diff options
| author | Karel Kočí <cynerd@email.cz> | 2024-07-18 09:01:49 +0200 |
|---|---|---|
| committer | Karel Kočí <cynerd@email.cz> | 2024-07-18 09:01:49 +0200 |
| commit | a184ad849f060dd24840ddc3d3dd61ade12d1980 (patch) | |
| tree | 661d3ad8933fcdf186aeb293fe529379fd0472b5 /nixos/configurations | |
| parent | 632f8c5cc19be6d7ccd975f825d534627d0cbeff (diff) | |
| download | nixos-personal-a184ad849f060dd24840ddc3d3dd61ade12d1980.tar.gz nixos-personal-a184ad849f060dd24840ddc3d3dd61ade12d1980.tar.bz2 nixos-personal-a184ad849f060dd24840ddc3d3dd61ade12d1980.zip | |
nixos: update adm-omnia setup for deployment
Diffstat (limited to 'nixos/configurations')
| -rw-r--r-- | nixos/configurations/adm-omnia.nix | 88 |
1 files changed, 67 insertions, 21 deletions
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index dad595b..069dfb0 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -1,35 +1,77 @@ -{config, ...}: { +{config, ...}: let + hosts = config.cynerd.hosts.adm; +in { turris.board = "omnia"; + deploy = { + enable = false; + ssh.host = "omnia.adm"; + }; cynerd = { router = { enable = true; wan = "pppoe-wan"; - lanIP = config.cynerd.hosts.adm.omnia; + lanIP = hosts.omnia; + staticLeases = { + "70:85:c2:4a:59:f2" = hosts.ridcully; + "7c:b0:c2:bb:9c:ca" = hosts.albert; + "4c:d5:77:0d:85:d9" = hosts.binky; + "b8:27:eb:49:54:5a" = hosts.mpd; + }; + guestStaticLeases = { + "f4:a9:97:a4:bd:59" = hosts.printer; + }; }; wifiAP.adm = { - enable = true; - ar9287.interface = "wlp3s0"; - qca988x.interface = "wlp2s0"; + enable = false; + ar9287 = { + interface = "wlp1s0"; + bssids = ["04:f0:21:23:3d:ce" "08:f0:21:23:3d:ce" "0c:f0:21:23:3d:ce"]; + channel = 11; + }; + qca988x = { + interface = "wlp3s0"; + bssids = ["04:f0:21:24:0b:4e" "08:f0:21:24:0b:4e" "0c:f0:21:24:0b:4e"]; + channel = 36; + }; }; + wireguard = true; monitoring.speedtest = true; }; - networking.useDHCP = false; + services.journald.extraConfig = '' + SystemMaxUse=8G + ''; + + services.btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + + networking = { + useNetworkd = true; + useDHCP = false; + }; systemd.network = { networks = { - "end2" = { - matchConfig.Name = "end2"; - #networkConfig = { - # DHCP = "ipv6"; - # IPv6AcceptRA = "yes"; - # DHCPPrefixDelegation = "yes"; - #}; - #dhcpPrefixDelegationConfig = { - # UplinkInterface = ":self"; - # SubnetId = 0; - # Announce = "no"; - #}; + "pppoe-wan" = { + matchConfig.Name = "pppoe-wan"; + networkConfig = { + BindCarrier = "end2"; + DHCP = "ipv6"; + IPv6AcceptRA = "no"; + DHCPPrefixDelegation = "yes"; + DNS = "1.1.1.1"; + }; + dhcpV6Config = { + PrefixDelegationHint = "::/56"; + UseDNS = "no"; + }; + dhcpPrefixDelegationConfig = { + UplinkInterface = ":self"; + SubnetId = 0; + Announce = "no"; + }; linkConfig.RequiredForOnline = "routable"; }; "lan-brlan" = { @@ -43,7 +85,7 @@ {VLAN = 2;} ]; }; - "lan0-guest" = { + "lan-guest" = { matchConfig.Name = "lan0"; networkConfig.Bridge = "brlan"; bridgeVLANs = [ @@ -64,14 +106,18 @@ lcp-echo-interval 1 lcp-echo-failure 5 lcp-echo-adaptive - +ipv6 defaultroute defaultroute6 - usepeerdns + #usepeerdns maxfail 1 user O2 password 02 ''; }; systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.device"]; + # TODO limit NSS clamping to just pppoe-wan + networking.firewall.extraForwardRules = '' + tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" + iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept + ''; } |