Skip to content

Commit

Permalink
chore: update flake
Browse files Browse the repository at this point in the history
  • Loading branch information
@EHfive
EHfive committed Mar 23, 2024
1 parent 36258f2 commit 3a71c40
Show file tree
Hide file tree
Showing 8 changed files with 28 additions and 23 deletions.
12 changes: 6 additions & 6 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 6 additions & 7 deletions machines/r2s/files/nftables.nft
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,15 +47,15 @@ table inet filter {
reject
}

flowtable f {
hook ingress priority 0;
devices = { intern0, extern0 };
}
# flowtable f {
# hook ingress priority 0;
# devices = { intern0, extern0 };
# }

# allow packets from LAN to WAN, and WAN to LAN if LAN initiated the connection
chain forward {
type filter hook forward priority 0; policy drop;
meta l4proto tcp flow add @f
# meta l4proto tcp flow add @f

iifname { lo, intern0 } accept

Expand All @@ -71,12 +71,11 @@ table ip nat {
chain prerouting {
type nat hook prerouting priority -100; policy accept;
iifname intern0 ip daddr $chn_ns udp dport 53 redirect
iifname extern0 fullcone
}

# for all packets to WAN, after routing, replace source address with primary IP of WAN interface
chain postrouting {
type nat hook postrouting priority 100; policy accept;
ip saddr 192.168.1.0/24 oifname extern0 fullcone
# iifname intern0 oifname extern0 meta l4proto tcp masquerade
}
}
6 changes: 6 additions & 0 deletions machines/r2s/networking.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,12 @@
networking.firewall.enable = false;

systemd.network.enable = true;
systemd.network.config = {
networkConfig = {
ManageForeignRoutingPolicyRules = false;
SpeedMeter = true;
};
};

systemd.network.links."10-intern0" = {
matchConfig.Path = "platform-ff540000.ethernet";
Expand Down
2 changes: 1 addition & 1 deletion machines/r2s/router.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
before = lib.mkForce [ ];
after = [ "network-online.target" ];
};
networking.enableNftablesFullcone = true;
networking.enableNftablesFullcone = false;

networking.resolvconf.useLocalResolver = true;
services.resolved.enable = false;
Expand Down
6 changes: 3 additions & 3 deletions machines/r2s/secrets/secrets.sops.yaml
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions packages/dovecot-fts-flatcurve/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,14 @@
}:
stdenv.mkDerivation rec {
pname = "dovecot-fts-flatcurve";
version = "1.0.0";
version = "1.0.2";
nativeBuildInputs = [ autoconf automake libtool ];
buildInputs = [ dovecot icu xapian ];
src = fetchFromGitHub {
owner = "slusarz";
repo = pname;
rev = "v${version}";
sha256 = "sha256-nZFsl6Xhbcjhj1l8p0zEbsEirEiLU1CJOWAA7qLpN3g=";
sha256 = "sha256-SgnoXWcrs/O7Jtb8SKdX+iPp8n3ao1tO15Epr/rSDdI=";
};
preConfigure = ''
autoreconf -vi
Expand Down
2 changes: 1 addition & 1 deletion packages/packages.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ let
qcef = callPackage ./qcef { };
udpspeeder = callPackage ./udpspeeder {};
ubootNanopiR2s = callPackage ./uboot-nanopi-r2s { };
v2ray-next = callPackage ./v2ray-next { buildGoModule = pkgs.buildGo120Module; };
v2ray-next = callPackage ./v2ray-next { buildGoModule = pkgs.buildGo121Module; };
vlmcsd = callPackage ./vlmcsd { };
};

Expand Down
6 changes: 3 additions & 3 deletions packages/v2ray-next/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,15 @@ let

core = buildGoModule rec {
pname = "v2ray";
version = "5.13.0";
version = "5.15.1";
src = fetchFromGitHub ({
owner = "v2fly";
repo = "v2ray-core";
rev = "v${version}";
fetchSubmodules = false;
sha256 = "sha256-x7LVBmfm9M0fGBvLTz5Bbf01h8IT1yDJyeO1csKfb3I=";
sha256 = "sha256-EENeJQfIKHtbh5dmWeUtnVepIGsBsXMs6Yhi/QzeRRs=";
});
vendorHash = "sha256-ZBvHu4BEmQi6PQwRHuVwx/6X4gBqlRR44OktKRBGcs4=";
vendorHash = "sha256-SQ7DcrKYf4Wclp/HG8e7q5YPvVNj/kHV/pGmEyOU/BY=";

doCheck = false;

Expand Down

0 comments on commit 3a71c40

Please sign in to comment.