System/Nixinator: Add fallback DNS server

lib/networking.nix

@@ -79,17 +79,18 @@
     };
   };
 
-  # TODO: What other config options are there?
   mkStaticNetworkManagerProfile = {
     id,
     interface,
     ip,
     router,
-    nameserver,
+    nameserver ? "8.8.8.8;8.8.4.4;",
-    autoconnect,
+    autoconnect ? true,
+    priority ? 0,
   }: {
     connection = {
       inherit id autoconnect;
+      autoconnect-priority = "${priority}";
       type = "ethernet";
       interface-name = interface;
     };
@@ -100,5 +101,9 @@
       gateway = router;
       dns = nameserver;
     };
+
+    ipv6 = {
+      method = "disabled";
+    };
   };
 }

system/nixinator/default.nix

@@ -36,22 +36,23 @@
       };
 
       # NetworkManager profiles
+      # Run "nix run github:Janik-Haag/nm2nix | nix run github:kamadorueda/alejandra"
+      # in /etc/NetworkManager/system-connections/
       profiles = {
         "10-ether-2_5G" = mylib.networking.mkStaticNetworkManagerProfile {
           id = "Wired 2.5G";
           interface = "enp8s0";
           ip = "192.168.86.50/24";
           router = "192.168.86.5";
-          nameserver = "192.168.86.26"; # TODO: Add fallback 8.8.8.8
+          nameserver = "192.168.86.26;8.8.8.8;";
-          autoconnect = true;
+          priority = 10; # Rather connect to 2.5G than to 1G
         };
         "10-ether-1G" = mylib.networking.mkStaticNetworkManagerProfile {
           id = "Wired 1G";
           interface = "enp5s0";
           ip = "192.168.86.50/24";
           router = "192.168.86.5";
-          nameserver = "192.168.86.26"; # TODO: Add fallback 8.8.8.8
+          nameserver = "192.168.86.26;8.8.8.8;";
-          autoconnect = false;
         };
       };
 

system/servenix/default.nix

@@ -52,7 +52,7 @@
           interface = "ens18";
           ips = ["192.168.86.25/24"];
           routers = ["192.168.86.5"];
-          nameservers = ["192.168.86.26" "8.8.8.8"];
+          nameservers = ["8.8.8.8"]; # NOTE: Use reliable DNS for servers instead of 192.168.86.26
           routable = true;
         };
       };

system/thinknix/default.nix

@@ -40,7 +40,7 @@
           interface = "ens18";
           ips = ["192.168.86.26/24"];
           routers = ["192.168.86.5"];
-          nameservers = ["127.0.0.1" "8.8.8.8"];
+          nameservers = ["8.8.8.8"]; # NOTE: Use reliable DNS for servers instead of 127.0.0.1
           routable = true;
         };
       };
@@ -69,20 +69,28 @@
     #   ${pkgs.iproute2}/bin/ip netns add ${name}
     # '';
 
+    # postSetup = ''
+    #   ${pkgs.iptables}/bin/iptables -A FORWARD -i vps-wg-client -j ACCEPT
+    #   ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
+    # '';
+    # postShutdown = ''
+    #   ${pkgs.iptables}/bin/iptables -D FORWARD -i vps-wg-client -j ACCEPT
+    #   ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE
+    # '';
     postSetup = ''
-      ${pkgs.iptables}/bin/iptables -A FORWARD -i vps-wg-client -j ACCEPT
+      ${pkgs.iptables} -A FORWARD -i wg0-client -j ACCEPT
-      ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
+      ${pkgs.iptables} -t nat -A POSTROUTING -o eth0 -j MASQUERADE
     '';
     postShutdown = ''
-      ${pkgs.iptables}/bin/iptables -D FORWARD -i vps-wg-client -j ACCEPT
+      ${pkgs.iptables} -D FORWARD -i wg0-client -j ACCEPT
-      ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE
+      ${pkgs.iptables} -t nat -D POSTROUTING -o eth0 -j MASQUERADE
     '';
 
     peers = [
       {
         name = "chriphost-vps";
         publicKey = "w/U8p9fizw0jk8PFaMZXV1N49Ws+q6mUHzNFYtoDTS8=";
-        endpoint = "vps.chriphost.de:51820";
+        endpoint = "212.227.233.241:51820";
         allowedIPs = [
           "10.10.10.0/24"
         ];