blob: 88e2ab74a52c3044d8f306b003051c9acb0e903a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
{ config, pkgs, ... }:
let
wanInterface = "enp8s0";
lanInterface = "enp5s0f0u2";
wifiInterface = "wlp9s0";
in
{
boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true;
networking = {
nftables.enable = true;
firewall = {
filterForward = true;
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [
53
67
];
};
nat = {
enable = true;
externalInterface = wanInterface;
internalInterfaces = [ "br0" ];
forwardPorts = [
{
sourcePort = 51801;
destination = "10.69.0.3:51801";
proto = "udp";
}
{
sourcePort = 80;
destination = "10.69.0.3:80";
}
{
sourcePort = 443;
destination = "10.69.0.3:443";
}
];
};
bridges.br0.interfaces = [
lanInterface
wifiInterface
];
interfaces.br0.ipv4.addresses = [
{
address = "10.69.0.1";
prefixLength = 16;
}
];
networkmanager = {
enable = true;
unmanaged = [
"interface-name:${lanInterface}"
"interface-name:${wifiInterface}"
];
dispatcherScripts = [
{
type = "basic";
source = pkgs.writeScript "dynamic-dns-on-ipv4-change" ''
#!/bin/sh
[ "$1" = "${wanInterface}" ] || exit
[ "$2" = dhcp4-change ] || exit
${pkgs.curl}/bin/curl "$(cat "${config.age.secrets."dyndns-url.txt".path}")"
date >> /home/mathias/networkmanager-dispatcherScripts-run
'';
}
];
};
nameservers = [ "127.0.0.1" ];
};
services.hostapd = {
enable = true;
radios.${wifiInterface} = {
countryCode = "SE";
band = "2g";
channel = 12;
networks.${wifiInterface} = {
ssid = "Heidrun";
authentication = {
mode = "wpa3-sae";
saePasswords = [
{ passwordFile = config.age.secrets."wifi-password.txt".path; }
];
};
};
};
};
services.dnsmasq = {
enable = true;
settings = {
domain-needed = true;
bogus-priv = true;
no-resolv = true;
domain = "m";
local = "/m/";
server = [
"1.1.1.1"
"1.0.0.1"
];
interface = "br0";
dhcp-range = "10.69.0.50,10.69.0.254,255.255.0.0,1h";
dhcp-option = [
"option:router,10.69.0.1"
"option:dns-server,10.69.0.1"
];
dhcp-authoritative = true;
no-hosts = true;
dhcp-host = "mimer,10.69.0.3";
address = [
"/oden.m/10.69.0.1"
"/mimer.m/10.69.0.3"
];
};
};
oden.persist.directories = [ "/var/lib/dnsmasq" ];
age.secrets."wifi-password.txt".file = ./secrets/wifi-password.txt.age;
age.secrets."dyndns-url.txt".file = ./secrets/dyndns-url.txt.age;
}
|
