diff options
| author | Mel <mel@rnrd.eu> | 2026-03-31 22:11:10 +0200 |
|---|---|---|
| committer | Mel <mel@rnrd.eu> | 2026-03-31 22:11:10 +0200 |
| commit | 2780fc65523814564153d92ab2d0f19be4ba0e02 (patch) | |
| tree | 472904f62e920551dbaba896a524e01576b5ced1 /machines | |
| parent | 7d899f695a1d5a448226ed9479c0e4c52454f595 (diff) | |
| download | network-2780fc65523814564153d92ab2d0f19be4ba0e02.tar.zst network-2780fc65523814564153d92ab2d0f19be4ba0e02.zip | |
VLESS/Reality VPN configuration for DPI evasion
Signed-off-by: Mel <mel@rnrd.eu>
Diffstat (limited to 'machines')
| -rw-r--r-- | machines/taupe/default.nix | 17 | ||||
| -rw-r--r-- | machines/taupe/devices.nix | 18 | ||||
| -rw-r--r-- | machines/taureau/default.nix | 14 | ||||
| -rw-r--r-- | machines/truite/default.nix | 4 |
4 files changed, 12 insertions, 41 deletions
diff --git a/machines/taupe/default.nix b/machines/taupe/default.nix index 4f60eab..caa5a83 100644 --- a/machines/taupe/default.nix +++ b/machines/taupe/default.nix @@ -3,7 +3,7 @@ { imports = [ ../../modules/common.nix - ../../modules/vpn.nix + ../../modules/vpn/egress.nix ./hardware.nix ./devices.nix @@ -11,20 +11,13 @@ foundation = { www = { - enable = true; + enable = false; - public = true; - tailnet = true; + public = false; + tailnet = false; }; - monitoring = { - client.enable = true; - services = [ - "base" - ]; - }; - - wireguard.server.externalInterface = "enp1s0"; + monitoring.client.enable = false; }; system.stateVersion = "25.05"; diff --git a/machines/taupe/devices.nix b/machines/taupe/devices.nix index 5dcfee1..a07f794 100644 --- a/machines/taupe/devices.nix +++ b/machines/taupe/devices.nix @@ -3,7 +3,6 @@ { boot = { loader.systemd-boot.enable = true; - kernelModules = [ "wireguard" ]; }; zramSwap = { @@ -21,8 +20,7 @@ ]; }; - # Static IPv6 network configuration - # + soliciting of IPv4 via DHCP. + # static ipv6 + dhcp ipv4 systemd.network.enable = true; systemd.network.networks."10-wan" = { name = "enp1s0"; @@ -34,18 +32,6 @@ services.resolved = { llmnr = "false"; extraConfig = "MulticastDNS=no"; - dnssec = "false"; - }; - - virtualisation.docker.daemon.settings = { - "experimental" = true; - "ipv6" = true; - "ip6tables" = true; - "fixed-cidr-v6" = "fc00:d0c:b1b1::/48"; - "bip" = "172.17.0.1/24"; - "default-address-pools" = [ - { base = "172.17.0.0/16"; size = 24; } - { base = "fc00:d0c::/32"; size = 48; } - ]; + dnssec = "false"; }; } diff --git a/machines/taureau/default.nix b/machines/taureau/default.nix index 38172cf..0f857a0 100644 --- a/machines/taureau/default.nix +++ b/machines/taureau/default.nix @@ -3,7 +3,7 @@ { imports = [ ../../modules/common.nix - ../../modules/vpn.nix + ../../modules/vpn/egress.nix ./hardware.nix ./devices.nix @@ -11,19 +11,13 @@ foundation = { www = { - enable = true; + enable = false; - public = true; + public = false; tailnet = false; }; - monitoring = { - client.enable = true; - services = [ - "base" - "tailnet" - ]; - }; + monitoring.client.enable = false; wireguard.server.externalInterface = "enp6s16"; }; diff --git a/machines/truite/default.nix b/machines/truite/default.nix index f8dbaaa..01f82f5 100644 --- a/machines/truite/default.nix +++ b/machines/truite/default.nix @@ -3,7 +3,7 @@ { imports = [ ../../modules/common.nix - ../../modules/vpn.nix + ../../modules/vpn/ingress.nix ./hardware.nix ./devices.nix @@ -24,8 +24,6 @@ "tailnet" ]; }; - - wireguard.server.externalInterface = "eth0"; }; system.stateVersion = "25.05"; |