From f89dcef9cfa9754efbd63e6613c9c9210e399e64 Mon Sep 17 00:00:00 2001 From: Konarak Date: Mon, 18 Aug 2025 13:37:59 +0530 Subject: [PATCH] minor updates --- README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 576da08..04b22a5 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ # sixnix -My ISP provides me a single '/64' and it's dynamically assigned. I cannot have multiple networks with functional autoconfiguration. One solution to this is use one of 4to6 [tunnel brokers](https://tunnelbroker.services/) like the one offered by [Hurricane Electric](https://tunnelbroker.net/). Since my ISP uses CGNAT this setup is tricky if not impossible. +My ISP provides me a single `/64` and it's dynamically assigned. I cannot have multiple networks with functional autoconfiguration. One solution to this is use one of 4to6 [tunnel brokers](https://tunnelbroker.services/) like the one offered by [Hurricane Electric](https://tunnelbroker.net/). Since my ISP uses CGNAT this setup is tricky if not impossible. Fortunately Linode provides free `/56` to customers and the cheapest VPS costs just $5/month. You get 256 `/64` subnets. The following table provides an example where you can have 15 delegations of `/60` and use the 16th `/60` for the wireguard peer addressing. | Client subnet | WireGuard subnet | | |--------------------|---------------------|----| -| 2001:0db8::/60 | 2001:0db8:0:f0::/64 | 1 | +| 2001:db8::/60 | 2001:db8:0:f0::/64 | 1 | | 2001:db8:0:10::/60 | 2001:db8:0:f1::/64 | 2 | | 2001:db8:0:20::/60 | 2001:db8:0:f2::/64 | 3 | | 2001:db8:0:30::/60 | 2001:db8:0:f3::/64 | 4 | @@ -26,8 +26,9 @@ Fortunately Linode provides free `/56` to customers and the cheapest VPS costs j |-----------------------|-----------------------------| | wireguard.example.com | 2001:0db8:0:ff::/64 | -You can follow the linode's [nixos installation guide](https://www.linode.com/docs/guides/install-nixos-on-linode/) and/or then use this repo as a reference to set up your wireguard tunnels. +You can follow the linode's [nixos installation guide](https://www.linode.com/docs/guides/install-nixos-on-linode/) and/or use this repo as a reference to set up your wireguard tunnels. -- sops and add secrets in `secrets/secrets.yaml` -- ssh and user account settings in `modules/access.nix` -- egress and wireguard configs in `modules/network.nix` +- set up sops using the [docs here](https://github.com/Mic92/sops-nix) +- add root password, wireguard server private keys and peer public keys +- add ssh public keys and configure any additional user accounts in `modules/access.nix` +- configure egress, firewall, wireguard tunnels etc in `modules/network.nix`