From 8894fdb401a400256baf2a1f6fb1180f813e4831 Mon Sep 17 00:00:00 2001 From: s0me1newithhand7s Date: Sun, 3 May 2026 16:02:47 +0300 Subject: [PATCH] kyra(hardening): networkd fixes Signed-off-by: s0me1newithhand7s --- kyra/systemd/networkd.nix | 127 ++++++++++++++++++++++++++++---------- 1 file changed, 96 insertions(+), 31 deletions(-) diff --git a/kyra/systemd/networkd.nix b/kyra/systemd/networkd.nix index 8982b55..1343078 100644 --- a/kyra/systemd/networkd.nix +++ b/kyra/systemd/networkd.nix @@ -7,33 +7,71 @@ network = { enable = true; networks = lib.mkMerge [ + ( + lib.mkIf ( + name == "ivy" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + addresses = [ + { + Address = "93.115.203.92/24"; + } + + { + Address = "2001:67c:263c::8fa/64"; + } + ]; + + routes = [ + { + Gateway = "93.115.203.1"; + } + + { + Gateway = "2001:67c:263c::1"; + } + ]; + }; + } + ) + ( lib.mkIf ( name == "mel" ) { "10-eth0" = { - matchConfig.Name = "eth0"; + matchConfig = { + Name = "eth0"; + }; + + addresses = [ + { + Address = "45.11.229.245/24"; + } + + { + Address = "2a0e:97c0:3e3:20a::1/64"; + } + ]; + networkConfig = { IPv6AcceptRA = false; - Address = [ - "45.11.229.245/24" - "2a0e:97c0:3e3:20a::1/64" - ]; }; routes = [ { - routeConfig = { - Gateway = "45.11.229.1"; - }; + Gateway = "45.11.229.1"; } { - routeConfig = { - Gateway = "fe80::1"; - GatewayOnLink = true; - }; + Gateway = "fe80::1"; + GatewayOnLink = true; } ]; }; @@ -50,27 +88,29 @@ Name = "ens3"; }; + addresses = [ + { + Address = "138.124.240.75/32"; + } + + { + Address = "2a0d:d940:1a:1500::2/56"; + } + ]; + networkConfig = { IPv6AcceptRA = false; - Address = [ - "138.124.240.75/32" - "2a0d:d940:1a:1500::2/56" - ]; }; routes = [ { - routeConfig = { - Gateway = "10.0.0.1"; - GatewayOnLink = true; - }; + Gateway = "10.0.0.1"; + GatewayOnLink = true; } { - routeConfig = { - Gateway = "2a0d:d940:1a:1500::1"; - GatewayOnLink = true; - }; + Gateway = "2a0d:d940:1a:1500::1"; + GatewayOnLink = true; } ]; }; @@ -87,9 +127,28 @@ Name = "ens3"; }; + addresses = [ + { + Address = "90.156.226.152"; + } + + { + Address = "2a03:6f01:1:2::cb1e"; + } + ]; + + routes = [ + { + Gateway = "90.156.226.1"; + } + + { + Gateway = "2a03:6f01:1:2::1"; + GatewayOnLink = true; + } + ]; + networkConfig = { - Address = "90.156.226.152/24"; - Gateway = "90.156.226.1"; IPv6AcceptRA = false; }; }; @@ -106,11 +165,17 @@ Name = "ens3"; }; - networkConfig = { - Address = "138.124.72.244/24"; - Gateway = "138.124.72.1"; - IPv6AcceptRA = false; - }; + addresses = [ + { + Address = "138.124.72.244"; + } + ]; + + routes = [ + { + Gateway = "138.124.72.1"; + } + ]; }; } )