diff options
Diffstat (limited to 'router.nix')
| -rw-r--r-- | router.nix | 120 |
1 files changed, 79 insertions, 41 deletions
@@ -1,9 +1,4 @@ { config, pkgs, ... }: -let - wanInterface = "enp8s0"; - lanInterface = "enp5s0f0u2"; - wifiInterface = "wlp9s0"; -in { boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true; @@ -19,8 +14,8 @@ in }; nat = { enable = true; - externalInterface = wanInterface; - internalInterfaces = [ "br0" ]; + externalInterface = "wan"; + internalInterfaces = [ "lanbr" ]; forwardPorts = [ { sourcePort = 51801; @@ -37,46 +32,89 @@ in } ]; }; - bridges.br0.interfaces = [ - lanInterface - wifiInterface - ]; - interfaces.br0.ipv4.addresses = [ - { - address = "10.69.0.1"; - prefixLength = 16; - } - ]; - networkmanager = { - enable = true; - unmanaged = [ - "interface-name:${lanInterface}" - "interface-name:${wifiInterface}" - ]; - dispatcherScripts = [ - { - type = "basic"; - source = pkgs.writeScript "dynamic-dns-on-ipv4-change" '' - #!/bin/sh - - [ "$1" = "${wanInterface}" ] || exit - [ "$2" = dhcp4-change ] || exit - ${pkgs.curl}/bin/curl "$(cat "${config.age.secrets."dyndns-url.txt".path}")" - date >> /home/mathias/networkmanager-dispatcherScripts-run - ''; - } - ]; - }; nameservers = [ "127.0.0.1" ]; + + useDHCP = false; + }; + + systemd.network = { + enable = true; + + links."10-wan" = { + matchConfig.Path = "pci-0000:08:00.0"; + linkConfig.Name = "wan"; + }; + networks."10-wan" = { + matchConfig.Name = "wan"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; # I don't get ipv6 from telenor but who knows, maybe in the future? + }; + linkConfig.RequiredForOnline = "routable"; + }; + + netdevs."10-lanbr".netdevConfig = { + Kind = "bridge"; + Name = "lanbr"; + }; + networks."10-lanbr" = { + matchConfig.Name = "lanbr"; + bridgeConfig = { }; + networkConfig = { + IPMasquerade = "ipv4"; + Address = "10.69.0.1/16"; + }; + linkConfig.RequiredForOnline = "routable"; + }; + + links."10-ethlan" = { + matchConfig.Path = "pci-0000:05:00.0-usb-0:2:1.0"; + linkConfig.Name = "ethlan"; + }; + networks."10-ethlan" = { + matchConfig.Name = "ethlan"; + networkConfig.Bridge = "lanbr"; + linkConfig.RequiredForOnline = "enslaved"; + }; + + links."10-wlan" = { + matchConfig.Path = "pci-0000:09:00.0"; + linkConfig.Name = "wlan"; + }; + networks."10-wlan" = { + matchConfig.Name = "wlan"; + networkConfig.Bridge = "lanbr"; + linkConfig.RequiredForOnline = "enslaved"; + }; + }; + services.resolved.enable = false; + + services.networkd-dispatcher = { + enable = true; + rules."ddns" = { + onState = [ "routable" ]; + script = '' + #!/bin/sh + + if [[ "$IFACE" != "wan" || "$STATE" != "routable" ]]; then + exit 0 + fi + + ${pkgs.curl}/bin/curl "$(cat "${config.age.secrets."dyndns-url.txt".path}")" + printf "%s: %s\n" "$(date)" "$ADDR" >> /home/mathias/networkd-dispatcher-run + + exit 0 + ''; + }; }; services.hostapd = { enable = true; - radios.${wifiInterface} = { + radios.wlan = { countryCode = "SE"; band = "2g"; - channel = 12; - networks.${wifiInterface} = { + channel = 11; + networks.wlan = { ssid = "Heidrun"; authentication = { mode = "wpa3-sae"; @@ -103,7 +141,7 @@ in "1.0.0.1" ]; - interface = "br0"; + interface = "lanbr"; dhcp-range = "10.69.0.50,10.69.0.254,255.255.0.0,1h"; dhcp-option = [ "option:router,10.69.0.1" |