Merge branch 'feature/kunsi-ipv6-only-vlan'

2024-02-26 06:04:58 +01:00 · 2024-02-26 06:04:58 +01:00 · decbcf9bfd
parent 7c9bb42c03 304ce8aa54
commit decbcf9bfd
3 changed files with 27 additions and 3 deletions
--- a/nodes/home.hass.toml
+++ b/nodes/home.hass.toml
@ -6,7 +6,10 @@ bundles = [
 groups = ["debian-bookworm"]

 [metadata.interfaces.enp1s0]
-ips = ["172.19.138.25/24"]
+ips = [
+    "172.19.138.25/24",
+    "fd90:2017:0:1138::25/64",
+]
 gateway4 = "172.19.138.1"
 ipv6_accept_ra = true

--- a/nodes/home/nas.py
+++ b/nodes/home/nas.py
@ -25,6 +25,7 @@ nodes['home.nas'] = {
            'br1138': {
                'ips': {
                    '172.19.138.20/24',
+                    'fd90:2017:0:1138::20/64',
                },
                'gateway4': '172.19.138.1',
                'ipv6_accept_ra': True,
--- a/nodes/home/router.py
+++ b/nodes/home/router.py
@ -19,6 +19,7 @@ nodes['home.router'] = {
            'enp1s0.1138': {
                'ips': {
                    '172.19.138.1/24',
+                    'fd90:2017:0:1138::1/64',
                },
            },
            'enp1s0.1139': {
@ -26,6 +27,11 @@ nodes['home.router'] = {
                    '172.19.139.1/24',
                },
            },
+            'enp1s0.2000': {
+                'ips': {
+                    'fd90:2017:0:2000::1/64',
+                },
+            },
        },
        'backups': {
            'exclude_from_backups': True,
@ -80,6 +86,8 @@ nodes['home.router'] = {
            'forward': {
                '50-router': [
                    'ct state { related, established } accept',
+                    'iifname enp1s0.1138 accept',
+                    'iifname enp1s0.2000 accept',
                    'ip6 nexthdr ipv6-icmp accept',
                    'tcp dport 22 accept',
                ],
@ -94,6 +102,7 @@ nodes['home.router'] = {
            'restrict-to': {
                '172.19.136.0/25',
                '172.19.138.0/24',
+                'fd90:2017::/32',
            },
            'vhosts': {
                'vnstat': {
@ -104,13 +113,23 @@ nodes['home.router'] = {
        },
        'radvd': {
            'interfaces': {
-                'enp1s0.1138': {},
+                'enp1s0.1138': {
+                    'rdnss': {
+                        'fd90:2017:0:1138::1',
+                    },
+                },
                'enp1s0.1139': {},
+                'enp1s0.2000': {
+                    'rdnss': {
+                        'fd90:2017:0:2000::1',
+                    },
+                },
            },
        },
        'postfix': {
            'mynetworks': {
                '172.19.138.0/24',
+                'fd90:2017::/32',
            },
        },
        'pppd': {
@ -124,13 +143,13 @@ nodes['home.router'] = {
                'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
            },
            'nftables-rules.d': {
-                'inet filter forward iifname enp1s0.1138 accept',
                'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept',
            },
        },
        'unbound': {
            'restrict-to': {
                '172.19.138.0/23',
+                'fd90:2017::/32',
            },
        },
        'users': {
@ -152,6 +171,7 @@ nodes['home.router'] = {
            'targets': {
                'enp1s0.1138': '1',
                'enp1s0.1139': '2',
+                'enp1s0.2000': '3',
            },
        },
        'wireguard': {