From 8aa31bca2062824f92a54aa6758c7322685c86ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= Date: Sun, 27 Apr 2025 18:33:01 +0000 Subject: space_server: networkd: change reamining networks to new prefixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Asbjørn Sloth Tønnesen --- roles/space_server/files/networkd/10-lan11.network | 9 +++++++-- roles/space_server/files/networkd/10-lan12.network | 9 +++++++-- roles/space_server/files/networkd/10-lan13.network | 11 ++++++++--- roles/space_server/files/networkd/10-lan14.network | 10 +++++----- roles/space_server/files/networkd/10-lan15.network | 10 +++++----- roles/space_server/files/networkd/10-lan25.network | 2 ++ roles/space_server/templates/nftables.conf.j2 | 22 +++++++++++----------- 7 files changed, 45 insertions(+), 28 deletions(-) (limited to 'roles/space_server') diff --git a/roles/space_server/files/networkd/10-lan11.network b/roles/space_server/files/networkd/10-lan11.network index add8dd1..064c8a2 100644 --- a/roles/space_server/files/networkd/10-lan11.network +++ b/roles/space_server/files/networkd/10-lan11.network @@ -8,6 +8,7 @@ ARP=yes DHCP=no IPv6AcceptRA=no Address=10.42.1.1/24 +#Address=2a00:fbe4:1ab:b::1/64 #Address=2a01:4262:1ab:b::1/64 Address=fe80::1/64 IPForward=yes @@ -17,6 +18,10 @@ LLDP=yes EmitLLDP=yes IPv6SendRA=yes +[Route] +Destination=2a00:fbe4:1ab:b::/64 +PreferredSource=2a00:fbe4:1ab:: + [Route] Destination=2a01:4262:1ab:b::/64 PreferredSource=2a01:4262:1ab:: @@ -25,10 +30,10 @@ PreferredSource=2a01:4262:1ab:: RouterLifetimeSec=9000 RouterPreference=medium EmitDNS=yes -DNS=2a01:4262:1ab:: +DNS=2a00:fbe4:1ab:: DNSLifetimeSec=14400 [IPv6Prefix] -Prefix=2a01:4262:1ab:b::/64 +Prefix=2a00:fbe4:1ab:b::/64 ValidLifetimeSec=86400 PreferredLifetimeSec=14400 diff --git a/roles/space_server/files/networkd/10-lan12.network b/roles/space_server/files/networkd/10-lan12.network index 0887100..1bb2b43 100644 --- a/roles/space_server/files/networkd/10-lan12.network +++ b/roles/space_server/files/networkd/10-lan12.network @@ -8,6 +8,7 @@ ARP=yes DHCP=no IPv6AcceptRA=no Address=10.42.2.1/24 +#Address=2a00:fbe4:1ab:c::1/64 #Address=2a01:4262:1ab:c::1/64 Address=fe80::1/64 IPForward=yes @@ -17,6 +18,10 @@ LLDP=yes EmitLLDP=yes IPv6SendRA=yes +[Route] +Destination=2a00:fbe4:1ab:c::/64 +PreferredSource=2a00:fbe4:1ab:: + [Route] Destination=2a01:4262:1ab:c::/64 PreferredSource=2a01:4262:1ab:: @@ -25,10 +30,10 @@ PreferredSource=2a01:4262:1ab:: RouterLifetimeSec=9000 RouterPreference=medium EmitDNS=yes -DNS=2a01:4262:1ab:: +DNS=2a00:fbe4:1ab:: DNSLifetimeSec=14400 [IPv6Prefix] -Prefix=2a01:4262:1ab:c::/64 +Prefix=2a00:fbe4:1ab:c::/64 ValidLifetimeSec=86400 PreferredLifetimeSec=14400 diff --git a/roles/space_server/files/networkd/10-lan13.network b/roles/space_server/files/networkd/10-lan13.network index a36dd5a..f83c843 100644 --- a/roles/space_server/files/networkd/10-lan13.network +++ b/roles/space_server/files/networkd/10-lan13.network @@ -8,6 +8,7 @@ ARP=yes DHCP=no IPv6AcceptRA=no Address=10.42.3.1/24 +#Address=2a00:fbe4:1ab:d::1/64 #Address=2a01:4262:1ab:d::1/64 Address=fe80::1/64 IPForward=yes @@ -17,18 +18,22 @@ LLDP=yes EmitLLDP=yes IPv6SendRA=yes +[Route] +Destination=2a00:fbe4:1ab:d::/64 +PreferredSource=2a00:fbe4:1ab:: + [Route] Destination=2a01:4262:1ab:d::/64 -PreferredSource=2a01:4262:1ab:: +PreferredSource=2a00:fbe4:1ab:: [IPv6SendRA] RouterLifetimeSec=9000 RouterPreference=medium EmitDNS=yes -DNS=2a01:4262:1ab:: +DNS=2a00:fbe4:1ab:: DNSLifetimeSec=14400 [IPv6Prefix] -Prefix=2a01:4262:1ab:d::/64 +Prefix=2a00:fbe4:1ab:d::/64 ValidLifetimeSec=86400 PreferredLifetimeSec=14400 diff --git a/roles/space_server/files/networkd/10-lan14.network b/roles/space_server/files/networkd/10-lan14.network index 018441e..90f2677 100644 --- a/roles/space_server/files/networkd/10-lan14.network +++ b/roles/space_server/files/networkd/10-lan14.network @@ -8,7 +8,7 @@ ARP=yes DHCP=no IPv6AcceptRA=no Address=10.42.4.1/24 -#Address=2a01:4262:1ab:e::1/64 +#Address=2a00:fbe4:1ab:e::1/64 Address=fe80::1/64 IPForward=yes LLMNR=yes @@ -18,17 +18,17 @@ EmitLLDP=yes IPv6SendRA=yes [Route] -Destination=2a01:4262:1ab:e::/64 -PreferredSource=2a01:4262:1ab:: +Destination=2a00:fbe4:1ab:e::/64 +PreferredSource=2a00:fbe4:1ab:: [IPv6SendRA] RouterLifetimeSec=9000 RouterPreference=medium EmitDNS=yes -DNS=2a01:4262:1ab:: +DNS=2a00:fbe4:1ab:: DNSLifetimeSec=14400 [IPv6Prefix] -Prefix=2a01:4262:1ab:e::/64 +Prefix=2a00:fbe4:1ab:e::/64 ValidLifetimeSec=86400 PreferredLifetimeSec=14400 diff --git a/roles/space_server/files/networkd/10-lan15.network b/roles/space_server/files/networkd/10-lan15.network index 202e07a..6e6e493 100644 --- a/roles/space_server/files/networkd/10-lan15.network +++ b/roles/space_server/files/networkd/10-lan15.network @@ -10,7 +10,7 @@ IPv6AcceptRA=no # systemd-networkd thinks link is degraded # unless it has an ipv4 address :( Address=10.42.5.1/24 -#Address=2a01:4262:1ab:f::1/64 +#Address=2a00:fbe4:1ab:f::1/64 Address=fe80::1/64 IPForward=ipv6 LLMNR=yes @@ -20,17 +20,17 @@ EmitLLDP=yes IPv6SendRA=yes [Route] -Destination=2a01:4262:1ab:f::/64 -PreferredSource=2a01:4262:1ab:: +Destination=2a00:fbe4:1ab:f::/64 +PreferredSource=2a00:fbe4:1ab:: [IPv6SendRA] RouterLifetimeSec=9000 RouterPreference=medium EmitDNS=yes -DNS=2a01:4262:1ab:: +DNS=2a00:fbe4:1ab:: DNSLifetimeSec=14400 [IPv6Prefix] -Prefix=2a01:4262:1ab:f::/64 +Prefix=2a00:fbe4:1ab:f::/64 ValidLifetimeSec=86400 PreferredLifetimeSec=14400 diff --git a/roles/space_server/files/networkd/10-lan25.network b/roles/space_server/files/networkd/10-lan25.network index e77b459..db7f55b 100644 --- a/roles/space_server/files/networkd/10-lan25.network +++ b/roles/space_server/files/networkd/10-lan25.network @@ -8,7 +8,9 @@ ARP=yes DHCP=no IPv6AcceptRA=no LinkLocalAddressing=no +Address=45.145.93.129/28 Address=185.38.175.129/28 +Address=2a00:fbe4:1ab:ffff::1/64 Address=2a01:4262:1ab:ffff::1/64 Address=fe80::1/64 IPForward=yes diff --git a/roles/space_server/templates/nftables.conf.j2 b/roles/space_server/templates/nftables.conf.j2 index 002a107..cccdc71 100644 --- a/roles/space_server/templates/nftables.conf.j2 +++ b/roles/space_server/templates/nftables.conf.j2 @@ -7,8 +7,8 @@ define jumbotron_ip6 = {{ local_hosts['jumbotron'].ipv6[0] }} # internal stuff define ext_if = wan -define ext_ip4 = 185.38.175.0 -define ext_ip6 = 2a01:4262:1ab:: +define ext_ip4 = 45.145.93.0 +define ext_ip6 = 2a00:fbe4:1ab:: define int_net4 = 10.42.0.0/16 define ext_net4 = { 185.38.175.0/24, 45.145.93.0/24 } define ext_net6 = { 2a01:4262:1ab::/48, 2a00:fbe4:1ab::/48 } @@ -22,26 +22,26 @@ define adm_net4 = 10.42.0.0/24 define wire_if = lan11 define wire_ip4 = 10.42.1.1 define wire_net4 = 10.42.1.0/24 -define wire_net6 = 2a01:4262:1ab:b::/64 +define wire_net6 = { 2a01:4262:1ab:b::/64, 2a00:fbe4:1ab:b::/64 } define priv_if = lan12 define priv_ip4 = 10.42.2.1 define priv_net4 = 10.42.2.0/24 -define priv_net6 = 2a01:4262:1ab:c::/64 +define priv_net6 = { 2a01:4262:1ab:c::/64, 2a00:fbe4:1ab:c::/64 } define free_if = lan13 define free_ip4 = 10.42.3.1 -define free_nat = 185.38.175.1 +define free_nat = 45.145.93.1 define free_net4 = 10.42.3.0/24 -define free_net6 = 2a01:4262:1ab:d::/64 +define free_net6 = { 2a01:4262:1ab:d::/64, 2a00:fbe4:1ab:d::/64 } define pass_if = lan14 define pass_ip4 = 10.42.4.1 define pass_net4 = 10.42.4.0/24 -define pass_net6 = 2a01:4262:1ab:e::/64 +define pass_net6 = { 2a01:4262:1ab:e::/64, 2a00:fbe4:1ab:e::/64 } define futu_if = lan15 -define futu_net6 = 2a01:4262:1ab:f::/64 +define futu_net6 = { 2a01:4262:1ab:f::/64, 2a00:fbe4:1ab:f::/64 } define nat64_if = nat64 define nat64_net4 = 10.42.128.0/17 @@ -49,13 +49,13 @@ define nat64_net4 = 10.42.128.0/17 define colo_if = { lan20, lan21 } define tor_if = lan25 -define tor_net4 = 185.38.175.128/28 -define tor_net6 = 2a01:4262:1ab:ffff::/64 +define tor_net4 = { 185.38.175.128/28, 45.145.93.128/28 } +define tor_net6 = { 2a01:4262:1ab:ffff::/64, 2a00:fbe4:1ab:ffff::/64 } define local_ip4 = { $ext_ip4, $adm_ip4, $wire_ip4, $priv_ip4, $free_ip4, $pass_ip4 } define local_ip6 = { $ext_ip6 } define local_net4 = { $ext_ip4, $free_nat, $int_net4 } -define local_net6 = 2a01:4262:1ab::/52 +define local_net6 = { 2a01:4262:1ab::/52, 2a00:fbe4:1ab::/52 } define avahi_ifs = { $wire_if, $priv_if, $pass_if } -- cgit v1.2.1