spt-omnia: deploy

author: Karel Kočí <cynerd@email.cz> 2024-02-17 12:18:48 +0100
committer: Karel Kočí <cynerd@email.cz> 2024-02-17 12:18:48 +0100
commit: 9e7eca47bb3ddb6e88720cfcb28c995acbb072c1 (patch)
tree: 51391269780f8f7ce97284b8d79731f948756f30 /nixos/machine
parent: 6e3d6da59d310c50a61474824bd7a9f60a17187f (diff)
download: nixos-personal-9e7eca47bb3ddb6e88720cfcb28c995acbb072c1.tar.gz
nixos-personal-9e7eca47bb3ddb6e88720cfcb28c995acbb072c1.tar.bz2
nixos-personal-9e7eca47bb3ddb6e88720cfcb28c995acbb072c1.zip
1 files changed, 22 insertions, 15 deletions
diff --git a/nixos/machine/spt-omnia.nix b/nixos/machine/spt-omnia.nix
index c0a6ec2..ac4ebdf 100644
--- a/nixos/machine/spt-omnia.nix
+++ b/nixos/machine/spt-omnia.nix
@@ -3,14 +3,19 @@
   lib,
   pkgs,
   ...
-}:
-with lib; {
+}: let
+  hosts = config.cynerd.hosts.spt;
+in {
   config = {
     cynerd = {
       router = {
         enable = true;
         wan = "pppoe-wan";
-        lanIP = config.cynerd.hosts.spt.omnia;
+        lanIP = hosts.omnia;
+        staticLeases = {
+          "a8:a1:59:10:32:c4" = hosts.errol;
+          "4c:d5:77:0d:85:d9" = hosts.binky;
+        };
       };
       wifiAP.spt = {
         enable = true;
@@ -25,7 +30,7 @@ with lib; {
           channel = 36;
         };
       };
-      openvpn.oldpersonal = true;
+      #openvpn.oldpersonal = true;
       monitoring.speedtest = true;
     };
 
@@ -54,7 +59,7 @@ with lib; {
           networkConfig = {
             BindCarrier = "end2.848";
             DHCP = "ipv6";
-            IPv6AcceptRA = "yes";
+            IPv6AcceptRA = "no";
             DHCPPrefixDelegation = "yes";
           };
           dhcpPrefixDelegationConfig = {
@@ -67,15 +72,15 @@ with lib; {
         "lan-brlan" = {
           matchConfig.Name = "lan*";
           networkConfig.Bridge = "brlan";
-          #bridgeVLANs = [
-          #  {
-          #    bridgeVLANConfig = {
-          #      EgressUntagged = 1;
-          #      PVID = 1;
-          #    };
-          #  }
-          #  {bridgeVLANConfig.VLAN = 2;}
-          #];
+          bridgeVLANs = [
+            {
+              bridgeVLANConfig = {
+                EgressUntagged = 1;
+                PVID = 1;
+              };
+            }
+            {bridgeVLANConfig.VLAN = 2;}
+          ];
         };
       };
     };
@@ -88,7 +93,6 @@ with lib; {
         lcp-echo-interval 1
         lcp-echo-failure 5
         lcp-echo-adaptive
-        +ipv6
         defaultroute
         defaultroute6
         usepeerdns
@@ -98,6 +102,9 @@ with lib; {
       '';
     };
     systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.848.device"];
+    networking.firewall.extraForwardRules = ''
+      tcp flags syn tcp option maxseg size set rt mtu
+    '';
 
     services.syncthing = {
       enable = true;
author	Karel Kočí <cynerd@email.cz>	2024-02-17 12:18:48 +0100
committer	Karel Kočí <cynerd@email.cz>	2024-02-17 12:18:48 +0100
commit	9e7eca47bb3ddb6e88720cfcb28c995acbb072c1 (patch)
tree	51391269780f8f7ce97284b8d79731f948756f30 /nixos/machine
parent	6e3d6da59d310c50a61474824bd7a9f60a17187f (diff)
download	nixos-personal-9e7eca47bb3ddb6e88720cfcb28c995acbb072c1.tar.gz nixos-personal-9e7eca47bb3ddb6e88720cfcb28c995acbb072c1.tar.bz2 nixos-personal-9e7eca47bb3ddb6e88720cfcb28c995acbb072c1.zip