From 7cd40525ff19d9adb6a7540e16a27c955cb1c517 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Sat, 16 Mar 2024 14:12:11 +0100
Subject: Add presentation from Installfest 2024

---
 2024-installfest/router.nix | 84 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)
 create mode 100644 2024-installfest/router.nix

(limited to '2024-installfest/router.nix')

diff --git a/2024-installfest/router.nix b/2024-installfest/router.nix
new file mode 100644
index 0000000..91fc6bf
--- /dev/null
+++ b/2024-installfest/router.nix
@@ -0,0 +1,84 @@
+{
+  systemd.network = {
+    netdevs = {
+      "brlan".netdevConfig = {
+        Kind = "bridge";
+        Name = "brlan";
+      };
+    };
+    networks = {
+      "end2" = {
+        matchConfig.Name = "end2";
+        networkConfig = {
+          DHCP = "yes";
+          IPv6AcceptRA = "yes";
+          DHCPPrefixDelegation = "yes";
+        };
+        dhcpV6Config.PrefixDelegationHint = "::/56";
+        dhcpPrefixDelegationConfig = {
+          UplinkInterface = ":self";
+          SubnetId = 0;
+          Announce = "no";
+        };
+        linkConfig.RequiredForOnline = "routable";
+      };
+      "brlan" = {
+        matchConfig.Name = "brlan";
+        networkConfig = {
+          Address = "192.168.4.1/24";
+          IPForward = "yes";
+          DHCPServer = "yes";
+          DHCPPrefixDelegation = "yes";
+          IPv6SendRA = "yes";
+          IPv6AcceptRA = "no";
+        };
+        dhcpServerConfig = {
+          UplinkInterface = "end2";
+          PoolOffset = 100;
+          PoolSize = 100;
+          EmitDNS = "yes";
+          DNS = "192.168.4.1";
+        };
+        dhcpServerStaticLeases = [
+          {
+            dhcpServerStaticLeaseConfig = {
+              MACAddress = "a8:a1:59:10:32:c4";
+              Address = "192.168.4.20";
+            };
+          }
+        ];
+        dhcpPrefixDelegationConfig = {
+          UplinkInterface = "end2";
+          Announce = "yes";
+        };
+      };
+      "lan-brlan" = {
+        matchConfig.Name = "lan*";
+        networkConfig.Bridge = "brlan";
+      };
+    };
+    wait-online.anyInterface = true;
+  };
+
+  services.resolved = {
+    enable = true;
+    fallbackDns = ["1.1.1.1" "8.8.8.8"];
+    extraConfig = ''
+      DNSStubListenerExtra=192.168.4.1
+    '';
+  };
+
+  networking = {
+    useNetworkd = true;
+    nftables.enable = true;
+    firewall = {
+      interfaces."brlan" = {allowedUDPPorts = [53 67 68];};
+      filterForward = true;
+    };
+    nat = {
+      enable = true;
+      externalInterface = "end2";
+      internalInterfaces = ["brlan"];
+    };
+  };
+}
-- 
cgit v1.2.3