From 79ab172cbeb4f06606ccfc486d24a0b500c72b3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Wed, 18 Jan 2023 14:34:59 +0100 Subject: nixos/adm-omnia: router module --- nixos/modules/default.nix | 1 + nixos/modules/router.nix | 58 ++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 51 insertions(+), 8 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 72221d8..bdab3b2 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -9,6 +9,7 @@ cynerd-hosts = import ./hosts.nix; cynerd-monitoring = import ./monitoring.nix; cynerd-openvpn = import ./openvpn.nix; + cynerd-router = import ./router.nix; cynerd-syncthing = import ./syncthing.nix; cynerd-wifi-client = import ./wifi-client.nix; } diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix index 00a3c03..cd7841e 100644 --- a/nixos/modules/router.nix +++ b/nixos/modules/router.nix @@ -15,41 +15,83 @@ in { description = "Enable router support"; }; wan = mkOption { - type = types.string; + type = types.str; description = "Interface for the router's WAN"; }; brlan = mkOption { - type = types.string; + type = types.str; default = "brlan"; description = "LAN interface (commonly some bridge)"; }; - # TODO IP range and so on + lanIP = mkOption { + type = types.str; + description = "LAN IP address"; + }; + dynIPStart = mkOption { + type = types.ints.between 0 256; + default = 100; + description = "Offset for the dynamic IPv4 addresses"; + }; + dynIPCount = mkOption { + type = types.ints.between 0 256; + default = 100; + description = "Number of dynamically assigned IPv4 addresses"; + }; + lanPrefix = mkOption { + type = types.ints.between 0 32; + default = 24; + description = "LAN IP network prefix length"; + }; }; }; - config = mkIf cnf { - # TODO firewall NAT + config = mkIf cnf.enable { networking = { + interfaces."${cnf.brlan}" = { + ipv4.addresses = [ + { + address = cnf.lanIP; + prefixLength = cnf.lanPrefix; + } + ]; + }; + nat = { + externalInterface = cnf.wan; + internalInterfaces = [cnf.brlan]; + }; + dhcpcd.allowInterfaces = [cnf.wan]; + nameservers = ["1.1.1.1" "8.8.8.8"]; }; services.dhcpd4 = { enable = true; authoritative = true; - interfaces = ["brlan"]; + interfaces = [cnf.brlan]; extraConfig = '' + option domain-name-servers 1.1.1.1 8.8.8.8; + subnet ${ipv4.prefix2ip cnf.lanIP cnf.lanPrefix} netmask ${ipv4.prefix2netmask cnf.lanPrefix} { + range ${ + ipv4.ipAdd cnf.lanIP cnf.lanPrefix cnf.dynIPStart + } ${ + ipv4.ipAdd cnf.lanIP cnf.lanPrefix (cnf.dynIPStart + cnf.dynIPCount) + }; + option routers ${cnf.lanIP}; + option subnet-mask ${ipv4.prefix2netmask cnf.lanPrefix}; + option broadcast-address ${ipv4.prefix2broadcast cnf.lanIP cnf.lanPrefix}; + } ''; }; services.dhcpd6 = { enable = true; authoritative = true; - interfaces = ["brlan"]; + interfaces = [cnf.brlan]; extraConfig = '' ''; }; services.kresd = { - enable = true; + enable = false; }; }; } -- cgit v1.2.3