chore: use auto-ip for microvms, change ipv6 address scheme

2023-05-29 02:13:35 +02:00 · 2023-05-29 02:13:35 +02:00 · d18e86f981
commit d18e86f981
parent c789e2de36
4 changed files with 4 additions and 6 deletions
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@ -28,7 +28,7 @@ in {
  extra.wireguard.proxy-sentinel.server = {
    host = "TODO REMOVE";
    port = 51443;
-    reservedAddresses = ["10.0.43.0/24" "fd43::/120"];
+    reservedAddresses = ["10.43.0.0/24" "fd00:43::/120"];
    openFirewallRules = ["untrusted-to-local"];
  };

--- a/hosts/zackbiene/net.nix
+++ b/hosts/zackbiene/net.nix
@ -6,7 +6,7 @@
  inherit (config.lib.net) cidr;

  iotCidrv4 = "10.90.0.0/24";
-  iotCidrv6 = "fd90::/64";
+  iotCidrv6 = "fd00:90::/64";
 in {
  networking.hostId = config.repo.secrets.local.networking.hostId;

--- a/modules/hostapd.nix
+++ b/modules/hostapd.nix
@ -706,7 +706,7 @@ in {
                  };

                  macAcl = mkOption {
-                    default = "allow";
+                    default = "deny";
                    type = types.enum ["deny" "allow" "radius"];
                    apply = x:
                      getAttr x {
--- a/modules/microvms.nix
+++ b/modules/microvms.nix
@ -201,8 +201,6 @@
            openFirewallRules = ["untrusted-to-local"];
          };
          linkName = "local-vms";
-          ipv4 = net.cidr.host vmCfg.id cfg.networking.wireguard.cidrv4;
-          ipv6 = net.cidr.host vmCfg.id cfg.networking.wireguard.cidrv6;
        };
      };
    };
@ -246,7 +244,7 @@ in {
        cidrv6 = mkOption {
          type = net.types.cidrv6;
          description = mdDoc "The ipv6 network address range to use for internal vm traffic.";
-          default = "fddd::/64";
+          default = "fd00:172:31::/120";
        };

        port = mkOption {