nixos-config/configs/nixos/plover/modules/hardware/networks.nix

# It just contains a set of network-related variables mainly used for
# network-related services. Make sure to change this every time you migrate to
# a new server.
let
  inherit (builtins) toString;
in
rec {
  # This is expected to be /48 block (i.e., `fc00:b0de:5685::/48`).
  # The thing is generated using a ULA generator.
  privateIPv6Prefix = "fd89:c181:8016";

  # These blocks should be used sparingly with how wide these blocks cover.
  # Plus, they shouldn't be treated as subnets.
  clientNetworks = [
    "172.24.0.0/13"
    "10.128.0.0/9"
    "fd00::/8"
  ];
  serverNetworks = [
    "172.16.0.0/13"
    "10.0.0.0/9"
    "fc00::/8"
  ];

  interfaces =
    let
      ploverInternalNetworkGateway = "172.16.0.1";
      ipv6Gateway = "fe80::1";
    in
    {
      # This is the public-facing interface. Any interface name with a prime
      # symbol means it's a public-facing interface.
      wan = {
        ifname = "ens3";
        # The gateways for the public addresses are retrieved from the following
        # pages:
        #
        # * https://docs.hetzner.com/cloud/networks/faq/#are-any-ip-addresses-reserved
        # * https://docs.hetzner.com/robot/dedicated-server/ip/additional-ip-adresses/#gateway
        IPv4 = {
          address = "65.109.224.213";
          gateway = "172.31.1.1";
        };
        IPv6 = {
          address = "2a01:4f9:c012:607a::1";
          gateway = ipv6Gateway;
        };
      };

      lan = {
        ifname = "ens10";
        IPv4 = {
          address = "172.27.0.1";
          gateway = ploverInternalNetworkGateway;
        };
        IPv6 = {
          address = "${privateIPv6Prefix}::1";
          gateway = ipv6Gateway;
        };
      };

      wireguard0 = {
        ifname = "wireguard0";
        IPv4 = {
          address = "172.28.0.1";
          gateway = ploverInternalNetworkGateway;
        };
        IPv6 = {
          address = "${wireguardIPv6Prefix}::1";
          gateway = ipv6Gateway;
        };
      };
    };

  # Wireguard-related things.
  wireguardPort = 51820;

  # This IPv4 network block should have /13 for the Wireguard network.
  wireguardIPv4Prefix = "172.28.0";

  # This IPv6 network prefix should have /64 for the entire Wireguard network.
  wireguardIPv6Prefix = "${privateIPv6Prefix}:ffff";

  # These are all fixed IP addresses. However, they should be assigned in /16
  # and /64 for IPv4 and IPv6 block respectively.
  wireguardPeers = {
    server = with interfaces.wireguard0; {
      IPv4 = IPv4.address;
      IPv6 = IPv6.address;
    };
    desktop = {
      IPv4 = "${wireguardIPv4Prefix}.2";
      IPv6 = "${wireguardIPv6Prefix}::2";
    };
    phone = {
      IPv4 = "${wireguardIPv4Prefix}.3";
      IPv6 = "${wireguardIPv6Prefix}::3";
    };
  };

  secondaryNameServers = {
    "ns1.first-ns.de." = {
      IPv4 = [ "213.239.242.238" ];
      IPv6 = [ "2a01:4f8:0:a101::a:1" ];
    };
    "robotns2.second-ns.de." = {
      IPv4 = [ "213.133.105.6" ];
      IPv6 = [ "2a01:4f8:d0a:2004::2" ];
    };
    "robotns3.second-ns.com." = {
      IPv4 = [ "193.47.99.3" ];
      IPv6 = [ "2001:67c:192c::add:a3" ];
    };
  };
}
hosts/plover: move into systemd-networkd for network setup 2023-01-16 03:44:21 +00:00			`# It just contains a set of network-related variables mainly used for`
			`# network-related services. Make sure to change this every time you migrate to`
			`# a new server.`
hosts/plover: fix string interpolation 2023-01-20 06:50:27 +00:00			`let`
			`inherit (builtins) toString;`
			`in`
hosts/plover: update networking setup 2023-01-19 12:12:14 +00:00			`rec {`
hosts/plover: update networking blocks 2023-02-22 03:29:43 +00:00			# This is expected to be /48 block (i.e., `fc00:b0de:5685::/48`).
			`# The thing is generated using a ULA generator.`
			`privateIPv6Prefix = "fd89:c181:8016";`
hosts/plover: replace dnsmasq with CoreDNS as DNS server 2023-02-08 10:00:35 +00:00
hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00			`# These blocks should be used sparingly with how wide these blocks cover.`
			`# Plus, they shouldn't be treated as subnets.`
hosts/plover: replace dnsmasq with CoreDNS as DNS server 2023-02-08 10:00:35 +00:00			`clientNetworks = [`
			`"172.24.0.0/13"`
			`"10.128.0.0/9"`
hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00			`"fd00::/8"`
hosts/plover: replace dnsmasq with CoreDNS as DNS server 2023-02-08 10:00:35 +00:00			`];`
			`serverNetworks = [`
			`"172.16.0.0/13"`
			`"10.0.0.0/9"`
hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00			`"fc00::/8"`
hosts/plover: replace dnsmasq with CoreDNS as DNS server 2023-02-08 10:00:35 +00:00			`];`

hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00			`interfaces =`
			`let`
			`ploverInternalNetworkGateway = "172.16.0.1";`
			`ipv6Gateway = "fe80::1";`
			`in`
hosts: revise networking-related variables set 2023-01-25 03:38:45 +00:00			`{`
chore: reformat the codebase 2023-02-09 06:51:22 +00:00			`# This is the public-facing interface. Any interface name with a prime`
			`# symbol means it's a public-facing interface.`
hosts/plover: change network attribute name It is somewhat not great naming at first. 2023-06-22 10:01:19 +00:00			`wan = {`
hosts/plover: improve network metadata 2023-06-11 04:26:02 +00:00			`ifname = "ens3";`
chore: reformat the codebase 2023-02-09 06:51:22 +00:00			`# The gateways for the public addresses are retrieved from the following`
			`# pages:`
			`#`
			`# * https://docs.hetzner.com/cloud/networks/faq/#are-any-ip-addresses-reserved`
			`# * https://docs.hetzner.com/robot/dedicated-server/ip/additional-ip-adresses/#gateway`
			`IPv4 = {`
			`address = "65.109.224.213";`
			`gateway = "172.31.1.1";`
			`};`
			`IPv6 = {`
			`address = "2a01:4f9:c012:607a::1";`
			`gateway = ipv6Gateway;`
			`};`
hosts: revise networking-related variables set 2023-01-25 03:38:45 +00:00			`};`
hosts/plover: update networking setup 2023-01-19 12:12:14 +00:00
hosts/plover: change network attribute name It is somewhat not great naming at first. 2023-06-22 10:01:19 +00:00			`lan = {`
hosts/plover: improve network metadata 2023-06-11 04:26:02 +00:00			`ifname = "ens10";`
hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00			`IPv4 = {`
			`address = "172.27.0.1";`
			`gateway = ploverInternalNetworkGateway;`
			`};`
			`IPv6 = {`
hosts/plover: update network metadata 2023-02-14 03:00:57 +00:00			`address = "${privateIPv6Prefix}::1";`
hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00			`gateway = ipv6Gateway;`
			`};`
hosts: revise networking-related variables set 2023-01-25 03:38:45 +00:00			`};`
hosts/plover: move into systemd-networkd for network setup 2023-01-16 03:44:21 +00:00
hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00			`wireguard0 = {`
hosts/plover: improve network metadata 2023-06-11 04:26:02 +00:00			`ifname = "wireguard0";`
hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00			`IPv4 = {`
			`address = "172.28.0.1";`
			`gateway = ploverInternalNetworkGateway;`
			`};`
			`IPv6 = {`
hosts/plover: update network metadata 2023-02-14 03:00:57 +00:00			`address = "${wireguardIPv6Prefix}::1";`
hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00			`gateway = ipv6Gateway;`
			`};`
hosts/plover: add gateway address to networking set 2023-01-29 04:48:56 +00:00			`};`
hosts: simplify networking set and update Wireguard setup Currently, the networking set is very messy. It is better to contain them into another attribute set and categorizing them by the interfaces that is supposed to contain them. I should've done this some time ago. 2023-01-23 09:46:32 +00:00			`};`
hosts/plover: update networking and hardware setup 2023-01-21 10:57:37 +00:00
			`# Wireguard-related things.`
hosts: add Wireguard services to related peers Among other things, Plover now ignores certain IP for fail2ban. This is for the VPN users that are placed in that range. 2023-01-17 08:05:11 +00:00			`wireguardPort = 51820;`
hosts/plover: simply Wireguard configuration code 2023-01-23 05:29:42 +00:00
hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00			`# This IPv4 network block should have /13 for the Wireguard network.`
			`wireguardIPv4Prefix = "172.28.0";`

			`# This IPv6 network prefix should have /64 for the entire Wireguard network.`
hosts/plover: update network metadata 2023-02-14 03:00:57 +00:00			`wireguardIPv6Prefix = "${privateIPv6Prefix}:ffff";`
hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00
			`# These are all fixed IP addresses. However, they should be assigned in /16`
			`# and /64 for IPv4 and IPv6 block respectively.`
hosts/plover: simply Wireguard configuration code 2023-01-23 05:29:42 +00:00			`wireguardPeers = {`
hosts: revise networking-related variables set 2023-01-25 03:38:45 +00:00			`server = with interfaces.wireguard0; {`
			`IPv4 = IPv4.address;`
			`IPv6 = IPv6.address;`
			`};`
hosts/plover: simply Wireguard configuration code 2023-01-23 05:29:42 +00:00			`desktop = {`
hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00			`IPv4 = "${wireguardIPv4Prefix}.2";`
hosts/plover: update network metadata 2023-02-14 03:00:57 +00:00			`IPv6 = "${wireguardIPv6Prefix}::2";`
hosts/plover: simply Wireguard configuration code 2023-01-23 05:29:42 +00:00			`};`
			`phone = {`
hosts/plover: update networking setup 2023-02-09 06:17:59 +00:00			`IPv4 = "${wireguardIPv4Prefix}.3";`
hosts/plover: update network metadata 2023-02-14 03:00:57 +00:00			`IPv6 = "${wireguardIPv6Prefix}::3";`
hosts/plover: simply Wireguard configuration code 2023-01-23 05:29:42 +00:00			`};`
			`};`
hosts/plover: replace dnsmasq with CoreDNS as DNS server 2023-02-08 10:00:35 +00:00
			`secondaryNameServers = {`
			`"ns1.first-ns.de." = {`
			`IPv4 = [ "213.239.242.238" ];`
			`IPv6 = [ "2a01:4f8:0:a101::a:1" ];`
			`};`
			`"robotns2.second-ns.de." = {`
			`IPv4 = [ "213.133.105.6" ];`
			`IPv6 = [ "2a01:4f8:d0a:2004::2" ];`
			`};`
			`"robotns3.second-ns.com." = {`
			`IPv4 = [ "193.47.99.3" ];`
			`IPv6 = [ "2001:67c:192c::add:a3" ];`
			`};`
			`};`
hosts/plover: move into systemd-networkd for network setup 2023-01-16 03:44:21 +00:00			`}`