diff --git a/hosts/ni/default.nix b/hosts/ni/default.nix index b9f3ea76..367b8f05 100644 --- a/hosts/ni/default.nix +++ b/hosts/ni/default.nix @@ -9,8 +9,8 @@ let wireguardPeers; wireguardAllowedIPs = [ - "${interfaces.internal.IPv4.address}/16" - "${interfaces.internal.IPv6.address}/64" + "${interfaces.lan.IPv4.address}/16" + "${interfaces.lan.IPv6.address}/64" ]; wireguardIFName = "wireguard0"; in @@ -248,7 +248,7 @@ in { privateKeyFile = config.sops.secrets."ni/wireguard/private-key".path; listenPort = wireguardPort; - dns = with interfaces.internal; [ IPv4.address IPv6.address ]; + dns = with interfaces.lan; [ IPv4.address IPv6.address ]; postUp = let resolvectl = "${lib.getBin pkgs.systemd}/bin/resolvectl"; @@ -269,7 +269,7 @@ in publicKey = lib.removeSuffix "\n" (lib.readFile ../plover/files/wireguard/wireguard-public-key-plover); presharedKeyFile = config.sops.secrets."ni/wireguard/preshared-keys/plover".path; allowedIPs = wireguardAllowedIPs; - endpoint = "${interfaces.main'.IPv4.address}:${toString wireguardPort}"; + endpoint = "${interfaces.wan.IPv4.address}:${toString wireguardPort}"; persistentKeepalive = 25; } diff --git a/hosts/plover/modules/hardware/hetzner-cloud-cx21.nix b/hosts/plover/modules/hardware/hetzner-cloud-cx21.nix index 2bdbf758..a94ef303 100644 --- a/hosts/plover/modules/hardware/hetzner-cloud-cx21.nix +++ b/hosts/plover/modules/hardware/hetzner-cloud-cx21.nix @@ -62,12 +62,12 @@ in # https://discourse.nixos.org/t/nixos-on-hetzner-cloud-servers-ipv6/221/ systemd.network = { enable = true; - wait-online.ignoredInterfaces = [ "lo" interfaces.internal.ifname ]; + wait-online.ignoredInterfaces = [ "lo" interfaces.lan.ifname ]; # For more information, you can look at Hetzner documentation from # https://docs.hetzner.com/robot/dedicated-server/ip/additional-ip-adresses/ networks = { - "10-wan" = with interfaces.main'; { + "10-wan" = with interfaces.wan; { matchConfig.Name = lib.concatStringsSep " " mainEthernetInterfaceNames; # Setting up IPv6. @@ -96,7 +96,7 @@ in }; # The interface for our LAN. - "20-lan" = with interfaces.internal; { + "20-lan" = with interfaces.lan; { matchConfig.Name = lib.concatStringsSep " " internalEthernetInterfaceNames; # Take note of the private subnets set in your Hetzner Cloud instance diff --git a/hosts/plover/modules/hardware/networks.nix b/hosts/plover/modules/hardware/networks.nix index 40c614de..f6393471 100644 --- a/hosts/plover/modules/hardware/networks.nix +++ b/hosts/plover/modules/hardware/networks.nix @@ -30,7 +30,7 @@ rec { { # This is the public-facing interface. Any interface name with a prime # symbol means it's a public-facing interface. - main' = { + wan = { ifname = "ens3"; # The gateways for the public addresses are retrieved from the following # pages: @@ -47,7 +47,7 @@ rec { }; }; - internal = { + lan = { ifname = "ens10"; IPv4 = { address = "172.27.0.1"; diff --git a/hosts/plover/modules/services/atuin.nix b/hosts/plover/modules/services/atuin.nix index f4ee8805..35c892eb 100644 --- a/hosts/plover/modules/services/atuin.nix +++ b/hosts/plover/modules/services/atuin.nix @@ -7,7 +7,7 @@ let inherit (import ../hardware/networks.nix) interfaces; atuinInternalDomain = "atuin.${config.networking.fqdn}"; - host = interfaces.internal.IPv4.address; + host = interfaces.lan.IPv4.address; in { # Atuin sync server because why not. diff --git a/hosts/plover/modules/services/coredns.nix b/hosts/plover/modules/services/coredns.nix index 2871483a..8167b5c5 100644 --- a/hosts/plover/modules/services/coredns.nix +++ b/hosts/plover/modules/services/coredns.nix @@ -9,9 +9,9 @@ let inherit (import ../hardware/networks.nix) privateIPv6Prefix interfaces clientNetworks serverNetworks secondaryNameServers wireguardPeers; domainZoneFile = pkgs.substituteAll { - ploverPublicIPv4 = interfaces.main'.IPv4.address; - ploverPublicIPv6 = interfaces.main'.IPv6.address; src = ../../config/dns/${domain}.zone; + ploverWANIPv4 = interfaces.wan.IPv4.address; + ploverWANIPv6 = interfaces.wan.IPv6.address; }; # The final location of the thing. @@ -43,12 +43,12 @@ let "${privateIPv6Prefix}::/48" # Private uses ]; - mainIP = with interfaces.main'; [ + mainIP = with interfaces.wan; [ IPv4.address IPv6.address ]; - internalIP = with interfaces.internal; [ + internalIP = with interfaces.lan; [ IPv4.address IPv6.address ]; @@ -105,7 +105,7 @@ in config = '' # The LAN. ${fqdn} { - bind ${interfaces.internal.ifname} + bind ${interfaces.lan.ifname} acl { # Hetzner doesn't support DNSSEC yet though. block type DS SIG RRSIG TA TSIG PTR DLV DNSKEY KEY NSEC NSEC3 @@ -116,11 +116,11 @@ in } template IN A { - answer "{{ .Name }} IN 60 A ${interfaces.internal.IPv4.address}" + answer "{{ .Name }} IN 60 A ${interfaces.lan.IPv4.address}" } template IN AAAA { - answer "{{ .Name }} IN 60 AAAA ${interfaces.internal.IPv6.address}" + answer "{{ .Name }} IN 60 AAAA ${interfaces.lan.IPv6.address}" } } diff --git a/hosts/plover/modules/services/wireguard.nix b/hosts/plover/modules/services/wireguard.nix index 26819823..634445e3 100644 --- a/hosts/plover/modules/services/wireguard.nix +++ b/hosts/plover/modules/services/wireguard.nix @@ -8,7 +8,7 @@ let inherit (import ../hardware/networks.nix) interfaces wireguardPort wireguardPeers; wireguardIFName = interfaces.wireguard0.ifname; - lanIFName = interfaces.internal.ifname; + lanIFName = interfaces.lan.ifname; desktopPeerAddresses = with wireguardPeers.desktop; [ "${IPv4}/32" "${IPv6}/128" ]; phonePeerAddresses = with wireguardPeers.phone; [ "${IPv4}/32" "${IPv6}/128" ]; @@ -36,7 +36,7 @@ in chain postrouting { type nat hook postrouting priority srcnat; policy accept; - iifname ${wireguardIFName} snat to ip ${interfaces.internal.IPv4.address} comment "Make packets from Wireguard interface appear as coming from the LAN interface" + iifname ${wireguardIFName} snat to ip ${interfaces.lan.IPv4.address} comment "Make packets from Wireguard interface appear as coming from the LAN interface" } } '';