diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/configurations/adm-omnia.nix | 88 | ||||
-rw-r--r-- | nixos/modules/hosts.nix | 1 | ||||
-rw-r--r-- | nixos/modules/router.nix | 14 | ||||
-rw-r--r-- | nixos/modules/wifi-spt.nix | 8 |
4 files changed, 86 insertions, 25 deletions
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index dad595b..069dfb0 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -1,35 +1,77 @@ -{config, ...}: { +{config, ...}: let + hosts = config.cynerd.hosts.adm; +in { turris.board = "omnia"; + deploy = { + enable = false; + ssh.host = "omnia.adm"; + }; cynerd = { router = { enable = true; wan = "pppoe-wan"; - lanIP = config.cynerd.hosts.adm.omnia; + lanIP = hosts.omnia; + staticLeases = { + "70:85:c2:4a:59:f2" = hosts.ridcully; + "7c:b0:c2:bb:9c:ca" = hosts.albert; + "4c:d5:77:0d:85:d9" = hosts.binky; + "b8:27:eb:49:54:5a" = hosts.mpd; + }; + guestStaticLeases = { + "f4:a9:97:a4:bd:59" = hosts.printer; + }; }; wifiAP.adm = { - enable = true; - ar9287.interface = "wlp3s0"; - qca988x.interface = "wlp2s0"; + enable = false; + ar9287 = { + interface = "wlp1s0"; + bssids = ["04:f0:21:23:3d:ce" "08:f0:21:23:3d:ce" "0c:f0:21:23:3d:ce"]; + channel = 11; + }; + qca988x = { + interface = "wlp3s0"; + bssids = ["04:f0:21:24:0b:4e" "08:f0:21:24:0b:4e" "0c:f0:21:24:0b:4e"]; + channel = 36; + }; }; + wireguard = true; monitoring.speedtest = true; }; - networking.useDHCP = false; + services.journald.extraConfig = '' + SystemMaxUse=8G + ''; + + services.btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + + networking = { + useNetworkd = true; + useDHCP = false; + }; systemd.network = { networks = { - "end2" = { - matchConfig.Name = "end2"; - #networkConfig = { - # DHCP = "ipv6"; - # IPv6AcceptRA = "yes"; - # DHCPPrefixDelegation = "yes"; - #}; - #dhcpPrefixDelegationConfig = { - # UplinkInterface = ":self"; - # SubnetId = 0; - # Announce = "no"; - #}; + "pppoe-wan" = { + matchConfig.Name = "pppoe-wan"; + networkConfig = { + BindCarrier = "end2"; + DHCP = "ipv6"; + IPv6AcceptRA = "no"; + DHCPPrefixDelegation = "yes"; + DNS = "1.1.1.1"; + }; + dhcpV6Config = { + PrefixDelegationHint = "::/56"; + UseDNS = "no"; + }; + dhcpPrefixDelegationConfig = { + UplinkInterface = ":self"; + SubnetId = 0; + Announce = "no"; + }; linkConfig.RequiredForOnline = "routable"; }; "lan-brlan" = { @@ -43,7 +85,7 @@ {VLAN = 2;} ]; }; - "lan0-guest" = { + "lan-guest" = { matchConfig.Name = "lan0"; networkConfig.Bridge = "brlan"; bridgeVLANs = [ @@ -64,14 +106,18 @@ lcp-echo-interval 1 lcp-echo-failure 5 lcp-echo-adaptive - +ipv6 defaultroute defaultroute6 - usepeerdns + #usepeerdns maxfail 1 user O2 password 02 ''; }; systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.device"]; + # TODO limit NSS clamping to just pppoe-wan + networking.firewall.extraForwardRules = '' + tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" + iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept + ''; } diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix index e7ad76b..f53fd8c 100644 --- a/nixos/modules/hosts.nix +++ b/nixos/modules/hosts.nix @@ -64,6 +64,7 @@ in { "ridcully" = "10.8.3.60"; "3dprint" = "10.8.3.80"; "mpd" = "10.8.3.51"; + "printer" = "192.168.0.20"; # Portable "albert" = "10.8.3.61"; "binky" = "10.8.3.63"; diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix index a658515..cd37d8b 100644 --- a/nixos/modules/router.nix +++ b/nixos/modules/router.nix @@ -44,6 +44,14 @@ in { ''; description = "Mapping of MAC address to IP address"; }; + guestStaticLeases = mkOption { + type = with types; attrsOf str; + default = {}; + example = '' + {"xx:xx:xx:xx:xx:xx" = "10.8.1.30";} + ''; + description = "Mapping of MAC address to IP address"; + }; }; }; @@ -148,6 +156,12 @@ in { EmitDNS = "yes"; DNS = "192.168.1.1"; }; + dhcpServerStaticLeases = + mapAttrsToList (n: v: { + MACAddress = n; + Address = v; + }) + cnf.guestStaticLeases; dhcpPrefixDelegationConfig = { UplinkInterface = cnf.wan; SubnetId = 2; diff --git a/nixos/modules/wifi-spt.nix b/nixos/modules/wifi-spt.nix index a74440d..d013473 100644 --- a/nixos/modules/wifi-spt.nix +++ b/nixos/modules/wifi-spt.nix @@ -140,8 +140,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - EgressUntagged = 2; - PVID = 2; + EgressUntagged = 2; + PVID = 2; } ]; }; @@ -165,8 +165,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - EgressUntagged = 2; - PVID = 2; + EgressUntagged = 2; + PVID = 2; } ]; }; |