From c3a30aababfc81f1f63253636e7dde38a0b1c204 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sat, 15 Oct 2022 10:38:48 +0200 Subject: Switch to systemd-networkd --- nix/deuxfleurs.nix | 52 +++++++++++++++++++++++++++------------------------- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index b910a79..82111ed 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -133,36 +133,38 @@ in }) cfg.admin_accounts; # Configure network interfaces - networking.interfaces = - let ip4config = { - useDHCP = false; - ipv4.addresses = [ - { - address = cfg.lan_ip; - prefixLength = cfg.lan_ip_prefix_length; - } - ]; + networking.useDHCP = false; + networking.useNetworkd = true; + systemd.network.networks = { + "10-uplink" = { + matchConfig = { + # We could preprend "en* eth*" to match all ethernet interfaces + Name = "${cfg.network_interface}"; }; - ip6config = { - tempAddress = "disabled"; - ipv6.addresses = [ + networkConfig = { + IPv6AcceptRA = false; + LinkLocalAddressing = "no"; + }; + address = [ + "${cfg.lan_ip}/${toString cfg.lan_ip_prefix_length}" + "${cfg.ipv6}/${toString cfg.ipv6_prefix_length}" + ]; + routes = [ { - address = cfg.ipv6; - prefixLength = cfg.ipv6_prefix_length; + routeConfig = { + Gateway = cfg.lan_default_gateway; + # GatewayOnLink - Takes a boolean. If set to true, the kernel does not have to check if the gateway is reachable directly by the current machine (i.e., attached to the local network), so that we can insert the route in the kernel table without it being complained about. Defaults to "no". + GatewayOnLink = true; + }; + } + { + routeConfig = { + Gateway = cfg.ipv6_default_gateway; + GatewayOnLink = true; + }; } ]; }; - in - (attrsets.setAttrByPath [ cfg.network_interface ] (ip4config // ip6config)); - - networking.defaultGateway = { - address = cfg.lan_default_gateway; - interface = cfg.network_interface; - }; - - networking.defaultGateway6 = { - address = cfg.ipv6_default_gateway; - interface = cfg.network_interface; }; # Configure Unbound DNS to redirect to Consul queries under .consul -- cgit v1.2.3