{ systemd.network = { config.routeTables = { he = 100; }; networks = { "10-ens18" = { name = "ens18"; networkConfig = { Description = "ENS uplink"; Address = [ "129.199.146.230/24" ]; Gateway = "129.199.146.254"; LLDP = true; # Only to the switch we are connected to directly, e.g. the hypervisor or the switch. EmitLLDP = "nearest-bridge"; Tunnel = [ "gre-mwan" "sit-he" ]; }; }; "10-ens19" = { name = "ens19"; networkConfig = { Description = "Lan bridge"; }; vlan = [ "vlan-nat" "vlan-he" ]; }; "50-tun-he" = { name = "sit-he"; networkConfig = { Description = "HE.NET IPv6 Tunnel (gdd)"; Address = [ "2001:470:1f12:187::2/64" ]; ConfigureWithoutCarrier = true; }; routes = [ { routeConfig = { Destination = "::/0"; Table = "he"; Scope = "global"; }; } { # Use HE tunnel for router trafic as well routeConfig = { Destination = "::/0"; Scope = "global"; }; } ]; routingPolicyRules = [ { routingPolicyRuleConfig = { From = "2001:470:1f13:187::/64"; Table = "he"; }; } ]; }; "50-tun-mwan" = { name = "gre-mwan"; networkConfig = { Description = "Tunnel de livraison GRE IPv4/IPv6 de MilkyWAN"; Address = [ "10.1.1.50/30" "2a0b:cbc0:1::216/126" ]; ConfigureWithoutCarrier = true; }; }; "60-vlan-nat" = { name = "vlan-nat"; networkConfig = { Description = "Nat IPv4 vers renater"; Address = [ "10.3.161.1/24" ]; DHCPServer = true; }; dhcpServerConfig = { PoolOffset = 50; }; }; "60-vlan-he" = { name = "vlan-he"; networkConfig = { Description = "HE DMZ VLAN"; Address = [ "2001:470:1f13:187::1/64" ]; IPv6SendRA = "yes"; }; ipv6Prefixes = [ { ipv6PrefixConfig = { Prefix = "2001:470:1f13:187::0/64"; }; } ]; routes = [ { routeConfig = { Table = "he"; Scope = "global"; Destination = "2001:470:1f13:187::/64"; }; } ]; routingPolicyRules = [ { routingPolicyRuleConfig = { To = "2001:470:1f13:187::/64"; Table = "he"; }; } ]; }; }; netdevs = { "50-tun-he" = { netdevConfig = { Kind = "sit"; Name = "sit-he"; }; tunnelConfig = { Local = "129.199.146.230"; Remote = "216.66.84.42"; }; }; "50-tun-mwan" = { netdevConfig = { Kind = "gre"; Name = "gre-mwan"; MTUBytes = "1480"; }; tunnelConfig = { Local = "129.199.146.230"; Remote = "80.67.167.30"; }; }; "60-vlan-nat" = { netdevConfig = { Kind = "vlan"; Name = "vlan-nat"; }; vlanConfig.Id = 2510; }; "60-vlan-he" = { netdevConfig = { Kind = "vlan"; Name = "vlan-he"; }; vlanConfig.Id = 2530; }; }; }; networking = { nftables = { enable = true; tables.nat = { family = "ip"; content = '' chain postrouting { type nat hook postrouting priority 100; ip saddr 10.3.161.0/24 snat to 129.199.146.230; } ''; }; }; firewall = { allowedUDPPorts = [ 67 ]; extraInputRules = '' ip protocol gre ip saddr 80.67.167.30 accept; ''; }; }; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; "net.ipv6.conf.all.forwarding" = true; }; }