From 8d1d892f25466756801698a8e7f0d4460445e9e1 Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@oceanbox.io>
Date: Fri, 10 Oct 2025 18:27:30 +0200
Subject: [PATCH] feat: route tos traffic via rossby (for now)

---
 rossby/0np0)               | 75 ++++++++++++++++++++++++++++++++++++++
 rossby/c0/default.nix      |  8 +++-
 rossby/fs-work/default.nix |  8 +++-
 rossby/login/default.nix   |  9 ++++-
 4 files changed, 96 insertions(+), 4 deletions(-)
 create mode 100644 rossby/0np0)

diff --git a/rossby/0np0) b/rossby/0np0)
new file mode 100644
index 0000000..3b00af2
--- /dev/null
+++ b/rossby/0np0)
@@ -0,0 +1,75 @@
+Global
+           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
+    resolv.conf mode: uplink
+  Current DNS Server: 172.16.239.221
+         DNS Servers: 172.16.239.221
+Fallback DNS Servers: 1.1.1.1 1.0.0.1
+          DNS Domain: cluster.local
+
+Link 2 (enp129s0f0)
+    Current Scopes: none
+         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
+     Default Route: no
+
+Link 3 (enp129s0f1)
+    Current Scopes: none
+         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
+     Default Route: no
+
+Link 4 (enp129s0f2)
+    Current Scopes: none
+         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
+     Default Route: no
+
+Link 5 (enp129s0f3)
+    Current Scopes: none
+         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
+     Default Route: no
+
+Link 6 (enp65s0np0)
+    Current Scopes: LLMNR/IPv4 LLMNR/IPv6
+         Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
+     Default Route: no
+
+Link 7 (ibp1s0)
+    Current Scopes: LLMNR/IPv4 LLMNR/IPv6
+         Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
+     Default Route: no
+
+Link 8 (tailscale0)
+    Current Scopes: DNS
+         Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
+Current DNS Server: 100.100.100.100
+       DNS Servers: 100.100.100.100
+        DNS Domain: ts.obx ~.
+     Default Route: yes
+
+Link 9 (docker0)
+    Current Scopes: none
+         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
+     Default Route: no
+
+Link 10 (flannel.1)
+    Current Scopes: LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
+         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
+     Default Route: no
+
+Link 11 (mynet)
+    Current Scopes: LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
+         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
+     Default Route: no
+
+Link 12 (veth1a3b1bd2)
+    Current Scopes: LLMNR/IPv6 mDNS/IPv6
+         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
+     Default Route: no
+
+Link 13 (vethd8099318)
+    Current Scopes: LLMNR/IPv6 mDNS/IPv6
+         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
+     Default Route: no
+
+Link 14 (vethe761a9b1)
+    Current Scopes: LLMNR/IPv6 mDNS/IPv6
+         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
+     Default Route: no
diff --git a/rossby/c0/default.nix b/rossby/c0/default.nix
index 997f717..3edda14 100644
--- a/rossby/c0/default.nix
+++ b/rossby/c0/default.nix
@@ -64,7 +64,13 @@ let
           "40-${host.iface}" = {
             matchConfig.Name = host.iface;
             address = [ "${host.address}/24" ];
-            routes = [ { Gateway = "172.16.239.1"; } ];
+            routes = [
+              { Gateway = "172.16.239.1"; }
+              {
+                Destination = "10.255.241.0/24";
+                Gateway = "172.16.239.221";
+              }
+            ];
           };
         # "ibp1s0.7666" = {
           "45-ibp1s0" = {
diff --git a/rossby/fs-work/default.nix b/rossby/fs-work/default.nix
index 39858d2..a076df5 100644
--- a/rossby/fs-work/default.nix
+++ b/rossby/fs-work/default.nix
@@ -119,7 +119,13 @@ in {
         matchConfig.Name = "enp1s0np0";
         DHCP = "no";
         address = [ "${address}/24" ];
-        routes = [ { Gateway = "172.16.239.1"; } ];
+        routes = [
+          { Gateway = "172.16.239.1"; }
+          {
+            Destination = "10.255.241.0/24";
+            Gateway = "172.16.239.221";
+          }
+        ];
       };
     };
 
diff --git a/rossby/login/default.nix b/rossby/login/default.nix
index df37d1f..6b9d52a 100644
--- a/rossby/login/default.nix
+++ b/rossby/login/default.nix
@@ -114,7 +114,6 @@ in
     networking = {
       useNetworkd = true;
       hostName = name;
-      nameservers = [ "8.8.8.8" "8.8.4.4" ];
       firewall = {
         allowedTCPPorts = [ 6443 ];
         extraCommands = ''
@@ -127,7 +126,13 @@ in
       networks."40-enp65s0np0" = {
         matchConfig.Name = "enp65s0np0";
         address = [ "${address}/24" ];
-        routes = [ { Gateway = "172.16.239.1"; } ];
+        routes = [
+          { Gateway = "172.16.239.1"; }
+          {
+            Destination = "10.255.241.0/24";
+            Gateway = "172.16.239.221";
+          }
+        ];
       };
     };