diff options
| author | Karel Kočí <cynerd@email.cz> | 2026-05-16 13:12:33 +0200 |
|---|---|---|
| committer | Karel Kočí <cynerd@email.cz> | 2026-05-16 13:12:33 +0200 |
| commit | 9492adaded6cb8b246db5a348fb2720dbc184214 (patch) | |
| tree | 1fcef1bf43dcc3b99519928dbd8ca69260cc0c9b /nixos/configurations/adm-omnia.nix | |
| parent | d5ec7b775888827089a668aea58244b2ad4a1e70 (diff) | |
| download | nixos-personal-9492adaded6cb8b246db5a348fb2720dbc184214.tar.gz nixos-personal-9492adaded6cb8b246db5a348fb2720dbc184214.tar.bz2 nixos-personal-9492adaded6cb8b246db5a348fb2720dbc184214.zip | |
Diffstat (limited to 'nixos/configurations/adm-omnia.nix')
| -rw-r--r-- | nixos/configurations/adm-omnia.nix | 53 |
1 files changed, 24 insertions, 29 deletions
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index 2b80bbc..826563b 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -15,11 +15,7 @@ in { wan = "pppoe-wan"; lanIP = hosts.omnia; staticLeases = { - "7c:b0:c2:bb:9c:ca" = hosts.albert; "4c:d5:77:0d:85:d9" = hosts.binky; - "b8:27:eb:49:54:5a" = hosts.mpd; - }; - guestStaticLeases = { "f4:a9:97:a4:bd:59" = hosts.printer; }; }; @@ -40,18 +36,20 @@ in { monitoring.speedtest = true; }; - services.journald.extraConfig = '' - SystemMaxUse=8G - ''; + services = { + journald.extraConfig = '' + SystemMaxUse=8G + ''; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; - services.fail2ban = { - enable = true; - ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; + fail2ban = { + enable = true; + ignoreIP = ["10.8.0.0/24" "10.8.1.0/24"]; + }; }; networking.useDHCP = false; @@ -82,7 +80,7 @@ in { linkConfig.RequiredForOnline = "routable"; }; "lan-brlan" = { - matchConfig.Name = "lan4"; + matchConfig.Name = "lan*"; networkConfig.Bridge = "brlan"; bridgeVLANs = [ { @@ -92,16 +90,6 @@ in { {VLAN = 2;} ]; }; - "lan-guest" = { - matchConfig.Name = "lan[0-3]"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - EgressUntagged = 2; - PVID = 2; - } - ]; - }; }; }; @@ -121,14 +109,21 @@ in { password 02 ''; }; - systemd.services."pppd-wan" = { - after = ["sys-subsystem-net-devices-end2.device"]; - partOf = ["systemd-networkd.service"]; + systemd.services = { + "pppd-wan" = { + after = ["sys-subsystem-net-devices-end2.device"]; + partOf = ["systemd-networkd.service"]; + serviceConfig = { + Restart = "always"; + StartLimitBurst = 0; + }; + }; + "systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; }; # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" - iifname {"home", "wg"} oifname {"home", "wg"} accept + iifname "wg" oifname "home" accept iifname "home" oifname "guest" accept comment "Allow home to access guest devices" ''; } |