Majiir · November 3, 2025 20:09
diff --git a/gistfile1.txt b/gistfile1.txt
 { config, lib, pkgs, ... }:
 let
  ip = lib.getExe' pkgs.iproute2 "ip";
  sysctl = lib.getExe' pkgs.procps "sysctl";

  mkNat64Namespace = name: pool6: index:
    let
      interface = "nat64-${name}";
      namespace = "nat64-${name}";
    in
    {
      systemd.services."jool-nat64-${name}-netns" = {
        description = "Network namespace setup for jool-nat64-${name}";
        partOf = [ "jool-nat64-${name}-netns-inner.service" ];
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
          ExecStart = [
            "${ip} netns add ${namespace}"
            "${ip} link add ${interface} type veth peer name veth netns ${namespace}"
            "${ip} link set dev ${interface} addrgenmode none"
            "${ip} address add dev ${interface} scope link fe80::0/64"
            "${ip} address add dev ${interface} 192.168.64.${toString (index * 2)}/31"
            "${ip} link set ${interface} up"
            "${ip} route add ${config.networking.jool.nat64.${name}.global.pool6} via fe80::1 dev ${interface}"
          ];
          ExecStop = [
            "${ip} netns delete ${namespace}"
          ];
        };
      };

      systemd.services."jool-nat64-${name}-netns-inner" = {
        description = "Network namespace inner setup for jool-nat64-${name}";
        after = [ "jool-nat64-${name}-netns.service" ];
        requires = [ "jool-nat64-${name}-netns.service" ];
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
          NetworkNamespacePath = "/run/netns/${namespace}";
          ExecStart = [
            "${sysctl} --write net.ipv4.conf.all.forwarding=1"
            "${sysctl} --write net.ipv6.conf.all.forwarding=1"
            "${ip} link set dev veth addrgenmode none"
            "${ip} address add dev veth scope link fe80::1/64"
            "${ip} address add dev veth 192.168.64.${toString (index * 2 + 1)}/31"
            "${ip} link set veth up"
            "${ip} route add default via 192.168.64.${toString (index * 2)} dev veth"
            "${ip} route add default via fe80::0 dev veth"
          ];
        };
      };

      systemd.services."jool-nat64-${name}" = {
        after = [ "jool-nat64-${name}-netns-inner.service" ];
        requires = [ "jool-nat64-${name}-netns-inner.service" ];
        serviceConfig.NetworkNamespacePath = "/run/netns/${namespace}";
      };

      networking.jool = {
        enable = true;
        nat64.${name}.global.pool6 = pool6;
      };
    };
 in
  lib.mkMerge [
    (mkNat64Namespace "default" "64:ff9b::/96" 0)
    (mkNat64Namespace "private" "fd00:2001:db8:64::/96" 1)
  ]
	{ config, lib, pkgs, ... }:
	let
	ip = lib.getExe' pkgs.iproute2 "ip";
	sysctl = lib.getExe' pkgs.procps "sysctl";

	mkNat64Namespace = name: pool6: index:
	let
	interface = "nat64-${name}";
	namespace = "nat64-${name}";
	in
	{
	systemd.services."jool-nat64-${name}-netns" = {
	description = "Network namespace setup for jool-nat64-${name}";
	partOf = [ "jool-nat64-${name}-netns-inner.service" ];
	serviceConfig = {
	Type = "oneshot";
	RemainAfterExit = true;
	ExecStart = [
	"${ip} netns add ${namespace}"
	"${ip} link add ${interface} type veth peer name veth netns ${namespace}"
	"${ip} link set dev ${interface} addrgenmode none"
	"${ip} address add dev ${interface} scope link fe80::0/64"
	"${ip} address add dev ${interface} 192.168.64.${toString (index * 2)}/31"
	"${ip} link set ${interface} up"
	"${ip} route add ${config.networking.jool.nat64.${name}.global.pool6} via fe80::1 dev ${interface}"
	];
	ExecStop = [
	"${ip} netns delete ${namespace}"
	];
	};
	};

	systemd.services."jool-nat64-${name}-netns-inner" = {
	description = "Network namespace inner setup for jool-nat64-${name}";
	after = [ "jool-nat64-${name}-netns.service" ];
	requires = [ "jool-nat64-${name}-netns.service" ];
	serviceConfig = {
	Type = "oneshot";
	RemainAfterExit = true;
	NetworkNamespacePath = "/run/netns/${namespace}";
	ExecStart = [
	"${sysctl} --write net.ipv4.conf.all.forwarding=1"
	"${sysctl} --write net.ipv6.conf.all.forwarding=1"
	"${ip} link set dev veth addrgenmode none"
	"${ip} address add dev veth scope link fe80::1/64"
	"${ip} address add dev veth 192.168.64.${toString (index * 2 + 1)}/31"
	"${ip} link set veth up"
	"${ip} route add default via 192.168.64.${toString (index * 2)} dev veth"
	"${ip} route add default via fe80::0 dev veth"
	];
	};
	};

	systemd.services."jool-nat64-${name}" = {
	after = [ "jool-nat64-${name}-netns-inner.service" ];
	requires = [ "jool-nat64-${name}-netns-inner.service" ];
	serviceConfig.NetworkNamespacePath = "/run/netns/${namespace}";
	};

	networking.jool = {
	enable = true;
	nat64.${name}.global.pool6 = pool6;
	};
	};
	in
	lib.mkMerge [
	(mkNat64Namespace "default" "64:ff9b::/96" 0)
	(mkNat64Namespace "private" "fd00:2001:db8:64::/96" 1)
	]
No results found