Compare commits

..

No commits in common. "39bb1f8750bebedae434213ef63dc9a10dcb4f35" and "2bdbbafbb00b9955eca80d29ef68e9017e2cd5c0" have entirely different histories.

2 changed files with 3 additions and 20 deletions

View file

@ -510,11 +510,11 @@
]
},
"locked": {
"lastModified": 1720913908,
"narHash": "sha256-AZ0AcL1ze6gS8EmwRpuR04MXCLb/NDLjp9n+Gs4IhFQ=",
"lastModified": 1720021052,
"narHash": "sha256-tu8IQn8Kj7S0xRg0L2ej7S65FzXqSX7LI7M2pbLdQJU=",
"owner": "chayleaf",
"repo": "nixos-router",
"rev": "38088dc1745350db709e9f2cf777979b5217f671",
"rev": "4c132c4c5fc09b3c3317b960ec1533c4a5ebe41f",
"type": "github"
},
"original": {

View file

@ -718,10 +718,6 @@ in {
];
};
router.networkNamespaces.wan = {
sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
};
# this is the even more boring nftables config
nftables.jsonRules = let
wans = [ "wan" ] ++ lib.optional (cfg.vpn.tunnel.mode == "sit") "sittun0";
@ -792,19 +788,6 @@ in {
interfaceNamespace = "init";
});
# see https://pavluk.org/blog/2022/01/26/nixos_router.html
# (ipv6 doesn't work without this, for whatever reason)
systemd.services.ping-ipv6 = {
after = [ "network.target" "netns-wan.service" ];
wants = [ "netns-wan.service" ];
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = "${pkgs.iputils}/bin/ping -q ${netAddresses.netnsWan6}";
Restart = "on-failure";
RestartSec = "30s";
};
};
systemd.services.vpn-tunnel = lib.mkIf (cfg.vpn.tunnel.mode == "ssh") {
description = "VPN Tunnel";
wantedBy = [