nixbld: consistent netif variables

This commit is contained in:
Sébastien Bourdeauducq 2024-08-29 18:53:33 +08:00
parent 233998b8f3
commit 9383227c5b

View File

@ -6,6 +6,8 @@ let
netifLan = "enp5s0f1"; netifLan = "enp5s0f1";
netifWifi = "wlp6s0"; netifWifi = "wlp6s0";
netifSit = "henet0"; netifSit = "henet0";
netifAlt = "alt0";
netifAltVlan = "vlan0";
hydraWwwOutputs = "/var/www/hydra-outputs"; hydraWwwOutputs = "/var/www/hydra-outputs";
in in
{ {
@ -179,7 +181,7 @@ in
iptables -w -N pccw-sucks iptables -w -N pccw-sucks
iptables -A pccw-sucks -o ${netifSit} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1360 iptables -A pccw-sucks -o ${netifSit} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1360
iptables -A pccw-sucks -o alt0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1380 iptables -A pccw-sucks -o ${netifAlt} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1380
iptables -w -A FORWARD -j pccw-sucks iptables -w -A FORWARD -j pccw-sucks
''; '';
extraStopCommands = '' extraStopCommands = ''
@ -202,14 +204,14 @@ in
addresses = [{ address = "2001:470:18:390::2"; prefixLength = 64; }]; addresses = [{ address = "2001:470:18:390::2"; prefixLength = 64; }];
routes = [{ address = "::"; prefixLength = 0; }]; routes = [{ address = "::"; prefixLength = 0; }];
}; };
greTunnels.alt0 = { greTunnels."${netifAlt}" = {
dev = netifWan; dev = netifWan;
remote = "103.206.98.1"; remote = "103.206.98.1";
local = "94.190.212.123"; local = "94.190.212.123";
ttl = 255; ttl = 255;
type = "tun"; type = "tun";
}; };
interfaces.alt0 = { interfaces."${netifAlt}" = {
ipv4.addresses = [ ipv4.addresses = [
{ {
address = "103.206.98.227"; address = "103.206.98.227";
@ -226,12 +228,12 @@ in
]; ];
}; };
vlans = { vlans = {
vlan0 = { "${netifAltVlan}" = {
id = 2; id = 2;
interface = netifLan; interface = netifLan;
}; };
}; };
interfaces.vlan0 = { interfaces."${netifAltVlan}" = {
ipv4.addresses = [{ ipv4.addresses = [{
address = "103.206.98.200"; address = "103.206.98.200";
prefixLength = 29; prefixLength = 29;
@ -264,7 +266,7 @@ in
id = "fqdn:igw0.hkg.as150788.net"; id = "fqdn:igw0.hkg.as150788.net";
pubkeys = [ "/etc/swanctl/pubkey/igw0.hkg.as150788.net" ]; pubkeys = [ "/etc/swanctl/pubkey/igw0.hkg.as150788.net" ];
}; };
children.alt0 = { children."${netifAlt}" = {
mode = "transport"; mode = "transport";
ah_proposals = [ "sha256-curve25519" ]; ah_proposals = [ "sha256-curve25519" ];
remote_ts = [ "103.206.98.1[gre]" ]; remote_ts = [ "103.206.98.1[gre]" ];
@ -274,8 +276,8 @@ in
}; };
# prevent race condition similar to https://github.com/NixOS/nixpkgs/issues/27070 # prevent race condition similar to https://github.com/NixOS/nixpkgs/issues/27070
systemd.services.strongswan-swanctl = { systemd.services.strongswan-swanctl = {
after = [ "network-addresses-alt0.service" ]; after = [ "network-addresses-${netifAlt}.service" ];
requires = [ "network-addresses-alt0.service" ]; requires = [ "network-addresses-${netifAlt}.service" ];
}; };
systemd.services.network-custom-route-backup = { systemd.services.network-custom-route-backup = {