From 35733c66454cf0ce153a9730be77d51223397933 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Fri, 16 Feb 2024 00:09:45 +0100 Subject: nixos/spt-omnia: migrate to nixos --- nixos/routers/router.nix | 123 ++++++++++++++++++++++++----------------------- 1 file changed, 64 insertions(+), 59 deletions(-) (limited to 'nixos/routers/router.nix') diff --git a/nixos/routers/router.nix b/nixos/routers/router.nix index 545f109..a3fc0c1 100644 --- a/nixos/routers/router.nix +++ b/nixos/routers/router.nix @@ -45,24 +45,24 @@ in { nftables.enable = true; firewall = { interfaces = { - "lan" = { - allowedUDPPorts = [53 67 68]; - allowedTCPPorts = [53]; - }; - "guest" = { + "brlan" = { allowedUDPPorts = [53 67 68]; allowedTCPPorts = [53]; }; + #"guest" = { + # allowedUDPPorts = [53 67 68]; + # allowedTCPPorts = [53]; + #}; }; filterForward = true; - extraForwardRules = '' - iifname "guest" oifname != "${cnf.wan}" drop comment "prevent guest to access lan" - ''; + #extraForwardRules = '' + # iifname "guest" oifname != "${cnf.wan}" drop comment "prevent guest to access brlan" + #''; }; nat = { enable = true; externalInterface = cnf.wan; - internalInterfaces = ["lan" "guest"]; + internalInterfaces = ["brlan"]; }; }; @@ -73,38 +73,43 @@ in { Kind = "bridge"; Name = "brlan"; }; - extraConfig = '' - [Bridge] - DefaultPVID=none - VLANFiltering=yes - ''; - }; - "lan" = { - netdevConfig = { - Kind = "vlan"; - Name = "lan"; - }; - vlanConfig.Id = 1; - }; - "guest" = { - netdevConfig = { - Kind = "vlan"; - Name = "guest"; - }; - vlanConfig.Id = 2; + #extraConfig = '' + # [Bridge] + # DefaultPVID=none + # VLANFiltering=yes + #''; }; + #"home" = { + # netdevConfig = { + # Kind = "vlan"; + # Name = "home"; + # }; + # vlanConfig.Id = 1; + #}; + #"guest" = { + # netdevConfig = { + # Kind = "vlan"; + # Name = "guest"; + # }; + # vlanConfig.Id = 2; + #}; }; networks = { "brlan" = { matchConfig.Name = "brlan"; - networkConfig.VLAN = ["lan" "guest"]; - bridgeVLANs = [ - {bridgeVLANConfig.VLAN = 1;} - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - "lan" = { - matchConfig.Name = "lan"; + #networkConfig.VLAN = ["home"]; + #bridgeVLANs = [ + # { + # bridgeVLANConfig = { + # EgressUntagged = 1; + # PVID = 1; + # }; + # } + # {bridgeVLANConfig.VLAN = 2;} + #]; + #}; + #"home" = { + #matchConfig.Name = "home"; networkConfig = { Address = "${cnf.lanIP}/${toString cnf.lanPrefix}"; IPForward = "yes"; @@ -126,29 +131,29 @@ in { Announce = "yes"; }; }; - "guest" = { - matchConfig.Name = "guest"; - networkConfig = { - Address = "192.168.1.1/24"; - IPForward = "yes"; - DHCPServer = "yes"; - DHCPPrefixDelegation = "yes"; - IPv6SendRA = "yes"; - IPv6AcceptRA = "no"; - }; - dhcpServerConfig = { - UplinkInterface = cnf.wan; - PoolOffset = cnf.dynIPStart; - PoolSize = cnf.dynIPCount; - EmitDNS = "yes"; - DNS = "1.1.1.1"; - }; - dhcpPrefixDelegationConfig = { - UplinkInterface = cnf.wan; - SubnetId = 2; - Announce = "yes"; - }; - }; + #"guest" = { + # matchConfig.Name = "guest"; + # networkConfig = { + # Address = "192.168.1.1/24"; + # IPForward = "yes"; + # DHCPServer = "yes"; + # DHCPPrefixDelegation = "yes"; + # IPv6SendRA = "yes"; + # IPv6AcceptRA = "no"; + # }; + # dhcpServerConfig = { + # UplinkInterface = cnf.wan; + # PoolOffset = cnf.dynIPStart; + # PoolSize = cnf.dynIPCount; + # EmitDNS = "yes"; + # DNS = "1.1.1.1"; + # }; + # dhcpPrefixDelegationConfig = { + # UplinkInterface = cnf.wan; + # SubnetId = 2; + # Announce = "yes"; + # }; + #}; }; wait-online.anyInterface = true; }; -- cgit v1.2.3