diff options
| author | Karel Kočí <cynerd@email.cz> | 2023-01-18 14:34:59 +0100 |
|---|---|---|
| committer | Karel Kočí <cynerd@email.cz> | 2023-01-18 14:34:59 +0100 |
| commit | 79ab172cbeb4f06606ccfc486d24a0b500c72b3c (patch) | |
| tree | 1a8e1feee866aac4f1f69bccb1951a61c58cc892 /nixos/modules | |
| parent | 53fef9edcaf250ffa7cbc32c67b6ef4fe3226db6 (diff) | |
| download | nixos-personal-79ab172cbeb4f06606ccfc486d24a0b500c72b3c.tar.gz nixos-personal-79ab172cbeb4f06606ccfc486d24a0b500c72b3c.tar.bz2 nixos-personal-79ab172cbeb4f06606ccfc486d24a0b500c72b3c.zip | |
nixos/adm-omnia: router module
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/default.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/router.nix | 58 |
2 files changed, 51 insertions, 8 deletions
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 72221d8..bdab3b2 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -9,6 +9,7 @@ cynerd-hosts = import ./hosts.nix; cynerd-monitoring = import ./monitoring.nix; cynerd-openvpn = import ./openvpn.nix; + cynerd-router = import ./router.nix; cynerd-syncthing = import ./syncthing.nix; cynerd-wifi-client = import ./wifi-client.nix; } diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix index 00a3c03..cd7841e 100644 --- a/nixos/modules/router.nix +++ b/nixos/modules/router.nix @@ -15,41 +15,83 @@ in { description = "Enable router support"; }; wan = mkOption { - type = types.string; + type = types.str; description = "Interface for the router's WAN"; }; brlan = mkOption { - type = types.string; + type = types.str; default = "brlan"; description = "LAN interface (commonly some bridge)"; }; - # TODO IP range and so on + lanIP = mkOption { + type = types.str; + description = "LAN IP address"; + }; + dynIPStart = mkOption { + type = types.ints.between 0 256; + default = 100; + description = "Offset for the dynamic IPv4 addresses"; + }; + dynIPCount = mkOption { + type = types.ints.between 0 256; + default = 100; + description = "Number of dynamically assigned IPv4 addresses"; + }; + lanPrefix = mkOption { + type = types.ints.between 0 32; + default = 24; + description = "LAN IP network prefix length"; + }; }; }; - config = mkIf cnf { - # TODO firewall NAT + config = mkIf cnf.enable { networking = { + interfaces."${cnf.brlan}" = { + ipv4.addresses = [ + { + address = cnf.lanIP; + prefixLength = cnf.lanPrefix; + } + ]; + }; + nat = { + externalInterface = cnf.wan; + internalInterfaces = [cnf.brlan]; + }; + dhcpcd.allowInterfaces = [cnf.wan]; + nameservers = ["1.1.1.1" "8.8.8.8"]; }; services.dhcpd4 = { enable = true; authoritative = true; - interfaces = ["brlan"]; + interfaces = [cnf.brlan]; extraConfig = '' + option domain-name-servers 1.1.1.1 8.8.8.8; + subnet ${ipv4.prefix2ip cnf.lanIP cnf.lanPrefix} netmask ${ipv4.prefix2netmask cnf.lanPrefix} { + range ${ + ipv4.ipAdd cnf.lanIP cnf.lanPrefix cnf.dynIPStart + } ${ + ipv4.ipAdd cnf.lanIP cnf.lanPrefix (cnf.dynIPStart + cnf.dynIPCount) + }; + option routers ${cnf.lanIP}; + option subnet-mask ${ipv4.prefix2netmask cnf.lanPrefix}; + option broadcast-address ${ipv4.prefix2broadcast cnf.lanIP cnf.lanPrefix}; + } ''; }; services.dhcpd6 = { enable = true; authoritative = true; - interfaces = ["brlan"]; + interfaces = [cnf.brlan]; extraConfig = '' ''; }; services.kresd = { - enable = true; + enable = false; }; }; } |