feat: add new host envoy for mail, switch disko to partlabel

2025-10-11 07:10:39 +02:00 · 2024-04-07 21:59:54 +02:00 · 2024-04-07 21:59:54 +02:00 · 289fcdd197
commit 289fcdd197
parent 303fbd5595
45 changed files with 302 additions and 154 deletions
--- a/hosts/envoy/net.nix
+++ b/hosts/envoy/net.nix
@ -0,0 +1,38 @@
+{config, ...}: {
+  networking.hostId = config.repo.secrets.local.networking.hostId;
+  networking.domain = config.repo.secrets.global.domains.me;
+
+  boot.initrd.systemd.network = {
+    enable = true;
+    networks = {inherit (config.systemd.network.networks) "10-wan";};
+  };
+
+  systemd.network.networks = {
+    "10-wan" = let
+      icfg = config.repo.secrets.local.networking.interfaces.wan;
+    in {
+      address = [
+        icfg.hostCidrv4
+        icfg.hostCidrv6
+      ];
+      gateway = ["fe80::1"];
+      routes = [
+        {routeConfig = {Destination = "172.31.1.1";};}
+        {
+          routeConfig = {
+            Gateway = "172.31.1.1";
+            GatewayOnLink = true;
+          };
+        }
+      ];
+      matchConfig.MACAddress = icfg.mac;
+      networkConfig.IPv6PrivacyExtensions = "yes";
+      linkConfig.RequiredForOnline = "routable";
+    };
+  };
+
+  networking.nftables.firewall.zones.untrusted.interfaces = ["wan"];
+
+  # Allow accessing influx
+  wireguard.proxy-sentinel.client.via = "sentinel";
+}