From d18e86f981952767ddeb4e86d535a09f852e0138 Mon Sep 17 00:00:00 2001 From: oddlama Date: Mon, 29 May 2023 02:13:35 +0200 Subject: [PATCH] chore: use auto-ip for microvms, change ipv6 address scheme --- hosts/ward/default.nix | 2 +- hosts/zackbiene/net.nix | 2 +- modules/hostapd.nix | 2 +- modules/microvms.nix | 4 +--- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix index a0c5c48..a3e7822 100644 --- a/hosts/ward/default.nix +++ b/hosts/ward/default.nix @@ -28,7 +28,7 @@ in { extra.wireguard.proxy-sentinel.server = { host = "TODO REMOVE"; port = 51443; - reservedAddresses = ["10.0.43.0/24" "fd43::/120"]; + reservedAddresses = ["10.43.0.0/24" "fd00:43::/120"]; openFirewallRules = ["untrusted-to-local"]; }; diff --git a/hosts/zackbiene/net.nix b/hosts/zackbiene/net.nix index 5a630cc..57d888f 100644 --- a/hosts/zackbiene/net.nix +++ b/hosts/zackbiene/net.nix @@ -6,7 +6,7 @@ inherit (config.lib.net) cidr; iotCidrv4 = "10.90.0.0/24"; - iotCidrv6 = "fd90::/64"; + iotCidrv6 = "fd00:90::/64"; in { networking.hostId = config.repo.secrets.local.networking.hostId; diff --git a/modules/hostapd.nix b/modules/hostapd.nix index ecbba09..fc5c98c 100644 --- a/modules/hostapd.nix +++ b/modules/hostapd.nix @@ -706,7 +706,7 @@ in { }; macAcl = mkOption { - default = "allow"; + default = "deny"; type = types.enum ["deny" "allow" "radius"]; apply = x: getAttr x { diff --git a/modules/microvms.nix b/modules/microvms.nix index b9a1104..cc76036 100644 --- a/modules/microvms.nix +++ b/modules/microvms.nix @@ -201,8 +201,6 @@ openFirewallRules = ["untrusted-to-local"]; }; linkName = "local-vms"; - ipv4 = net.cidr.host vmCfg.id cfg.networking.wireguard.cidrv4; - ipv6 = net.cidr.host vmCfg.id cfg.networking.wireguard.cidrv6; }; }; }; @@ -246,7 +244,7 @@ in { cidrv6 = mkOption { type = net.types.cidrv6; description = mdDoc "The ipv6 network address range to use for internal vm traffic."; - default = "fddd::/64"; + default = "fd00:172:31::/120"; }; port = mkOption {