diff options
| author | Mathias Magnusson <mathias@magnusson.space> | 2025-10-26 11:10:38 +0100 |
|---|---|---|
| committer | Mathias Magnusson <mathias@magnusson.space> | 2025-10-26 12:40:29 +0100 |
| commit | 5a4409968ef6672784f0802d0b4c56c7fe0bc41b (patch) | |
| tree | 7b8a6449f6f1cff617da9f9ae814779b5b9b141f | |
| parent | 5fc9c83c37308d1865d9e89f7550b479dcb0cb7e (diff) | |
| download | oden-5a4409968ef6672784f0802d0b4c56c7fe0bc41b.tar.gz | |
switch to systemd-networkd
| -rw-r--r-- | router.nix | 120 |
1 files changed, 79 insertions, 41 deletions
@@ -1,9 +1,4 @@ { config, pkgs, ... }: -let - wanInterface = "enp8s0"; - lanInterface = "enp5s0f0u2"; - wifiInterface = "wlp9s0"; -in { boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true; @@ -19,8 +14,8 @@ in }; nat = { enable = true; - externalInterface = wanInterface; - internalInterfaces = [ "br0" ]; + externalInterface = "wan"; + internalInterfaces = [ "lanbr" ]; forwardPorts = [ { sourcePort = 51801; @@ -37,46 +32,89 @@ in } ]; }; - bridges.br0.interfaces = [ - lanInterface - wifiInterface - ]; - interfaces.br0.ipv4.addresses = [ - { - address = "10.69.0.1"; - prefixLength = 16; - } - ]; - networkmanager = { - enable = true; - unmanaged = [ - "interface-name:${lanInterface}" - "interface-name:${wifiInterface}" - ]; - dispatcherScripts = [ - { - type = "basic"; - source = pkgs.writeScript "dynamic-dns-on-ipv4-change" '' - #!/bin/sh - - [ "$1" = "${wanInterface}" ] || exit - [ "$2" = dhcp4-change ] || exit - ${pkgs.curl}/bin/curl "$(cat "${config.age.secrets."dyndns-url.txt".path}")" - date >> /home/mathias/networkmanager-dispatcherScripts-run - ''; - } - ]; - }; nameservers = [ "127.0.0.1" ]; + + useDHCP = false; + }; + + systemd.network = { + enable = true; + + links."10-wan" = { + matchConfig.Path = "pci-0000:08:00.0"; + linkConfig.Name = "wan"; + }; + networks."10-wan" = { + matchConfig.Name = "wan"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; # I don't get ipv6 from telenor but who knows, maybe in the future? + }; + linkConfig.RequiredForOnline = "routable"; + }; + + netdevs."10-lanbr".netdevConfig = { + Kind = "bridge"; + Name = "lanbr"; + }; + networks."10-lanbr" = { + matchConfig.Name = "lanbr"; + bridgeConfig = { }; + networkConfig = { + IPMasquerade = "ipv4"; + Address = "10.69.0.1/16"; + }; + linkConfig.RequiredForOnline = "routable"; + }; + + links."10-ethlan" = { + matchConfig.Path = "pci-0000:05:00.0-usb-0:2:1.0"; + linkConfig.Name = "ethlan"; + }; + networks."10-ethlan" = { + matchConfig.Name = "ethlan"; + networkConfig.Bridge = "lanbr"; + linkConfig.RequiredForOnline = "enslaved"; + }; + + links."10-wlan" = { + matchConfig.Path = "pci-0000:09:00.0"; + linkConfig.Name = "wlan"; + }; + networks."10-wlan" = { + matchConfig.Name = "wlan"; + networkConfig.Bridge = "lanbr"; + linkConfig.RequiredForOnline = "enslaved"; + }; + }; + services.resolved.enable = false; + + services.networkd-dispatcher = { + enable = true; + rules."ddns" = { + onState = [ "routable" ]; + script = '' + #!/bin/sh + + if [[ "$IFACE" != "wan" || "$STATE" != "routable" ]]; then + exit 0 + fi + + ${pkgs.curl}/bin/curl "$(cat "${config.age.secrets."dyndns-url.txt".path}")" + printf "%s: %s\n" "$(date)" "$ADDR" >> /home/mathias/networkd-dispatcher-run + + exit 0 + ''; + }; }; services.hostapd = { enable = true; - radios.${wifiInterface} = { + radios.wlan = { countryCode = "SE"; band = "2g"; - channel = 12; - networks.${wifiInterface} = { + channel = 11; + networks.wlan = { ssid = "Heidrun"; authentication = { mode = "wpa3-sae"; @@ -103,7 +141,7 @@ in "1.0.0.1" ]; - interface = "br0"; + interface = "lanbr"; dhcp-range = "10.69.0.50,10.69.0.254,255.255.0.0,1h"; dhcp-option = [ "option:router,10.69.0.1" |