blob: 2308b3c355eff0e058e875d3182469ae515f3020 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
{ ... }:
let
lanInterface = "enp5s0f0u2";
wifiInterface = "wlp9s0";
in
{
boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true;
networking = {
nftables.enable = true;
firewall.filterForward = true;
nat = {
enable = true;
externalInterface = "enp8s0";
internalInterfaces = [ "br0" ];
# forwardPorts = [{ sourcePort = 1234; destination = "10.69.0.2:12345"; }];
};
bridges.br0.interfaces = [ lanInterface wifiInterface ];
interfaces.br0.ipv4.addresses = [{
address = "10.69.0.1";
prefixLength = 16;
}];
networkmanager = {
enable = true;
unmanaged = [ "interface-name:${lanInterface}" "interface-name:${wifiInterface}" ];
};
};
services.hostapd = {
enable = true;
radios.${wifiInterface} = {
countryCode = "SE";
band = "2g";
channel = 12;
networks.${wifiInterface} = {
ssid = "Heidrun";
authentication = {
mode = "wpa3-sae";
saePasswords = [
{ password = "REDACTED"; }
];
};
};
};
};
services.dnsmasq = {
enable = true;
settings = {
domain-needed = true;
bogus-priv = true;
no-resolv = true;
domain = "m.internal";
local = "/m.internal/";
server = [ "1.1.1.1" "1.0.0.1" ];
interface = "br0";
dhcp-range = "10.69.0.2,10.69.0.254,255.255.0.0,1h";
dhcp-option = [ "option:router,10.69.0.1" "option:dns-server,10.69.0.1" ];
dhcp-authoritative = true;
no-hosts = true;
address = "/oden.m.internal/10.69.0.1";
};
};
networking.nameservers = [ "127.0.0.1" ];
networking.firewall.allowedUDPPorts = [ 53 67 ];
networking.firewall.allowedTCPPorts = [ 53 ];
oden.persist.directories = [ "/var/lib/dnsmasq" ];
}
|
