diff options
Diffstat (limited to 'nixos/routers/router.nix')
| -rw-r--r-- | nixos/routers/router.nix | 171 |
1 files changed, 0 insertions, 171 deletions
diff --git a/nixos/routers/router.nix b/nixos/routers/router.nix deleted file mode 100644 index ed634b1..0000000 --- a/nixos/routers/router.nix +++ /dev/null @@ -1,171 +0,0 @@ -{ - config, - lib, - ... -}: let - inherit (lib) mkOption types mkIf mapAttrsToList; - cnf = config.cynerd.router; -in { - options = { - cynerd.router = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable router support"; - }; - wan = mkOption { - type = types.str; - description = "Interface for the router's WAN"; - }; - lanIP = mkOption { - type = types.str; - description = "LAN IP address"; - }; - dynIPStart = mkOption { - type = types.ints.between 0 256; - default = 100; - description = "Offset for the dynamic IPv4 addresses"; - }; - dynIPCount = mkOption { - type = types.ints.between 0 256; - default = 100; - description = "Number of dynamically assigned IPv4 addresses"; - }; - lanPrefix = mkOption { - type = types.ints.between 0 32; - default = 24; - description = "LAN IP network prefix length"; - }; - staticLeases = mkOption { - type = with types; attrsOf str; - default = {}; - example = '' - {"xx:xx:xx:xx:xx:xx" = "10.8.1.30";} - ''; - description = "Mapping of MAC address to IP address"; - }; - }; - }; - - config = mkIf cnf.enable { - networking = { - useNetworkd = true; - nftables.enable = true; - firewall = { - logRefusedConnections = false; - interfaces = { - "home" = {allowedUDPPorts = [67 68];}; - "guest" = {allowedUDPPorts = [67 68];}; - }; - rejectPackets = true; - filterForward = true; - }; - nat = { - enable = true; - externalInterface = cnf.wan; - internalInterfaces = ["home" "guest"]; - }; - }; - - systemd.network = { - netdevs = { - "brlan" = { - netdevConfig = { - Kind = "bridge"; - Name = "brlan"; - }; - extraConfig = '' - [Bridge] - DefaultPVID=none - VLANFiltering=yes - ''; - }; - "home" = { - netdevConfig = { - Kind = "vlan"; - Name = "home"; - }; - vlanConfig.Id = 1; - }; - "guest" = { - netdevConfig = { - Kind = "vlan"; - Name = "guest"; - }; - vlanConfig.Id = 2; - }; - }; - networks = { - "brlan" = { - matchConfig.Name = "brlan"; - networkConfig.VLAN = ["home" "guest"]; - bridgeVLANs = [ - {bridgeVLANConfig.VLAN = 1;} - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - "home" = { - matchConfig.Name = "home"; - networkConfig = { - Address = "${cnf.lanIP}/${toString cnf.lanPrefix}"; - IPForward = "yes"; - DHCPServer = "yes"; - DHCPPrefixDelegation = "yes"; - IPv6SendRA = "yes"; - IPv6AcceptRA = "no"; - }; - dhcpServerConfig = { - UplinkInterface = cnf.wan; - PoolOffset = cnf.dynIPStart; - PoolSize = cnf.dynIPCount; - EmitDNS = "yes"; - DNS = "1.1.1.1"; - }; - dhcpServerStaticLeases = - mapAttrsToList (n: v: { - dhcpServerStaticLeaseConfig = { - MACAddress = n; - Address = v; - }; - }) - cnf.staticLeases; - dhcpPrefixDelegationConfig = { - UplinkInterface = cnf.wan; - SubnetId = 1; - Announce = "yes"; - }; - }; - "guest" = { - matchConfig.Name = "guest"; - networkConfig = { - Address = "192.168.1.1/24"; - IPForward = "yes"; - DHCPServer = "yes"; - DHCPPrefixDelegation = "yes"; - IPv6SendRA = "yes"; - IPv6AcceptRA = "no"; - }; - dhcpServerConfig = { - UplinkInterface = cnf.wan; - PoolOffset = cnf.dynIPStart; - PoolSize = cnf.dynIPCount; - EmitDNS = "yes"; - DNS = "1.1.1.1"; - }; - dhcpPrefixDelegationConfig = { - UplinkInterface = cnf.wan; - SubnetId = 2; - Announce = "yes"; - }; - }; - }; - wait-online.anyInterface = true; - }; - - services.resolved = { - enable = true; - dnssec = "true"; - fallbackDns = ["1.1.1.1" "8.8.8.8"]; - }; - }; -} |