Daniel Lakeland6d ago
I'm imagining my #guixrouter having a default tunnel to Google and Cloudflare DNS, and then all the guixrouters register themselves somehow over i2p so that a guile script can grab a set of random i2p addresses and set up a service where DNS is resolved over i2p to other guixrouter instances that forward to google/cloudflare.. we keep each other safe from DNS surveillance...
Daniel LakelandMar 27

Ok, family and friends and #guix peeps, the #guixrouter initial push is up on codeberg as promised.

https://codeberg.org/dlakelan/guixrouter

There's also a semi-extensive discussion of how to use it in the README which is visible at the repo page, it probably needs a bit more discussion in the readme even, so I'll be working on that. Right now, I'd love it if people take a look and If you have questions put them here or in an issue and I'll try to write answers into the README.

guixrouter

A configuration for a privacy enhancing high performance low latency router VM for use on Proxmox or similar running Guix

Codeberg.org
Daniel LakelandMar 27

So on the #guixrouter project I'm just about ready to publish. I need to remove all the specific stuff about my network in ONE more file, do a final check, and then push it to codeberg. Expect an announcement maybe tomorrow?

Does anyone want to test it out? I think the easiest way is with a Proxmox server and the qcow2 image off guix site: https://guix.gnu.org/en/download/

You make a VM, import the qcow2 disk, and follow the config instructions on the codeberg site once they're pushed out... LMK

Download — GNU Guix

Installers and source files for GNU Guix. GNU Guix can be installed on different GNU/Linux distributions.

Show threadDaniel LakelandMar 26

Default services right now:

squid proxy, dnsmasq, unbound DNS over TLS, wireguard, yggdrasil, keepalived, tor, i2p, zabbix agent, prometheus exporter, ntpd client and server, dhcpd for upstream requests, nginx reverse proxy, letsencrypt, ssh, custom nftables firewall, and HFSC qdisc traffic shaper

Sounds interesting? I'm beginning to port it over to an independent repo so I can put it on codeberg

#guixrouter

Daniel LakelandMar 26
Ok, so it was not hard to get i2pd running on the #guixrouter. And it has a way to limit the number of transit connections, so I can probably prevent it from eating up my connection budget, so i2p is a go for default services on the router.
Show threadDaniel LakelandMar 23
@GhostOnTheHalfShell
OpenWrt on a Raspberry Pi 4 with a ue300 USB NIC was my router from 2020 to 2025 when I shifted to my #guixrouter VM. It would handle a gigabit connection without breaking a sweat.
Show threadDaniel LakelandMar 23
@alienghic
Well 3 of them used to be desktop PCs for my kids or a media PC for our front room. So they were kinda "free". They run as a #proxmox cluster so you need an odd number for quorum. Right now they host a #homeassistant VM, a VM thats a #Cfengine3 policy server, my #guixrouter which routes and traffic shapes the entire network, a 2 node #glusterfs cluster thats our home NAS (hosts home dirs for desktop machines), a #guix build VM, and a #yunohost machine hosting #Immich, and #Zabbix
Show threadSharlatanMar 13
@nmott you might be surprised when you know how many Frame laptops are used among Guix enthusiasts with big success
Even on routers #guixrouter
And Mac book @levenson
On Lenovo X1 @abcdw
Daniel LakelandMar 12

Where are my #ipv6 experts at?

My #guixrouter is having problems where when I restart its networking, it can respond to neighbor discovery, but after some time... it stops receiving neighbor discovery requests (they don't appear in tcpdumps). I think this must be either something to do with my switch or something to do with the linux bridge on the proxmox host... why would this happen? I can see the ndp snooping entry disappears on switch, but it happens even if ndp snooping is off

@doachs ?

Daniel LakelandFeb 26

Right now my #guixrouter uses unbound to forward upstream queries to Cloudflare DNS over TLS.

I'm thinking of moving that to DNS over Tor. How many of you do your DNS over Tor and how reliable is it? Since unbound doesn't handle this directly with socks proxy options, I'm thinking of using socat to open tls connections to like 4 DNS over TCP services through the Tor proxy (say 1.1.1.1 and 8.8.8.8 and their ipv6 versions) and then have unbound open 4 TCP streams to locally bound ports

#guix