blob: b332cabe370f73b1a280ef0974050c5ec0f19a86 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
{config, ...}: let
hosts = config.cynerd.hosts.adm;
in {
turris.board = "omnia";
deploy = {
enable = true;
ssh.host = "adm.cynerd.cz";
};
cynerd = {
router = {
enable = true;
wan = "pppoe-wan";
lanIP = hosts.omnia;
staticLeases = {
"70:85:c2:4a:59:f2" = hosts.ridcully;
"7c:b0:c2:bb:9c:ca" = hosts.albert;
"4c:d5:77:0d:85:d9" = hosts.binky;
"b8:27:eb:49:54:5a" = hosts.mpd;
};
guestStaticLeases = {
"f4:a9:97:a4:bd:59" = hosts.printer;
};
};
wifiAP.adm = {
enable = false;
ar9287 = {
interface = "wlp1s0";
bssids = config.secrets.wifiMacs.adm-omnia.ar9287;
channel = 11;
};
qca988x = {
interface = "wlp3s0";
bssids = config.secrets.wifiMacs.adm-omnia.qca988x;
channel = 36;
};
};
wireguard = true;
monitoring.speedtest = true;
};
services.journald.extraConfig = ''
SystemMaxUse=8G
'';
services.btrfs.autoScrub = {
enable = true;
fileSystems = ["/"];
};
networking = {
useNetworkd = true;
useDHCP = false;
};
systemd.network = {
networks = {
"end2" = {
matchConfig.Name = "end2"; # Ensure that it is managed by systemd-networkd
networkConfig.IPv6AcceptRA = false;
};
"pppoe-wan" = {
matchConfig.Name = "pppoe-wan";
networkConfig = {
BindCarrier = "end2";
DHCP = "ipv6";
IPv6AcceptRA = "no";
DHCPPrefixDelegation = "yes";
DNS = "1.1.1.1";
};
dhcpV6Config = {
PrefixDelegationHint = "::/56";
UseDNS = "no";
};
dhcpPrefixDelegationConfig = {
UplinkInterface = ":self";
SubnetId = 0;
Announce = "no";
};
linkConfig.RequiredForOnline = "routable";
};
"lan-brlan" = {
matchConfig.Name = "lan4";
networkConfig.Bridge = "brlan";
bridgeVLANs = [
{
EgressUntagged = 1;
PVID = 1;
}
{VLAN = 2;}
];
};
"lan-guest" = {
matchConfig.Name = "lan[0-3]";
networkConfig.Bridge = "brlan";
bridgeVLANs = [
{
EgressUntagged = 2;
PVID = 2;
}
];
};
};
};
services.pppd = {
enable = true;
peers."wan".config = ''
plugin pppoe.so end2
ifname pppoe-wan
lcp-echo-interval 1
lcp-echo-failure 5
lcp-echo-adaptive
defaultroute
defaultroute6
#usepeerdns
maxfail 1
user O2
password 02
'';
};
systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.device"];
# TODO limit NSS clamping to just pppoe-wan
networking.firewall.extraForwardRules = ''
tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
iifname {"home", "wg"} oifname {"home", "wg"} accept
iifname "home" oifname "guest" accept comment "Allow home to access guest devices"
'';
}
|