From 79ab172cbeb4f06606ccfc486d24a0b500c72b3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Wed, 18 Jan 2023 14:34:59 +0100
Subject: nixos/adm-omnia: router module

---
 nixos/modules/router.nix | 58 +++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 50 insertions(+), 8 deletions(-)

(limited to 'nixos/modules/router.nix')

diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix
index 00a3c03..cd7841e 100644
--- a/nixos/modules/router.nix
+++ b/nixos/modules/router.nix
@@ -15,41 +15,83 @@ in {
         description = "Enable router support";
       };
       wan = mkOption {
-        type = types.string;
+        type = types.str;
         description = "Interface for the router's WAN";
       };
       brlan = mkOption {
-        type = types.string;
+        type = types.str;
         default = "brlan";
         description = "LAN interface (commonly some bridge)";
       };
-      # TODO IP range and so on
+      lanIP = mkOption {
+        type = types.str;
+        description = "LAN IP address";
+      };
+      dynIPStart = mkOption {
+        type = types.ints.between 0 256;
+        default = 100;
+        description = "Offset for the dynamic IPv4 addresses";
+      };
+      dynIPCount = mkOption {
+        type = types.ints.between 0 256;
+        default = 100;
+        description = "Number of dynamically assigned IPv4 addresses";
+      };
+      lanPrefix = mkOption {
+        type = types.ints.between 0 32;
+        default = 24;
+        description = "LAN IP network prefix length";
+      };
     };
   };
 
-  config = mkIf cnf {
-    # TODO firewall NAT
+  config = mkIf cnf.enable {
     networking = {
+      interfaces."${cnf.brlan}" = {
+        ipv4.addresses = [
+          {
+            address = cnf.lanIP;
+            prefixLength = cnf.lanPrefix;
+          }
+        ];
+      };
+      nat = {
+        externalInterface = cnf.wan;
+        internalInterfaces = [cnf.brlan];
+      };
+      dhcpcd.allowInterfaces = [cnf.wan];
+      nameservers = ["1.1.1.1" "8.8.8.8"];
     };
 
     services.dhcpd4 = {
       enable = true;
       authoritative = true;
-      interfaces = ["brlan"];
+      interfaces = [cnf.brlan];
       extraConfig = ''
+        option domain-name-servers 1.1.1.1 8.8.8.8;
+        subnet ${ipv4.prefix2ip cnf.lanIP cnf.lanPrefix} netmask ${ipv4.prefix2netmask cnf.lanPrefix} {
+            range ${
+          ipv4.ipAdd cnf.lanIP cnf.lanPrefix cnf.dynIPStart
+        } ${
+          ipv4.ipAdd cnf.lanIP cnf.lanPrefix (cnf.dynIPStart + cnf.dynIPCount)
+        };
+            option routers ${cnf.lanIP};
+            option subnet-mask ${ipv4.prefix2netmask cnf.lanPrefix};
+            option broadcast-address ${ipv4.prefix2broadcast cnf.lanIP cnf.lanPrefix};
+        }
       '';
     };
 
     services.dhcpd6 = {
       enable = true;
       authoritative = true;
-      interfaces = ["brlan"];
+      interfaces = [cnf.brlan];
       extraConfig = ''
       '';
     };
 
     services.kresd = {
-      enable = true;
+      enable = false;
     };
   };
 }
-- 
cgit v1.2.3