feat: hm

Signed-off-by: Anthony Rabbito <[email protected]>
anthr76 · Apr 30, 2024 · c92c7c4 · c92c7c4
1 parent 4812ab4
commit c92c7c4
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 16 deletions.
diff --git a/flake.nix b/flake.nix
@@ -113,6 +113,11 @@
           extraSpecialArgs = { inherit inputs outputs; };
           modules = [ ./home-manager/hosts/nicoles-mbp.nwk3.rabbito.tech.nix ];
         };
+        "[email protected]" = lib.homeManagerConfiguration {
+          pkgs = pkgsFor.x86_64-linux;
+          extraSpecialArgs = { inherit inputs outputs; };
+          modules = [ ./home-manager/hosts/fw1.nwk3.rabbito.tech.nix ];
+        };
       };
       darwinConfigurations = {
         "nicoles-mbp" = nix-darwin.lib.darwinSystem {

diff --git a/home-manager/hosts/fw1.nwk3.rabbito.tech.nix b/home-manager/hosts/fw1.nwk3.rabbito.tech.nix
@@ -0,0 +1,4 @@
+{
+  imports = [ ../users/anthony ../users/anthony/linux.nix ];
+
+}
diff --git a/nixos/hosts/fw1.nwk3.rabbito.tech/default.nix b/nixos/hosts/fw1.nwk3.rabbito.tech/default.nix
@@ -32,6 +32,9 @@
     vlan100 = { ipv4 = { addresses = [{ address = "192.168.14.1"; prefixLength = 24; }]; }; };
     vlan101 = { ipv4 = { addresses = [{ address = "192.168.13.1"; prefixLength = 24; }]; }; };
   };
+  services.tailscale.extraUpFlags = [
+    "--advertise-routes=192.168.14.0/24,10.40.99.0/24,192.168.13.0/24"
+  ];
   services.kea.dhcp4 = {
     settings = {
       interfaces-config = {

diff --git a/nixos/personalities/server/router.nix b/nixos/personalities/server/router.nix
@@ -13,12 +13,12 @@
         "net.ipv4.conf.all.forwarding" = true;
         "net.ipv6.conf.all.forwarding" = true;
         # TODO: Configure IPV6
-        # "net.ipv6.conf.wan.disable_ipv6" = true;
-        "net.ipv6.conf.all.accept_ra" = 0;
-        "net.ipv6.conf.all.autoconf" = 0;
-        "net.ipv6.conf.all.use_tempaddr" = 0;
-        "net.ipv6.conf.wan.accept_ra" = 2;
-        "net.ipv6.conf.wan.autoconf" = 1;
+        "net.ipv6.conf.wan.disable_ipv6" = true;
+        # "net.ipv6.conf.all.accept_ra" = 0;
+        # "net.ipv6.conf.all.autoconf" = 0;
+        # "net.ipv6.conf.all.use_tempaddr" = 0;
+        # "net.ipv6.conf.wan.accept_ra" = 2;
+        # "net.ipv6.conf.wan.autoconf" = 1;
         "net.core.default_qdisc" = "fq";
         "net.ipv4.tcp_congestion_control" = "bbr";
       };
@@ -62,8 +62,6 @@
           22
         ];
         allowedUDPPorts = [
-          # Wireguard
-          51820
         ];
       };
     };
@@ -86,8 +84,9 @@
     # https://github.com/NixOS/nixpkgs/issues/307750
     package = pkgs.coredns-snowflake;
   };
+  # TODO: IPV6
   services.radvd = {
-    enable = true;
+    enable = false;
     config = ''
       interface vlan100 {
           IgnoreIfMissing on;
@@ -111,4 +110,15 @@
 
     '';
   };
+  services.avahi = {
+    enable = true;
+    hostName = "${config.networking.hostName}";
+    interfaces = [ "vlan100" ];
+    publish = {
+      enable = true;
+      addresses = true;
+      domain = true;
+      userServices = true;
+    };
+  };
 }
diff --git a/nixos/personalities/server/tailscale.nix b/nixos/personalities/server/tailscale.nix
@@ -1,17 +1,14 @@
 { config, ... }:
-let tailScalePort = 41641;
-in {
+{
   sops.secrets = {
     tailscale-auth-key = { sopsFile = ../../../secrets/users.yaml; };
   };
-  networking.firewall.allowedUDPPorts = [ tailScalePort ];
-  networking.firewall.trustedInterfaces = [ "tailscale0" ];
   services.tailscale = {
-    # package = pkgs.unstable.tailscale;
-    # useRoutingFeatures = "server";
+    useRoutingFeatures = "both";
     extraUpFlags = [ "--accept-routes" "--reset" ];
+    openFirewall = true;
     enable = true;
-    port = tailScalePort;
+    port = 41641;
     authKeyFile = config.sops.secrets.tailscale-auth-key.path;
   };
 }