From d37d79b96d7d5d262345ab122fd2cb7a66e0bdc2 Mon Sep 17 00:00:00 2001
From: Mathias Magnusson <mathias@magnusson.space>
Date: Tue, 14 Oct 2025 11:44:19 +0200
Subject: Add ssh keys; persist dhcp leases; move stuff around

---
 router.nix | 72 ++++++++++++++++++++++++++++++++------------------------------
 1 file changed, 37 insertions(+), 35 deletions(-)

(limited to 'router.nix')

diff --git a/router.nix b/router.nix
index 3c75169..2285c84 100644
--- a/router.nix
+++ b/router.nix
@@ -5,22 +5,44 @@ let
 in
 {
   boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true;
-  networking.nftables.enable = true;
-  networking.firewall.filterForward = true;
-  networking.nat = {
+
+  networking = {
+    nftables.enable = true;
+    firewall.filterForward = true;
+    nat = {
+      enable = true;
+      externalInterface = "enp8s0";
+      internalInterfaces = [ "br0" ];
+      # forwardPorts = [{ sourcePort = 1234; destination = "10.69.0.2:12345"; }];
+    };
+    bridges.br0.interfaces = [ lanInterface wifiInterface ];
+    interfaces.br0.ipv4.addresses = [{
+      address = "10.69.0.1";
+      prefixLength = 16;
+    }];
+    networkmanager = {
+      enable = true;
+      unmanaged = [ "interface-name:${lanInterface}" "interface-name:${wifiInterface}" ];
+    };
+  };
+  services.hostapd = {
     enable = true;
-    externalInterface = "enp8s0";
-    internalInterfaces = [ "br0" ];
-    # forwardPorts = [{
-    #   sourcePort = 1234;
-    #   destination = "10.69.0.2:12345";
-    # }];
+    radios.${wifiInterface} = {
+      countryCode = "SE";
+      band = "2g";
+      channel = 12;
+      networks.${wifiInterface} = {
+        ssid = "Heidrun";
+        authentication = {
+          mode = "wpa3-sae";
+          saePasswords = [
+            { password = "REDACTED"; }
+          ];
+        };
+      };
+    };
   };
-  networking.bridges.br0.interfaces = [ lanInterface wifiInterface ];
-  networking.interfaces.br0.ipv4.addresses = [{
-    address = "10.69.0.1";
-    prefixLength = 16;
-  }];
+
   services.kea.dhcp4 = {
     enable = true;
     settings = {
@@ -49,25 +71,5 @@ in
       }];
     };
   };
-  networking.networkmanager = {
-    enable = true;
-    unmanaged = [ "interface-name:${lanInterface}" "interface-name:${wifiInterface}" ];
-  };
-  services.hostapd = {
-    enable = true;
-    radios.${wifiInterface} = {
-      countryCode = "SE";
-      band = "2g";
-      channel = 12;
-      networks.${wifiInterface} = {
-        ssid = "Heidrun";
-        authentication = {
-          mode = "wpa3-sae";
-          saePasswords = [
-            { password = "REDACTED"; }
-          ];
-        };
-      };
-    };
-  };
+  oden.persist.directories = [ "/var/lib/private/kea" ];
 }
-- 
cgit v1.2.3