jorah: fix dual networking setup

2024-04-13 15:23:04 +01:00 · 2024-04-13 15:23:04 +01:00 · b4a33bb6b2
commit b4a33bb6b2
parent 8cee990f54
3 changed files with 19 additions and 19 deletions
--- a/hosts/jorah.cx.ts.hillion.co.uk/default.nix
+++ b/hosts/jorah.cx.ts.hillion.co.uk/default.nix
@ -34,15 +34,22 @@
    };

    ## Networking
-    systemd.network = {
-      enable = true;
-      networks."enp5s0".extraConfig = ''
-        [Match]
-        Name = enp5s0
-        [Network]
-        Address = 2a01:4f9:4b:3953::2/64
-        Gateway = fe80::1
-      '';
+    networking = {
+      useDHCP = false;
+      interfaces = {
+        enp5s0 = {
+          name = "eth0";
+          useDHCP = true;
+          ipv6.addresses = [{
+            address = "2a01:4f9:4b:3953::2";
+            prefixLength = 64;
+          }];
+        };
+      };
+      defaultGateway6 = {
+        address = "fe80::1";
+        interface = "eth0";
+      };
    };

    networking.firewall = {
@ -53,7 +60,7 @@
      ];
      allowedUDPPorts = lib.mkForce [ ];
      interfaces = {
-        enp5s0 = {
+        eth0 = {
          allowedTCPPorts = lib.mkForce [
            80 # HTTP 1-2
            443 # HTTPS 1-2
--- a/hosts/jorah.cx.ts.hillion.co.uk/hardware-configuration.nix
+++ b/hosts/jorah.cx.ts.hillion.co.uk/hardware-configuration.nix
@ -43,13 +43,6 @@

  swapDevices = [ ];

-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
-
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@ -103,8 +103,8 @@ in
    };
    networking.firewall.extraCommands = ''
      # proxy all traffic on public interface to the gitea SSH server
-      iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
-      ip6tables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
+      iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
+      ip6tables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}

      # proxy locally originating outgoing packets
      iptables -A OUTPUT -d 95.217.229.104 -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}