about summary refs log tree commit diff
path: root/users/sterni/machines/ingeborg/network.nix
blob: 2e8731389daefb5b2df74557105fc7cf9ef0e93a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
{ config, pkgs, lib, depot, ... }:

let
  ipv6 = "2a01:4f9:2a:1bc6::/64";

  ipv4 = "95.216.27.158";
  gatewayv4 = "95.216.27.129";
  netmaskv4 = "255.255.255.192";
in

{
  config = {
    boot = {
      kernelParams = [
        "ip=${ipv4}::${gatewayv4}:${netmaskv4}::eth0:none"
      ];

      initrd.network = {
        enable = true;
        ssh = {
          # ssh_config:
          # Host ingeborg-unlock
          #     User root
          #     HostName ingeborg.sterni.lv
          #     AddressFamily inet # kernel commandline only gives ipv4
          #     Port 22
          #     UserKnownHostsFile /home/lukas/.ssh/initrd_known_hosts
          enable = true;
          authorizedKeys = depot.users.sterni.keys.all;
          hostKeys = [
            "/etc/nixos/unlock_rsa_key_openssh"
            "/etc/nixos/unlock_ed25519_key_openssh"
          ];
        };
        postCommands = ''
          echo 'cryptsetup-askpass' >> /root/.profile
        '';
      };
    };

    networking = {
      usePredictableInterfaceNames = false;
      useDHCP = false;
      interfaces."eth0".useDHCP = false;

      hostName = "ingeborg";

      firewall = {
        enable = true;
        allowPing = true;
        allowedTCPPorts = [ 22 ];
      };
    };

    systemd.network = {
      enable = true;
      networks."eth0".extraConfig = ''
        [Match]
        Name = eth0

        [Network]
        Address = ${ipv6}
        Gateway = fe80::1
        Address = ${ipv4}/27
        Gateway = ${gatewayv4}
      '';
    };
  };
}