From b4a33bb6b296fcba1f8db0e5b130969a691bd131 Mon Sep 17 00:00:00 2001
From: Jake Hillion <jake@hillion.co.uk>
Date: Sat, 13 Apr 2024 15:23:04 +0100
Subject: [PATCH] jorah: fix dual networking setup

---
 hosts/jorah.cx.ts.hillion.co.uk/default.nix   | 27 ++++++++++++-------
 .../hardware-configuration.nix                |  7 -----
 modules/services/gitea.nix                    |  4 +--
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/hosts/jorah.cx.ts.hillion.co.uk/default.nix b/hosts/jorah.cx.ts.hillion.co.uk/default.nix
index 0ec6942..1e9149b 100644
--- a/hosts/jorah.cx.ts.hillion.co.uk/default.nix
+++ b/hosts/jorah.cx.ts.hillion.co.uk/default.nix
@@ -34,15 +34,22 @@
     };
 
     ## Networking
-    systemd.network = {
-      enable = true;
-      networks."enp5s0".extraConfig = ''
-        [Match]
-        Name = enp5s0
-        [Network]
-        Address = 2a01:4f9:4b:3953::2/64
-        Gateway = fe80::1
-      '';
+    networking = {
+      useDHCP = false;
+      interfaces = {
+        enp5s0 = {
+          name = "eth0";
+          useDHCP = true;
+          ipv6.addresses = [{
+            address = "2a01:4f9:4b:3953::2";
+            prefixLength = 64;
+          }];
+        };
+      };
+      defaultGateway6 = {
+        address = "fe80::1";
+        interface = "eth0";
+      };
     };
 
     networking.firewall = {
@@ -53,7 +60,7 @@
       ];
       allowedUDPPorts = lib.mkForce [ ];
       interfaces = {
-        enp5s0 = {
+        eth0 = {
           allowedTCPPorts = lib.mkForce [
             80 # HTTP 1-2
             443 # HTTPS 1-2
diff --git a/hosts/jorah.cx.ts.hillion.co.uk/hardware-configuration.nix b/hosts/jorah.cx.ts.hillion.co.uk/hardware-configuration.nix
index 7a6ef15..513e95f 100644
--- a/hosts/jorah.cx.ts.hillion.co.uk/hardware-configuration.nix
+++ b/hosts/jorah.cx.ts.hillion.co.uk/hardware-configuration.nix
@@ -43,13 +43,6 @@
 
   swapDevices = [ ];
 
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
-
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
diff --git a/modules/services/gitea.nix b/modules/services/gitea.nix
index 609bd16..a875861 100644
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@@ -103,8 +103,8 @@ in
     };
     networking.firewall.extraCommands = ''
       # proxy all traffic on public interface to the gitea SSH server
-      iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
-      ip6tables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
+      iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
+      ip6tables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
 
       # proxy locally originating outgoing packets
       iptables -A OUTPUT -d 95.217.229.104 -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}