nixos: deploy to adm-omnia

author: Karel Kočí <cynerd@email.cz> 2024-12-27 17:47:20 +0100
committer: Karel Kočí <cynerd@email.cz> 2024-12-27 17:47:20 +0100
commit: 3fa889d41893ae35abb9801ccc1b60701459cc15 (patch)
tree: db85398ed60e472a8fb2d503ccd6f107246ea1ef /nixos/configurations
parent: c87480d287c68bb953aba6d603efad58ffea5e02 (diff)
download: nixos-personal-3fa889d41893ae35abb9801ccc1b60701459cc15.tar.gz
nixos-personal-3fa889d41893ae35abb9801ccc1b60701459cc15.tar.bz2
nixos-personal-3fa889d41893ae35abb9801ccc1b60701459cc15.zip
2 files changed, 10 insertions, 9 deletions
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix
index 056a68e..b332cab 100644
--- a/nixos/configurations/adm-omnia.nix
+++ b/nixos/configurations/adm-omnia.nix
@@ -3,8 +3,8 @@
 in {
   turris.board = "omnia";
   deploy = {
-    enable = false;
-    ssh.host = "omnia.adm";
+    enable = true;
+    ssh.host = "adm.cynerd.cz";
   };
 
   cynerd = {
@@ -54,6 +54,10 @@ in {
   };
   systemd.network = {
     networks = {
+      "end2" = {
+        matchConfig.Name = "end2"; # Ensure that it is managed by systemd-networkd
+        networkConfig.IPv6AcceptRA = false;
+      };
       "pppoe-wan" = {
         matchConfig.Name = "pppoe-wan";
         networkConfig = {
@@ -75,7 +79,7 @@ in {
         linkConfig.RequiredForOnline = "routable";
       };
       "lan-brlan" = {
-        matchConfig.Name = "lan[1-4]";
+        matchConfig.Name = "lan4";
         networkConfig.Bridge = "brlan";
         bridgeVLANs = [
           {
@@ -86,7 +90,7 @@ in {
         ];
       };
       "lan-guest" = {
-        matchConfig.Name = "lan0";
+        matchConfig.Name = "lan[0-3]";
         networkConfig.Bridge = "brlan";
         bridgeVLANs = [
           {
@@ -118,6 +122,7 @@ in {
   # TODO limit NSS clamping to just pppoe-wan
   networking.firewall.extraForwardRules = ''
     tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
-    iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept
+    iifname {"home", "wg"} oifname {"home", "wg"} accept
+    iifname "home" oifname "guest" accept comment "Allow home to access guest devices"
   '';
 }
diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix
index ff3b5a0..8494988 100644
--- a/nixos/configurations/ridcully.nix
+++ b/nixos/configurations/ridcully.nix
@@ -67,10 +67,6 @@ in {
   systemd.network = {
     wait-online.enable = false;
   };
-  #networking.vlans."enp6s0.adm" = {
-  #id = 2;
-  #interface = "enp6s0";
-  #};
 
   environment.systemPackages = [
     pkgs.nvtopPackages.amd
author	Karel Kočí <cynerd@email.cz>	2024-12-27 17:47:20 +0100
committer	Karel Kočí <cynerd@email.cz>	2024-12-27 17:47:20 +0100
commit	3fa889d41893ae35abb9801ccc1b60701459cc15 (patch)
tree	db85398ed60e472a8fb2d503ccd6f107246ea1ef /nixos/configurations
parent	c87480d287c68bb953aba6d603efad58ffea5e02 (diff)
download	nixos-personal-3fa889d41893ae35abb9801ccc1b60701459cc15.tar.gz nixos-personal-3fa889d41893ae35abb9801ccc1b60701459cc15.tar.bz2 nixos-personal-3fa889d41893ae35abb9801ccc1b60701459cc15.zip