System/ThinkNix: Enable IPv6 networking

2026-01-24 01:32:31 +01:00
parent eac705bdfb
commit ca9e66bc35
1 changed files with 57 additions and 7 deletions
--- a/system/thinknix/default.nix
+++ b/system/thinknix/default.nix
@ -28,7 +28,17 @@
      {
        name = "behind-nginx";
        disable_masquerade = false;
-        ipv6.enable = false;
+
+        ipv6.enable = true;
+        # ipv6.gateway = "fd00::5";
+
+        # We have to put an actual prefix from the ISP here.
+        # OPNSense: Interfaces > Overview > WAN > Details > Dynamic IPv6 Prefix Received.
+        # With /64, we don't have a prefix to spare for docker.
+        # Glasfaser Ruhr gives us /62, meaning 4 prefixes.
+        # The first one is used for the main LAN, so use the second one for docker.
+        # This also requires a route in OPNSense that specifies ThinkNix as the gateway to this subnet.
+        ipv6.subnet = "2001:7d8:8023:a009::/64";
      }
    ];

@ -36,12 +46,52 @@
      useNetworkManager = false;

      networks = {
-        "10-ether-1G" = mylib.networking.mkStaticSystemdNetwork {
-          interface = "ens18";
-          ips = ["192.168.86.26/24"];
-          routers = ["192.168.86.5"];
-          nameservers = ["8.8.8.8"]; # NOTE: Use reliable DNS for servers instead of 127.0.0.1
-          routable = true;
+        # "10-ether-1G" = mylib.networking.mkStaticSystemdNetwork {
+        #   interface = "ens18";
+        #   ips = ["192.168.86.26/24" "fd00::1a/64"];
+        #   routers = ["192.168.86.5" "fd00::5"];
+        #   nameservers = ["8.8.8.8" "2001:4860:4860::8888"]; # NOTE: Use reliable DNS for servers instead of 127.0.0.1
+        #   routable = true;
+        # };
+
+        # TODO: mylib.networking.mkStaticSystemdNetwork needs improvement to accomodate for this
+        "10-ether-1G" = rec {
+          enable = true;
+
+          # See man systemd.link, man systemd.netdev, man systemd.network
+          matchConfig = {
+            # This corresponds to the [MATCH] section
+            Name = "ens18"; # Match ethernet interface
+          };
+
+          # Static IP + DNS + Gateway
+          address = ["192.168.86.26/24"];
+          gateway = ["192.168.86.5"]; # Don't add "fd00::5", rely on router advertisement instead
+          dns = ["8.8.8.8" "8.8.4.4" "2001:4860:4860::8888" "2001:4860:4860::8844"];
+          routes = builtins.map (r: {Gateway = r;}) gateway;
+
+          # See man systemd.network
+          networkConfig = {
+            # This corresponds to the [NETWORK] section
+            DHCP = "no";
+
+            IPv6AcceptRA = "yes"; # Accept Router Advertisements
+            # MulticastDNS = "no";
+            # LLMNR = "no";
+            # LinkLocalAddressing = "ipv6";
+          };
+
+          addresses = [
+            {
+              # Don't add this to address, we don't want to create any routes with this
+              Address = "fd00::1a/64"; # IPv6 Unique-Local Address (ULA)
+            }
+          ];
+
+          linkConfig = {
+            # This corresponds to the [LINK] section
+            RequiredForOnline = "routable";
+          };
        };
      };