From 4fb2a9e8e329333b637a9cd7bb4499eda19cc082 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Thu, 13 May 2021 10:14:42 +0000 Subject: [PATCH] swann: tighten up IPv6 config --- ops/nixos/swann/default.nix | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/ops/nixos/swann/default.nix b/ops/nixos/swann/default.nix index 73cc901dae..45b191b38e 100644 --- a/ops/nixos/swann/default.nix +++ b/ops/nixos/swann/default.nix @@ -40,14 +40,17 @@ in { interfaces = { ens-virginmedia = { useDHCP = true; - ipv6.addresses = [ - { address = "2a02:88fd:f:d::2"; prefixLength = 64; } - ]; }; ens-general = { ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 23; } ]; + ipv6.addresses = [ + { address = "2a02:88fd:f:d::2"; prefixLength = 64; } + ]; + ipv6.routes = [ + { address = "2a02:88fd:f:d::"; prefixLength = 64; options.metric = 100; } + ]; }; }; }; @@ -225,9 +228,11 @@ in { enable = true; hosts = [ "8.8.8.8" # Google Public DNS + "2001:4860:4860::8888" "youtube.com" "ads.google.com" "google.com" "1.1.1.1" # Cloudflare DNS + "2606:4700:4700::1111" "twitter.com" @@ -245,11 +250,23 @@ in { # This is cursed. services.ndppd = { enable = true; - proxies.ens-virginmedia.rules."2a02:88fd:f:d::/64" = { - method = "iface"; - interface = "ens-general"; + proxies.ens-virginmedia = { + router = false; + rules."2a02:88fd:f:d::/64" = { + method = "iface"; + interface = "ens-general"; + }; }; }; + networking.dhcpcd.extraConfig = '' + noipv6rs + + interface ens-virginmedia + ipv6rs + iaid 1 + ia_na 2 + ia_pd 3 ens-general/1/64 + ''; services.radvd = { enable = true; config = ''