blob: 03f41fc066d48bbf13dbfcfdf36d1bb8f3026bee (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
{ config, pkgs, ... }:
{
boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true;
networking = {
nftables.enable = true;
firewall = {
filterForward = true;
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [
53
67
];
};
nat = {
enable = true;
externalInterface = "wan";
internalInterfaces = [ "lanbr" ];
forwardPorts = [
{
sourcePort = 51801;
destination = "10.69.0.3:51801";
proto = "udp";
}
{
sourcePort = 80;
destination = "10.69.0.3:80";
}
{
sourcePort = 443;
destination = "10.69.0.3:443";
}
];
};
nameservers = [ "127.0.0.1" ];
useDHCP = false;
};
systemd.network = {
enable = true;
links."10-wan" = {
matchConfig.Path = "pci-0000:08:00.0";
linkConfig.Name = "wan";
};
networks."10-wan" = {
matchConfig.Name = "wan";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = true; # I don't get ipv6 from telenor but who knows, maybe in the future?
};
linkConfig.RequiredForOnline = "routable";
};
netdevs."10-lanbr".netdevConfig = {
Kind = "bridge";
Name = "lanbr";
};
networks."10-lanbr" = {
matchConfig.Name = "lanbr";
bridgeConfig = { };
networkConfig = {
IPMasquerade = "ipv4";
Address = "10.69.0.1/16";
};
linkConfig.RequiredForOnline = "routable";
};
links."10-ethlan" = {
matchConfig.Path = "pci-0000:05:00.0-usb-0:2:1.0";
linkConfig.Name = "ethlan";
};
networks."10-ethlan" = {
matchConfig.Name = "ethlan";
networkConfig.Bridge = "lanbr";
linkConfig.RequiredForOnline = "enslaved";
};
links."10-wlan" = {
matchConfig.Path = "pci-0000:09:00.0";
linkConfig.Name = "wlan";
};
networks."10-wlan" = {
matchConfig.Name = "wlan";
networkConfig.Bridge = "lanbr";
linkConfig.RequiredForOnline = "enslaved";
};
};
services.resolved.enable = false;
services.networkd-dispatcher = {
enable = true;
rules."ddns" = {
onState = [ "routable" ];
script = ''
#!/bin/sh
if [[ "$IFACE" != "wan" || "$STATE" != "routable" ]]; then
exit 0
fi
${pkgs.curl}/bin/curl "$(cat "${config.age.secrets."dyndns-url.txt".path}")"
printf "%s: %s\n" "$(date)" "$ADDR" >> /home/mathias/networkd-dispatcher-run
exit 0
'';
};
};
services.hostapd = {
enable = true;
radios.wlan = {
countryCode = "SE";
band = "2g";
channel = 11;
networks.wlan = {
ssid = "Heidrun";
authentication = {
mode = "wpa3-sae";
saePasswords = [
{ passwordFile = config.age.secrets."wifi-password.txt".path; }
];
};
};
};
};
services.dnsmasq = {
enable = true;
settings = {
domain-needed = true;
bogus-priv = true;
no-resolv = true;
domain = "m";
local = "/m/";
server = [
"1.1.1.1"
"1.0.0.1"
];
interface = "lanbr";
dhcp-range = "10.69.0.50,10.69.0.254,255.255.0.0,1h";
dhcp-option = [
"option:router,10.69.0.1"
"option:dns-server,10.69.0.1"
];
dhcp-authoritative = true;
no-hosts = true;
dhcp-host = "mimer,10.69.0.3";
address = [
"/oden.m/10.69.0.1"
"/mimer.m/10.69.0.3"
];
};
};
oden.persist.directories = [ "/var/lib/dnsmasq" ];
age.secrets."wifi-password.txt".file = ./secrets/wifi-password.txt.age;
age.secrets."dyndns-url.txt".file = ./secrets/dyndns-url.txt.age;
}
|
