kyra(hardening): networkd fixes

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
2026-05-03 16:02:47 +03:00 · 2026-05-03 16:02:47 +03:00 · 8894fdb401
commit 8894fdb401
parent 4d6c618cbc
1 changed files with 96 additions and 31 deletions
--- a/kyra/systemd/networkd.nix
+++ b/kyra/systemd/networkd.nix
@ -7,33 +7,71 @@
    network = {
      enable = true;
      networks = lib.mkMerge [
        (
          lib.mkIf (
            name == "ivy"
          )
          {
            "10-ens3" = {
              matchConfig = {
                Name = "ens3";
              };
              addresses = [
                {
                  Address = "93.115.203.92/24";
                }
                {
                  Address = "2001:67c:263c::8fa/64";
                }
              ];
              routes = [
                {
                  Gateway = "93.115.203.1";
                }
                {
                  Gateway = "2001:67c:263c::1";
                }
              ];
            };
          }
        )
        (
          lib.mkIf (
            name == "mel"
          )
          {
            "10-eth0" = {
-              matchConfig.Name = "eth0";
+              matchConfig = {
                Name = "eth0";
              };
              addresses = [
                {
                  Address = "45.11.229.245/24";
                }
                {
                  Address = "2a0e:97c0:3e3:20a::1/64";
                }
              ];
              networkConfig = {
                IPv6AcceptRA = false;
                Address = [
                  "45.11.229.245/24"
                  "2a0e:97c0:3e3:20a::1/64"
                ];
              };
              routes = [
                {
-                  routeConfig = {
+                  Gateway = "45.11.229.1";
                    Gateway = "45.11.229.1";
                  };
                }
                {
-                  routeConfig = {
+                  Gateway = "fe80::1";
-                    Gateway = "fe80::1";
+                  GatewayOnLink = true;
                    GatewayOnLink = true;
                  };
                }
              ];
            };
@ -50,27 +88,29 @@
                Name = "ens3";
              };
              addresses = [
                {
                  Address = "138.124.240.75/32";
                }
                {
                  Address = "2a0d:d940:1a:1500::2/56";
                }
              ];
              networkConfig = {
                IPv6AcceptRA = false;
                Address = [
                  "138.124.240.75/32"
                  "2a0d:d940:1a:1500::2/56"
                ];
              };
              routes = [
                {
-                  routeConfig = {
+                  Gateway = "10.0.0.1";
-                    Gateway = "10.0.0.1";
+                  GatewayOnLink = true;
                    GatewayOnLink = true;
                  };
                }
                {
-                  routeConfig = {
+                  Gateway = "2a0d:d940:1a:1500::1";
-                    Gateway = "2a0d:d940:1a:1500::1";
+                  GatewayOnLink = true;
                    GatewayOnLink = true;
                  };
                }
              ];
            };
@ -87,9 +127,28 @@
                Name = "ens3";
              };
              addresses = [
                {
                  Address = "90.156.226.152";
                }
                {
                  Address = "2a03:6f01:1:2::cb1e";
                }
              ];
              routes = [
                {
                  Gateway = "90.156.226.1";
                }
                {
                  Gateway = "2a03:6f01:1:2::1";
                  GatewayOnLink = true;
                }
              ];
              networkConfig = {
                Address = "90.156.226.152/24";
                Gateway = "90.156.226.1";
                IPv6AcceptRA = false;
              };
            };
@ -106,11 +165,17 @@
                Name = "ens3";
              };
-              networkConfig = {
+              addresses = [
-                Address = "138.124.72.244/24";
+                {
-                Gateway = "138.124.72.1";
+                  Address = "138.124.72.244";
-                IPv6AcceptRA = false;
+                }
-              };
+              ];
              routes = [
                {
                  Gateway = "138.124.72.1";
                }
              ];
            };
          }
        )