| 2026-03-08 |
xlab-gateway: route client IPv6 through wg-to-wgnet
...
- Re-add IPv6 default route (::/0) via wg-to-wgnet in table 1002
- Add NAT66 masquerade on wg-to-wgnet for client ULA→tunnel translation
- Campus WAN has no IPv6 transit; wgnet provides it
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
| 2026-03-07 |
xlab-gateway: fix IPv6 routing, clean up table names
...
- Remove IPv6 default route from freedom table (1002) — wgnet peer
doesn't forward IPv6, causing TLS resets on outbound connections
- Remove Tsinghua IPv6 throw route (unnecessary without IPv6 default)
- IPv6 now uses native WAN path instead of WireGuard tunnel
- Rename table 1002 from typo 'wg-to-skywme' to 'freedom-wgnet'
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
xlab-gateway: add hardware-configuration.nix, disable wait-online
...
- Import generated hardware-configuration.nix (Intel CPU microcode,
boot modules for ehci_pci, ahci, nvme, kvm-intel)
- Disable systemd-networkd-wait-online (gateway doesn't need to block
boot waiting for WireGuard interfaces)
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
Add agenix-encrypted secrets and flake.lock
...
- Encrypted WireGuard keys for xlab-gateway (wgnet, skyworks, warp)
- Encrypted WireGuard PSK for wg-to-wgnet
- Placeholder skydick WireGuard secret
- Updated disko.nix with correct NVMe disk ID (MEMPEK1J016GAD)
- Generated flake.lock pinning nixpkgs 24.11, disko, agenix, deploy-rs
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
Initial skyworks infrastructure flake
...
Unified NixOS configuration for skydick (storage server) and
xlab-gateway (lab router). Flat module structure with shared
common/users/ssh modules, agenix secrets, disko, and deploy-rs.
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
