diff options
Diffstat (limited to '2024-installfest/router.nix')
| -rw-r--r-- | 2024-installfest/router.nix | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/2024-installfest/router.nix b/2024-installfest/router.nix new file mode 100644 index 0000000..91fc6bf --- /dev/null +++ b/2024-installfest/router.nix @@ -0,0 +1,84 @@ +{ + systemd.network = { + netdevs = { + "brlan".netdevConfig = { + Kind = "bridge"; + Name = "brlan"; + }; + }; + networks = { + "end2" = { + matchConfig.Name = "end2"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = "yes"; + DHCPPrefixDelegation = "yes"; + }; + dhcpV6Config.PrefixDelegationHint = "::/56"; + dhcpPrefixDelegationConfig = { + UplinkInterface = ":self"; + SubnetId = 0; + Announce = "no"; + }; + linkConfig.RequiredForOnline = "routable"; + }; + "brlan" = { + matchConfig.Name = "brlan"; + networkConfig = { + Address = "192.168.4.1/24"; + IPForward = "yes"; + DHCPServer = "yes"; + DHCPPrefixDelegation = "yes"; + IPv6SendRA = "yes"; + IPv6AcceptRA = "no"; + }; + dhcpServerConfig = { + UplinkInterface = "end2"; + PoolOffset = 100; + PoolSize = 100; + EmitDNS = "yes"; + DNS = "192.168.4.1"; + }; + dhcpServerStaticLeases = [ + { + dhcpServerStaticLeaseConfig = { + MACAddress = "a8:a1:59:10:32:c4"; + Address = "192.168.4.20"; + }; + } + ]; + dhcpPrefixDelegationConfig = { + UplinkInterface = "end2"; + Announce = "yes"; + }; + }; + "lan-brlan" = { + matchConfig.Name = "lan*"; + networkConfig.Bridge = "brlan"; + }; + }; + wait-online.anyInterface = true; + }; + + services.resolved = { + enable = true; + fallbackDns = ["1.1.1.1" "8.8.8.8"]; + extraConfig = '' + DNSStubListenerExtra=192.168.4.1 + ''; + }; + + networking = { + useNetworkd = true; + nftables.enable = true; + firewall = { + interfaces."brlan" = {allowedUDPPorts = [53 67 68];}; + filterForward = true; + }; + nat = { + enable = true; + externalInterface = "end2"; + internalInterfaces = ["brlan"]; + }; + }; +} |