{ povSelf, pkgs, lib, config, hostConfig, ... }: let inherit (lib) types; cfg = lib.getAttrFromPath povSelf config; in { option = { type = types.bool; default = false; }; config = lib.mkIf cfg { sops.secrets.wireguardPrivKey = { mode = "640"; owner = "root"; group = "systemd-network"; }; systemd.network = { enable = true; wait-online.enable = false; config.networkConfig = { IPv4Forwarding = true; IPv6Forwarding = true; }; links."5-dtagdsl" = { matchConfig.PermanentMACAddress = "d0:37:45:06:de:de"; linkConfig.Name = "dtagdsl"; }; links."5-iphone" = { matchConfig.PermanentMACAddress = "aa:ab:b5:18:95:d9"; linkConfig.Name = "iphone"; }; netdevs."20-brlan" = { netdevConfig = { Kind = "bridge"; Name = "brlan"; }; }; netdevs."10-wg-novus" = { netdevConfig = { Kind = "wireguard"; Name = "wg-novus"; }; wireguardConfig = { PrivateKeyFile = config.sops.secrets.wireguardPrivKey.path; ListenPort = 51820; FirewallMark = 51820; }; wireguardPeers = [ { Endpoint = "novus.infra.zaphyra.eu:51820"; PublicKey = "J+kRRNU65JGc0yk04v6P3tFwHSQOIfq8EkfD2gFupg4="; AllowedIPs = [ "::/0" ]; PersistentKeepalive = 10; } ]; }; networks = { "5-dtagdsl" = { matchConfig.Name = "dtagdsl"; address = [ "192.168.1.2/24" ]; linkConfig.RequiredForOnline = false; networkConfig.LinkLocalAddressing = false; }; "5-enp1s0" = { matchConfig.Name = "enp1s0"; bridge = [ "brlan" ]; networkConfig.ConfigureWithoutCarrier = true; }; "5-iphone" = { matchConfig.Name = "iphone"; networkConfig.DHCP = true; }; "10-ppp-dtagdsl" = { matchConfig.Type = "ppp"; linkConfig.RequiredForOnline = "routable"; networkConfig = { KeepConfiguration = true; IPv6AcceptRA = true; DHCP = "ipv6"; }; ipv6AcceptRAConfig = { UseDNS = false; }; ipv6SendRAConfig = { Managed = true; }; dhcpV6Config = { WithoutRA = "solicit"; PrefixDelegationHint = "::/56"; IAID = 0; UseDNS = false; }; }; "10-wg-novus" = { matchConfig.Name = "wg-novus"; linkConfig = { RequiredForOnline = false; }; routes = [ { Destination = "::/0"; Table = "1234"; } ]; }; "20-brlan" = { matchConfig = { Name = "brlan"; Driver = "bridge"; }; linkConfig = { RequiredForOnline = "routable"; }; address = [ "${hostConfig.networking.ip4Address}/${toString hostConfig.networking.ip4PrefixLength}" "${hostConfig.networking.ip6Address}/${toString hostConfig.networking.ip6PrefixLength}" ]; routingPolicyRules = [ { From = "2a03:4000:4d:5e:acab::/112"; Table = 254; Priority = 1900; SuppressPrefixLength = 0; } { From = "2a03:4000:4d:5e:acab::/112"; Table = 1234; Priority = 2000; } ]; networkConfig = { ConfigureWithoutCarrier = true; DHCPPrefixDelegation = true; IPv6PrivacyExtensions = false; IPv6AcceptRA = false; IPv6SendRA = true; DHCPServer = true; DNS = hostConfig.networking.ip4Address; }; dhcpPrefixDelegationConfig = { UplinkInterface = "ppp-dtagdsl"; Announce = true; SubnetId = 0; Token = "::1"; }; ipv6SendRAConfig = { RouterLifetimeSec = 1800; EmitDNS = true; DNS = "_link_local"; }; ipv6PREF64Prefixes = [ { Prefix = "64:ff9b::/96"; } ]; dhcpServerConfig = { PersistLeases = true; PoolOffset = 100; PoolSize = 100; EmitDNS = true; DNS = hostConfig.networking.ip4Address; IPv6OnlyPreferredSec = 300; }; dhcpServerStaticLeases = [ { # accesspoint MACAddress = "48:a9:8a:8e:dd:0b"; Address = "10.0.0.2"; } { # pbx MACAddress = "34:31:c4:46:88:31"; Address = "10.0.0.3"; } { # scanner MACAddress = "5c:f3:70:b9:35:9c"; Address = "10.0.0.4"; } { # printer MACAddress = "70:77:81:2a:e7:96"; Address = "10.0.0.5"; } { # nix snowflake (wled) MACAddress = "28:37:2f:6a:e7:14"; Address = "10.0.0.6"; } { # zaphyra x13 MACAddress = "04:CF:4B:76:93:55"; Address = "10.0.0.10"; } ]; }; }; }; }; }