diff options
Diffstat (limited to 'nix-conf/machines/edrahil/network-configuration.nix')
| -rw-r--r-- | nix-conf/machines/edrahil/network-configuration.nix | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/nix-conf/machines/edrahil/network-configuration.nix b/nix-conf/machines/edrahil/network-configuration.nix new file mode 100644 index 0000000..4b85912 --- /dev/null +++ b/nix-conf/machines/edrahil/network-configuration.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + networking = { + interfaces.ens3.ipv6.addresses = [ + { + # Emulate nix-sops. Technically an anti-pattern, but IP addresses aren't real secrets, and this has to be embedded here, + # as we cannot set a file path to read it from. + # Populate/update with: + # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["ipv6_address"]' machines/edrahil/secrets.yaml | doas tee /root/.config/secrets/ipv6_address + address = builtins.readFile "/root/.config/secrets/ipv6_address"; + prefixLength = 64; + } + ]; + defaultGateway6 = { + address = "fe80::1"; + interface = "ens3"; + }; + }; +} |