAlt}" = {
|
||||
dev = netifWan;
|
||||
remote = "103.206.98.1";
|
||||
local = "94.190.212.123";
|
||||
ttl = 255;
|
||||
type = "tun";
|
||||
};
|
||||
interfaces.alt0 = {
|
||||
interfaces."${netifAlt}" = {
|
||||
ipv4.addresses = [
|
||||
{
|
||||
address = "103.206.98.227";
|
||||
|
@ -226,12 +228,12 @@ in
|
|||
];
|
||||
};
|
||||
vlans = {
|
||||
vlan0 = {
|
||||
"${netifAltVlan}" = {
|
||||
id = 2;
|
||||
interface = netifLan;
|
||||
};
|
||||
};
|
||||
interfaces.vlan0 = {
|
||||
interfaces."${netifAltVlan}" = {
|
||||
ipv4.addresses = [{
|
||||
address = "103.206.98.200";
|
||||
prefixLength = 29;
|
||||
|
@ -264,7 +266,7 @@ in
|
|||
id = "fqdn:igw0.hkg.as150788.net";
|
||||
pubkeys = [ "/etc/swanctl/pubkey/igw0.hkg.as150788.net" ];
|
||||
};
|
||||
children.alt0 = {
|
||||
children."${netifAlt}" = {
|
||||
mode = "transport";
|
||||
ah_proposals = [ "sha256-curve25519" ];
|
||||
remote_ts = [ "103.206.98.1[gre]" ];
|
||||
|
@ -274,8 +276,8 @@ in
|
|||
};
|
||||
# prevent race condition similar to https://github.com/NixOS/nixpkgs/issues/27070
|
||||
systemd.services.strongswan-swanctl = {
|
||||
after = [ "network-addresses-alt0.service" ];
|
||||
requires = [ "network-addresses-alt0.service" ];
|
||||
after = [ "network-addresses-${netifAlt}.service" ];
|
||||
requires = [ "network-addresses-${netifAlt}.service" ];
|
||||
};
|
||||
|
||||
systemd.services.network-custom-route-backup = {
|
||||
|
|
Loading…
Reference in New Issue