System/ThinkNix: Enable IPv6 networking

home/homemodules/neovim/default.nix

@@ -38,7 +38,6 @@ in {
             ltex-ls # TODO: Only enable on-demand
             lua-language-server
             # nil
-            nixd
             basedpyright
             pyrefly
             ty
@@ -64,7 +63,6 @@ in {
             # statix # nix (doesn't recognize pipe operator)
 
             # Formatters
-            alejandra # nix
             cljfmt
             python313Packages.black
             google-java-format
@@ -83,6 +81,9 @@ in {
             # Dependencies
             lua54Packages.jsregexp # For tree-sitter
             # nodejs_latest
+
+            nixd
+            alejandra # nix
           ]
         ];
     };

lib/networking.nix

@@ -56,14 +56,14 @@
     address = ips;
     gateway = routers;
     dns = nameservers;
-    routes = builtins.map (r: {Gateway = r;}) routers;
+    routes = builtins.map (r: {Gateway = r;}) routers; # TODO: We need to add a way to specify addresses without routes (IPv6 ULA)
 
     # See man systemd.network
     networkConfig = {
       # This corresponds to the [NETWORK] section
       DHCP = "no";
 
-      # IPv6AcceptRA = "no";
+      IPv6AcceptRA = "yes"; # Accept Router Advertisements
       # MulticastDNS = "no";
       # LLMNR = "no";
       # LinkLocalAddressing = "ipv6";

system/systemmodules/docker/default.nix

@@ -19,8 +19,9 @@ in {
     networking.firewall.trustedInterfaces = ["docker0" "podman0"];
 
     # Needed for default bridge network to automatically work
-    # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+    boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
-    # boot.kernel.sysctl."net.ipv6.ip_forward" = 1;
+    boot.kernel.sysctl."net.ipv6.ip_forward" = 1;
+    boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
 
     virtualisation = {
       docker = {
@@ -36,12 +37,14 @@ in {
         };
 
         daemon.settings = {
+          # Enables IPv6 for all networks by default and sets the subnet for the bridge.
+          # We don't need the bridge network and only have 4 IPv6 prefixes, so leave this off.
           # ipv6 = true;
-          # fixed-cidr-v6 = "2001::/80";
+          # fixed-cidr-v6 = "fd00::/80";
 
           dns = [
             "8.8.8.8"
-            # "2001:4860:4860::8888"
+            "2001:4860:4860::8888"
 
             # "127.0.0.1"
             # "192.168.86.25"
@@ -78,6 +81,7 @@ in {
         then "${config.virtualisation.podman.package}/bin/podman"
         else "${config.virtualisation.docker.package}/bin/docker";
 
+      # TODO: This is bugged. Won't create the network even if it doesn't exist...
       mkDockerNetwork = options:
         builtins.concatStringsSep "\n" [
           # Make sure to return true on fail to not crash

system/thinknix/default.nix

@@ -28,7 +28,17 @@
       {
         name = "behind-nginx";
         disable_masquerade = false;
-        ipv6.enable = false;
+
+        ipv6.enable = true;
+        # ipv6.gateway = "fd00::5";
+
+        # We have to put an actual prefix from the ISP here.
+        # OPNSense: Interfaces > Overview > WAN > Details > Dynamic IPv6 Prefix Received.
+        # With /64, we don't have a prefix to spare for docker.
+        # Glasfaser Ruhr gives us /62, meaning 4 prefixes.
+        # The first one is used for the main LAN, so use the second one for docker.
+        # This also requires a route in OPNSense that specifies ThinkNix as the gateway to this subnet.
+        ipv6.subnet = "2001:7d8:8023:a009::/64";
       }
     ];
 
@@ -36,12 +46,52 @@
       useNetworkManager = false;
 
       networks = {
-        "10-ether-1G" = mylib.networking.mkStaticSystemdNetwork {
+        # "10-ether-1G" = mylib.networking.mkStaticSystemdNetwork {
-          interface = "ens18";
+        #   interface = "ens18";
-          ips = ["192.168.86.26/24"];
+        #   ips = ["192.168.86.26/24" "fd00::1a/64"];
-          routers = ["192.168.86.5"];
+        #   routers = ["192.168.86.5" "fd00::5"];
-          nameservers = ["8.8.8.8"]; # NOTE: Use reliable DNS for servers instead of 127.0.0.1
+        #   nameservers = ["8.8.8.8" "2001:4860:4860::8888"]; # NOTE: Use reliable DNS for servers instead of 127.0.0.1
-          routable = true;
+        #   routable = true;
+        # };
+
+        # TODO: mylib.networking.mkStaticSystemdNetwork needs improvement to accomodate for this
+        "10-ether-1G" = rec {
+          enable = true;
+
+          # See man systemd.link, man systemd.netdev, man systemd.network
+          matchConfig = {
+            # This corresponds to the [MATCH] section
+            Name = "ens18"; # Match ethernet interface
+          };
+
+          # Static IP + DNS + Gateway
+          address = ["192.168.86.26/24"];
+          gateway = ["192.168.86.5"]; # Don't add "fd00::5", rely on router advertisement instead
+          dns = ["8.8.8.8" "8.8.4.4" "2001:4860:4860::8888" "2001:4860:4860::8844"];
+          routes = builtins.map (r: {Gateway = r;}) gateway;
+
+          # See man systemd.network
+          networkConfig = {
+            # This corresponds to the [NETWORK] section
+            DHCP = "no";
+
+            IPv6AcceptRA = "yes"; # Accept Router Advertisements
+            # MulticastDNS = "no";
+            # LLMNR = "no";
+            # LinkLocalAddressing = "ipv6";
+          };
+
+          addresses = [
+            {
+              # Don't add this to address, we don't want to create any routes with this
+              Address = "fd00::1a/64"; # IPv6 Unique-Local Address (ULA)
+            }
+          ];
+
+          linkConfig = {
+            # This corresponds to the [LINK] section
+            RequiredForOnline = "routable";
+          };
         };
       };