aszlig/heinrich.nix Secret

## heinrich.nix
{ lib, ... }:

{
  networking.dhcpcd.extraConfig = ''
    option rfc3442-classless-static-routes code 121 = \
      array of unsigned integer 8;

    send host-name = gethostname();

    request subnet-mask, broadcast-address, time-offset, domain-name,
            domain-name-servers, domain-search, host-name, dhcp6.name-servers,
            dhcp6.domain-search, netbios-name-servers, netbios-scope,
            interface-mtu, rfc3442-classless-static-routes, ntp-servers;
  '';

  networking.interfaces.eth0.ip4 = [
    { address = "192.168.0.12";
      prefixLength = 24;
    }
    { address = "10.11.67.67";
      prefixLength = 18;
    }
  ];

  networking.interfaces.eth1.ip4 = lib.singleton {
    address = "172.16.0.1";
    prefixLength = 24;
  };

  users.motd = ''
    0. Never touch a running system.
    1. Dokumentiere alle trotz 0 erfolgten Änderungen im Github-Repo:
       https://github.com/openlab-aux/labnetz-doku
    2. Mit großer Macht geht große Verantwortung einher.
    3. So weit!
    4. ...
    5. Reisst dir Hannes den Arsch auf, wenn Du die Punkte 0-2 ignorierst.
  '';

  networking.firewall.enable = false;
  networking.nat.enable = true;
  networking.nat.externalIP = "10.11.67.67";
  networking.nat.externalInterface = "eth0";
  networking.nat.internalIPs = [ "172.16.0.1/24" ];
  networking.nat.internalInterfaces = [ "eth1" ];

  # We should probably use this, I just deactivated it in order to be
  # backwards-compatible.
  networking.usePredictableInterfaceNames = false;

  services.openvpn.enable = true;
  services.openvpn.servers.heinrich.config = ''
    dev tun0
    remote 144.76.143.122
    ifconfig 10.9.8.2 10.9.8.1
    secret /etc/openvpn/priv.key

    comp-lzo

    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key

    route 0.0.0.0 0.0.0.0
  '';
}
	{ lib, ... }:

	{
	networking.dhcpcd.extraConfig = ''
	option rfc3442-classless-static-routes code 121 = \
	array of unsigned integer 8;

	send host-name = gethostname();

	request subnet-mask, broadcast-address, time-offset, domain-name,
	domain-name-servers, domain-search, host-name, dhcp6.name-servers,
	dhcp6.domain-search, netbios-name-servers, netbios-scope,
	interface-mtu, rfc3442-classless-static-routes, ntp-servers;
	'';

	networking.interfaces.eth0.ip4 = [
	{ address = "192.168.0.12";
	prefixLength = 24;
	}
	{ address = "10.11.67.67";
	prefixLength = 18;
	}
	];

	networking.interfaces.eth1.ip4 = lib.singleton {
	address = "172.16.0.1";
	prefixLength = 24;
	};

	users.motd = ''
	0. Never touch a running system.
	1. Dokumentiere alle trotz 0 erfolgten Änderungen im Github-Repo:
	https://github.com/openlab-aux/labnetz-doku
	2. Mit großer Macht geht große Verantwortung einher.
	3. So weit!
	4. ...
	5. Reisst dir Hannes den Arsch auf, wenn Du die Punkte 0-2 ignorierst.
	'';

	networking.firewall.enable = false;
	networking.nat.enable = true;
	networking.nat.externalIP = "10.11.67.67";
	networking.nat.externalInterface = "eth0";
	networking.nat.internalIPs = [ "172.16.0.1/24" ];
	networking.nat.internalInterfaces = [ "eth1" ];

	# We should probably use this, I just deactivated it in order to be
	# backwards-compatible.
	networking.usePredictableInterfaceNames = false;

	services.openvpn.enable = true;
	services.openvpn.servers.heinrich.config = ''
	dev tun0
	remote 144.76.143.122
	ifconfig 10.9.8.2 10.9.8.1
	secret /etc/openvpn/priv.key

	comp-lzo

	keepalive 10 60
	ping-timer-rem
	persist-tun
	persist-key

	route 0.0.0.0 0.0.0.0
	'';
	}