#import "@preview/polylux:0.4.0": * #import "@preview/metropolis-polylux:0.1.0" as metropolis #show: metropolis.setup #show: metropolis.setup.with(footer: [NixOS on routers]) #slide[ #set page(header: none, footer: none, margin: 3em) #text(size: 1.3em)[*NixOS on routers*] Fosdem 2026 #metropolis.divider #set text(size: .8em, weight: "light") Karel Kočí 31.01.2026 ] #metropolis.new-section[Why?] #slide[ = Why? #toolbox.side-by-side[ - Unified deployment - Unified management - Unified monitoring - Unified tools ][ #set align(center) #image("unified.png") ] - Reproducible ] #slide[ #set page(header: none, footer: none, margin: 0em) #set align(center) #grid( columns: (50%, 50%), rows: (47%, 53%), image("omnia.jpg"), image("mox.jpg"), image("ssh-omnia.png"), image("ssh-mox.png"), ) ] #metropolis.new-section[Network Setup] #slide[ = SystemD Networkd #set text(18pt) ```nix boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; networking.useNetworkd = true; systemd.network = { "eth1" = { matchConfig.Name = "eth1"; networkConfig = { Address = "192.168.1.1/24"; IPv4Forwarding = "yes"; DHCPServer = "yes"; DHCPPrefixDelegation = "yes"; IPv6Forwarding = "yes"; IPv6SendRA = "yes"; IPv6AcceptRA = "no"; }; dhcpServerConfig = { UplinkInterface = "eth0"; PoolOffset = 100; PoolSize = 100; }; dhcpPrefixDelegationConfig = { UplinkInterface = "eth0"; SubnetId = 1; Announce = "yes"; }; }; }; ``` ] #slide[ = Resolved #set text(18pt) ```nix services.resolved = { enable = true; settings.Resolve = { DNSStubListenerExtra=["192.168.1.1"]; FallbackDNS = ["1.1.1.1" "8.8.8.8"]; }; }; systemd.network."eth1".dhcpServerConfig = { EmitDNS = "yes"; DNS = "192.168.1.1"; }; ``` ] #slide[ = Firewall #set text(18pt) ```nix networking.firewall = { interfaces."eth1".allowedUDPPorts = [ 53 67 68 ]; nat = { enable = true; externalInterface = "eth0"; internalInterfaces = ["eth1"]; }; }; ``` ] #metropolis.new-section[Choosing Hardware] #slide[ = Hardware Requirements - 2-\? Ethernet interfaces - Wi-Fi? - Storage (NixOS at least 16G): NVMe / mSD card - CPU architecture: Watts vs. support ] #slide[ = SOHO Router #set align(top) Commonly ARMv7l or AArch64. #toolbox.side-by-side[ == Advantages - Small form factor - Lower power consumption ][ == Disadvantages - Harder to get running - Requires cross-compilation - ARMv7l on NixOS is pain ] ] #slide[ = x84_64 with PCIe cards #set align(top) #toolbox.side-by-side[ == Advantages - Architecture fully supported - Not different from server - More powerful for service hosting ][ == Disadvantages - Possibly higher power consumption - Large form factor ] #set align(horizon) Most likely better paired with SOHO for Wi-Fi and non-NixOS switch. ] #slide[ = Bonus: Porting to ARM ```nix nixpkgs.hostPlatform.system = "armv7l-linux"; boot = { loader = { grub.enable = false; systemd-boot.enable = false; generic-extlinux-compatible.enable = true; }; kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_1_turris_omnia; initrd.includeDefaultModules = false; kernelParams = [ "earlyprintk" "console=ttyS0,115200" ]; kernelModules = [ "leds_turris_omnia" ]; initrd.availableKernelModules = [ "ahci_mvebu" "rtc_armada38x" ]; }; ``` ] #slide[ #show: metropolis.focus Thank you Karel Kočí #metropolis.divider #text(size: 0.7em)[ https://gitlab.com/Cynerd/nixos-personal https://git.cynerd.cz/presentations/tree/2026-fosdem ] ]