Add ssh keys; persist dhcp leases; move stuff around

author: Mathias Magnusson <mathias@magnusson.space> 2025-10-14 11:44:19 +0200
committer: Mathias Magnusson <mathias@magnusson.space> 2025-10-19 15:36:05 +0200
commit: d37d79b96d7d5d262345ab122fd2cb7a66e0bdc2 (patch)
tree: a9091da5fdb5c6244a26806e1f1defd0e9609c2f /router.nix
parent: 2d2d3463f3fd9fc495662ddd2758d89569a89d21 (diff)
download: oden-d37d79b96d7d5d262345ab122fd2cb7a66e0bdc2.tar.gz
1 files changed, 37 insertions, 35 deletions
diff --git a/router.nix b/router.nix
index 3c75169..2285c84 100644
--- a/router.nix
+++ b/router.nix
@@ -5,22 +5,44 @@ let
 in
 {
   boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true;
-  networking.nftables.enable = true;
-  networking.firewall.filterForward = true;
-  networking.nat = {
+
+  networking = {
+    nftables.enable = true;
+    firewall.filterForward = true;
+    nat = {
+      enable = true;
+      externalInterface = "enp8s0";
+      internalInterfaces = [ "br0" ];
+      # forwardPorts = [{ sourcePort = 1234; destination = "10.69.0.2:12345"; }];
+    };
+    bridges.br0.interfaces = [ lanInterface wifiInterface ];
+    interfaces.br0.ipv4.addresses = [{
+      address = "10.69.0.1";
+      prefixLength = 16;
+    }];
+    networkmanager = {
+      enable = true;
+      unmanaged = [ "interface-name:${lanInterface}" "interface-name:${wifiInterface}" ];
+    };
+  };
+  services.hostapd = {
     enable = true;
-    externalInterface = "enp8s0";
-    internalInterfaces = [ "br0" ];
-    # forwardPorts = [{
-    #   sourcePort = 1234;
-    #   destination = "10.69.0.2:12345";
-    # }];
+    radios.${wifiInterface} = {
+      countryCode = "SE";
+      band = "2g";
+      channel = 12;
+      networks.${wifiInterface} = {
+        ssid = "Heidrun";
+        authentication = {
+          mode = "wpa3-sae";
+          saePasswords = [
+            { password = "REDACTED"; }
+          ];
+        };
+      };
+    };
   };
-  networking.bridges.br0.interfaces = [ lanInterface wifiInterface ];
-  networking.interfaces.br0.ipv4.addresses = [{
-    address = "10.69.0.1";
-    prefixLength = 16;
-  }];
+
   services.kea.dhcp4 = {
     enable = true;
     settings = {
@@ -49,25 +71,5 @@ in
       }];
     };
   };
-  networking.networkmanager = {
-    enable = true;
-    unmanaged = [ "interface-name:${lanInterface}" "interface-name:${wifiInterface}" ];
-  };
-  services.hostapd = {
-    enable = true;
-    radios.${wifiInterface} = {
-      countryCode = "SE";
-      band = "2g";
-      channel = 12;
-      networks.${wifiInterface} = {
-        ssid = "Heidrun";
-        authentication = {
-          mode = "wpa3-sae";
-          saePasswords = [
-            { password = "REDACTED"; }
-          ];
-        };
-      };
-    };
-  };
+  oden.persist.directories = [ "/var/lib/private/kea" ];
 }
author	Mathias Magnusson <mathias@magnusson.space>	2025-10-14 11:44:19 +0200
committer	Mathias Magnusson <mathias@magnusson.space>	2025-10-19 15:36:05 +0200
commit	d37d79b96d7d5d262345ab122fd2cb7a66e0bdc2 (patch)
tree	a9091da5fdb5c6244a26806e1f1defd0e9609c2f /router.nix
parent	2d2d3463f3fd9fc495662ddd2758d89569a89d21 (diff)
download	oden-d37d79b96d7d5d262345ab122fd2cb7a66e0bdc2.tar.gz