diff --git a/aux-etc-nixos/configuration.nix b/aux-etc-nixos/configuration.nix index d0dfbc2..0b631e9 100644 --- a/aux-etc-nixos/configuration.nix +++ b/aux-etc-nixos/configuration.nix @@ -4,6 +4,7 @@ let netifWan = "enp0s25"; netifLan = "enp3s0"; netifWifi = "wlp1s0"; + netifSit = "henet0"; in { imports = @@ -43,18 +44,43 @@ in address = "192.168.1.1"; prefixLength = 24; }]; + ipv6.addresses = [{ + address = "2001:470:f891:1::"; + prefixLength = 64; + }]; }; networking.interfaces."${netifWifi}" = { ipv4.addresses = [{ address = "192.168.15.1"; prefixLength = 24; }]; + ipv6.addresses = [{ + address = "2001:470:f891:2::"; + prefixLength = 64; + }]; }; + + networking.sits."${netifSit}" = { + dev = netifWan; + remote = "216.218.221.6"; + local = "94.190.212.123"; + ttl = 255; + }; + networking.interfaces."${netifSit}".ipv6 = { + addresses = [{ address = "2001:470:18:390::2"; prefixLength = 64; }]; + routes = [{ address = "::"; prefixLength = 0; }]; + }; + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = "1"; + boot.kernel.sysctl."net.ipv6.conf.default.forwarding" = "1"; + boot.kernel.sysctl."net.ipv6.conf.${netifLan}.accept_dad" = "0"; + boot.kernel.sysctl."net.ipv6.conf.${netifWifi}.accept_dad" = "0"; + networking.firewall = { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 67 ]; trustedInterfaces = [ netifLan ]; }; + services.bind = { enable = true; listenOn = []; @@ -72,6 +98,9 @@ in bind-interfaces dhcp-range=interface:${netifLan},192.168.1.81,192.168.1.254,24h dhcp-range=interface:${netifWifi},192.168.15.10,192.168.15.254,24h + enable-ra + dhcp-range=interface:${netifLan},::,constructor:${netifLan},ra-names + dhcp-range=interface:${netifWifi},::,constructor:${netifWifi},ra-only no-resolv