diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index e0325d0d..df84b846 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -6,6 +6,8 @@ let netifLan = "enp5s0f1"; netifWifi = "wlp6s0"; netifSit = "henet0"; + netifAlt = "alt0"; + netifAltVlan = "vlan0"; hydraWwwOutputs = "/var/www/hydra-outputs"; in { @@ -179,7 +181,7 @@ in iptables -w -N pccw-sucks iptables -A pccw-sucks -o ${netifSit} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1360 - iptables -A pccw-sucks -o alt0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1380 + iptables -A pccw-sucks -o ${netifAlt} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1380 iptables -w -A FORWARD -j pccw-sucks ''; extraStopCommands = '' @@ -202,14 +204,14 @@ in addresses = [{ address = "2001:470:18:390::2"; prefixLength = 64; }]; routes = [{ address = "::"; prefixLength = 0; }]; }; - greTunnels.alt0 = { + greTunnels."${netifAlt}" = { dev = netifWan; remote = "103.206.98.1"; local = "94.190.212.123"; ttl = 255; type = "tun"; }; - interfaces.alt0 = { + interfaces."${netifAlt}" = { ipv4.addresses = [ { address = "103.206.98.227"; @@ -226,12 +228,12 @@ in ]; }; vlans = { - vlan0 = { + "${netifAltVlan}" = { id = 2; interface = netifLan; }; }; - interfaces.vlan0 = { + interfaces."${netifAltVlan}" = { ipv4.addresses = [{ address = "103.206.98.200"; prefixLength = 29; @@ -264,7 +266,7 @@ in id = "fqdn:igw0.hkg.as150788.net"; pubkeys = [ "/etc/swanctl/pubkey/igw0.hkg.as150788.net" ]; }; - children.alt0 = { + children."${netifAlt}" = { mode = "transport"; ah_proposals = [ "sha256-curve25519" ]; remote_ts = [ "103.206.98.1[gre]" ]; @@ -274,8 +276,8 @@ in }; # prevent race condition similar to https://github.com/NixOS/nixpkgs/issues/27070 systemd.services.strongswan-swanctl = { - after = [ "network-addresses-alt0.service" ]; - requires = [ "network-addresses-alt0.service" ]; + after = [ "network-addresses-${netifAlt}.service" ]; + requires = [ "network-addresses-${netifAlt}.service" ]; }; systemd.services.network-custom-route-backup = {