1 files changed, 148 insertions, 0 deletions

diff --git a/2024-installfest/router-guest.nix b/2024-installfest/router-guest.nix
new file mode 100644
index 0000000..a3fd1ed
--- /dev/null
+++ b/2024-installfest/router-guest.nix
@@ -0,0 +1,148 @@
+{
+  systemd.network = {
+    netdevs = {
+      "brlan" = {
+        netdevConfig = {
+          Kind = "bridge";
+          Name = "brlan";
+        };
+        extraConfig = ''
+          [Bridge]
+          DefaultPVID=none
+          VLANFiltering=yes
+        '';
+      };
+      "home" = {
+        netdevConfig = {
+          Kind = "vlan";
+          Name = "home";
+        };
+        vlanConfig.Id = 1;
+      };
+      "guest" = {
+        netdevConfig = {
+          Kind = "vlan";
+          Name = "guest";
+        };
+        vlanConfig.Id = 2;
+      };
+    };
+    networks = {
+      "end2" = {
+        matchConfig.Name = "end2";
+        networkConfig = {
+          DHCP = "yes";
+          IPv6AcceptRA = "yes";
+          DHCPPrefixDelegation = "yes";
+        };
+        dhcpV6Config.PrefixDelegationHint = "::/56";
+        dhcpPrefixDelegationConfig = {
+          UplinkInterface = ":self";
+          SubnetId = 0;
+          Announce = "no";
+        };
+        linkConfig.RequiredForOnline = "routable";
+      };
+      "brlan" = {
+        matchConfig.Name = "brlan";
+        networkConfig.VLAN = ["home" "guest"];
+        bridgeVLANs = [
+          {bridgeVLANConfig.VLAN = 1;}
+          {bridgeVLANConfig.VLAN = 2;}
+        ];
+      };
+      "lan-brlan" = {
+        matchConfig.Name = "lan*";
+        networkConfig.Bridge = "brlan";
+        bridgeVLANs = [
+          {
+            bridgeVLANConfig = {
+              EgressUntagged = 1;
+              PVID = 1;
+            };
+          }
+          {bridgeVLANConfig.VLAN = 2;}
+        ];
+      };
+      "home" = {
+        matchConfig.Name = "home";
+        networkConfig = {
+          Address = "192.168.4.1/24";
+          IPForward = "yes";
+          DHCPServer = "yes";
+          DHCPPrefixDelegation = "yes";
+          IPv6SendRA = "yes";
+          IPv6AcceptRA = "no";
+        };
+        dhcpServerConfig = {
+          UplinkInterface = "end2";
+          PoolOffset = 100;
+          PoolSize = 100;
+          EmitDNS = "yes";
+          DNS = "192.168.4.1";
+        };
+        dhcpServerStaticLeases = [
+          {
+            dhcpServerStaticLeaseConfig = {
+              MACAddress = "a8:a1:59:10:32:c4";
+              Address = "192.168.4.20";
+            };
+          }
+        ];
+        dhcpPrefixDelegationConfig = {
+          UplinkInterface = "end2";
+          Announce = "yes";
+        };
+      };
+      "guest" = {
+        matchConfig.Name = "guest";
+        networkConfig = {
+          Address = "192.168.5.1/24";
+          IPForward = "yes";
+          DHCPServer = "yes";
+          DHCPPrefixDelegation = "yes";
+          IPv6SendRA = "yes";
+          IPv6AcceptRA = "no";
+        };
+        dhcpServerConfig = {
+          UplinkInterface = "end2";
+          PoolOffset = 100;
+          PoolSize = 100;
+          EmitDNS = "yes";
+          DNS = "192.168.5.1";
+        };
+        dhcpPrefixDelegationConfig = {
+          UplinkInterface = "end2";
+          Announce = "yes";
+        };
+      };
+    };
+    wait-online.anyInterface = true;
+  };
+
+  services.resolved = {
+    enable = true;
+    fallbackDns = ["1.1.1.1" "8.8.8.8"];
+    extraConfig = ''
+      DNSStubListenerExtra=192.168.4.1
+      DNSStubListenerExtra=192.168.5.1
+    '';
+  };
+
+  networking = {
+    useNetworkd = true;
+    nftables.enable = true;
+    firewall = {
+      interfaces = {
+        "home" = {allowedUDPPorts = [53 67 68];};
+        "guest" = {allowedUDPPorts = [53 67 68];};
+      };
+      filterForward = true;
+    };
+    nat = {
+      enable = true;
+      externalInterface = "end2";
+      internalInterfaces = ["home" "guest"];
+    };
+  };
+}