Revision as of 15:05, 16 July 2023

This site provides snippets for configuring your network just right for the use case you are looking for. All configuration is for configuration.nix

Configuration

Static IP for network adapter

The following example configures a static IPv6 address and a default gateway for the interface ens3

networking = {
  interfaces = {
    ens3.ipv6.addresses = [{
      address = "2a01:4f8:1c1b:16d0::";
      prefixLength = 64;
    }];
  };
  defaultGateway6 = {
    address = "fe80::1";
    interface = "ens3";
  };
};

Hosts file

To edit /etc/hosts just add something like this to your configuration.nix:

networking.extraHosts = ''
  127.0.0.2 other-localhost
  10.0.0.1 server
'';

Port forwarding

In this example we're going to forward the port 80 via NAT from our external network interface ens3 to the host 10.100.0.3 on our internal interface wg0.

networking = {
  firewall = {
    enable = true;
    allowedTCPPorts = [ 80 ];
    extraCommands = "iptables -t nat -A POSTROUTING -d 10.100.0.3 -p tcp -m tcp --dport 80 -j MASQUERADE";
  };
  nat = {
    enable = true;
    internalInterfaces = [ "wg0" ];
    externalInterface = "ens3";
    forwardPorts = [
      {
        sourcePort = 80;
        proto = "tcp";
        destination = "10.100.0.3:80";
      }
    ];
  };
};

IPv6

Prefix delegation with fixed DUID

Sometimes the hosting provider manages ipv6 networks via a so-called DUID or clientid. This snippet is required to make the network routable:

{ config, pkgs, ... }:

let
  # Get this from your hosting provider
  clientid = "00:11:22:33:44:55:66:77:88:99";
  interface = "enp2s0";
  subnet =  "56";
  network = "2001:bbb:3333:1111::/${subnet}";
  own_ip =  "2001:bbb:3333:1111::1/${subnet}";
in {
  # ... snip ...

  networking.enableIPv6 = true;
  networking.useDHCP = true;
  networking.dhcpcd.persistent = true;
  networking.dhcpcd.extraConfig = ''
    clientid "${clientid}"
    noipv6rs
    interface ${interface}
    ia_pd 1/${network} ${interface}
    static ip6_address=${own_ip}
  '';
  environment.etc."dhcpcd.duid".text = clientid;

}

Source: gleber gist for online.net IPv6 config in NixOS

Note: Recent versions of dhcpcd move the duid file to /var/db/dcpcd/duid. For that to work, you have to replace the above environment.etc line with something like:

systemd.services.dhcpcd.preStart = ''
  cp ${pkgs.writeText "duid" "<ID>"} /var/db/dhcpcd/duid
'';

VLANs

Refer to networking.vlans in the manual.

Below is a complete networking example showing two interfaces, one with VLAN trunk tagging and one without.

enp2s1 is a normal network interface at 192.168.1.2 with no VLAN information.

enp2s0 is the virtual LAN trunk, with two tagged VLANs, vlan100 and vlan101.

vlan100 is in the 10.1.1.X network and vlan101 is in the 10.10.10.X network.

The hostID should be unique among your machines, as mentioned in the manual.

Complete networking section example:

    networking = {
      hostId = "deadb33f";
      hostName = "nixos";
      domain = "example.com";
      dhcpcd.enable = false;
      interfaces.enp2s1.ipv4.addresses = [{
        address = "192.168.1.2";
        prefixLength = 28;
      }];
      vlans = {
        vlan100 = { id=100; interface="enp2s0"; };
        vlan101 = { id=101; interface="enp2s0"; };
      };
      interfaces.vlan100.ipv4.addresses = [{
        address = "10.1.1.2";
        prefixLength = 24;
      }];
      interfaces.vlan101.ipv4.addresses = [{
        address = "10.10.10.3";
        prefixLength = 24;
      }];
      defaultGateway = "192.168.1.1";
      nameservers = [ "1.1.1.1" "8.8.8.8" ];
    };

@@ Line 100: / Line 100: @@
 </syntaxhighlight>
-== VLAN's ==
+== VLANs ==
-[https://nixos.org/manual/nixos/stable/options.html#opt-networking.vlans vlan information in the manual]
+Refer to [https://nixos.org/manual/nixos/stable/options.html#opt-networking.vlans {{ic|networking.vlans}} in the manual].
-The below is a complete networking example, showing 2 interfaces, 1 with VLAN trunk tagging and 1 without.
+Below is a complete networking example showing two interfaces, one with VLAN trunk tagging and one without.
-eth1 is a normal network interface @ 192.168.1.2, with no VLAN information.
+{{ic|enp2s1}} is a normal network interface at {{ic|192.168.1.2}} with no VLAN information.
-eth0 is the vlan trunk tagged, with 2 VLAN's tagged, vlan 100 and vlan 101.
+{{ic|enp2s0}} is the virtual LAN trunk, with two tagged VLANs, {{ic|vlan100}} and {{ic|vlan101}}.
-vlan100 is in the 10.1.1.X network and vlan 101 is in the 10.10.10.X network.
-the hostID should be random data, derived from something like: <syntaxhighlight>head -c4 /dev/urandom | od -A none -t x4</syntaxhighlight> see [https://nixos.org/manual/nixos/stable/options.html#opt-networking.hostId the manual] for more information.
+{{ic|vlan100}} is in the {{ic|10.1.1.X}} network and {{ic|vlan101}} is in the {{ic|10.10.10.X}} network.
+The {{ic|hostID}} should be unique among your machines, [https://nixos.org/manual/nixos/stable/options.html#opt-networking.hostId as mentioned in the manual].
 Complete networking section example:
@@ Line 124: / Line 122: @@
        domain = "example.com";
        dhcpcd.enable = false;
-      usePredictableInterfaceNames = false;
+       interfaces.enp2s1.ipv4.addresses = [{
-       interfaces.eth1.ipv4.addresses = [{
          address = "192.168.1.2";
          prefixLength = 28;
        }];
        vlans = {
-         vlan100 = { id=100; interface="eth0"; };
+         vlan100 = { id=100; interface="enp2s0"; };
-         vlan101 = { id=101; interface="eth0"; };
+         vlan101 = { id=101; interface="enp2s0"; };
        };
        interfaces.vlan100.ipv4.addresses = [{