mirror of
https://github.com/mdlayher/homelab.git
synced 2024-12-15 17:50:54 +00:00
492e24c0fd
Signed-off-by: Matt Layher <mdlayher@gmail.com>
158 lines
3.6 KiB
Nix
158 lines
3.6 KiB
Nix
{ config, ... }:
|
|
|
|
let
|
|
vars = import ./vars.nix;
|
|
|
|
guest0 = vars.interfaces.guest0;
|
|
iot0 = vars.interfaces.iot0;
|
|
lab0 = vars.interfaces.lab0;
|
|
lan0 = vars.interfaces.lan0;
|
|
wan0 = vars.interfaces.wan0;
|
|
wg0 = vars.interfaces.wg0;
|
|
|
|
in {
|
|
# LAN interface.
|
|
networking = {
|
|
hostName = "routnerr-2";
|
|
nameservers = [ "${vars.localhost.ipv4}" "${vars.localhost.ipv6}" ];
|
|
|
|
dhcpcd = {
|
|
enable = true;
|
|
# Do not remove interface configuration on shutdown.
|
|
persistent = true;
|
|
allowInterfaces = [ "${wan0.name}" ];
|
|
extraConfig = ''
|
|
noipv6rs
|
|
interface ${wan0.name}
|
|
ipv6rs
|
|
# DHCPv6-PD.
|
|
ia_na 0
|
|
ia_pd 1/::/56 ${lan0.name}/0/64 ${lab0.name}/2/64 ${guest0.name}/9/64 ${iot0.name}/102/64
|
|
|
|
# IPv4 DHCP ISP settings overrides.
|
|
static domain_name_servers=${vars.localhost.ipv4}
|
|
static domain_search=
|
|
static domain_name=
|
|
'';
|
|
};
|
|
|
|
interfaces = {
|
|
# Trusted LANs.
|
|
${lan0.name} = {
|
|
ipv4.addresses = [{
|
|
address = "${lan0.ipv4}";
|
|
prefixLength = 24;
|
|
}];
|
|
ipv6.addresses = [
|
|
{
|
|
address = "${lan0.ipv6.lla}";
|
|
prefixLength = 64;
|
|
}
|
|
{
|
|
address = "${lan0.ipv6.ula}";
|
|
prefixLength = 64;
|
|
}
|
|
];
|
|
preferTempAddress = false;
|
|
};
|
|
${lab0.name} = {
|
|
ipv4.addresses = [{
|
|
address = "${lab0.ipv4}";
|
|
prefixLength = 24;
|
|
}];
|
|
ipv6.addresses = [
|
|
{
|
|
address = "${lab0.ipv6.lla}";
|
|
prefixLength = 64;
|
|
}
|
|
{
|
|
address = "${lab0.ipv6.ula}";
|
|
prefixLength = 64;
|
|
}
|
|
];
|
|
preferTempAddress = false;
|
|
};
|
|
# Untrusted LANs.
|
|
${guest0.name} = {
|
|
ipv4.addresses = [{
|
|
address = "${guest0.ipv4}";
|
|
prefixLength = 24;
|
|
}];
|
|
ipv6.addresses = [
|
|
{
|
|
address = "${guest0.ipv6.lla}";
|
|
prefixLength = 64;
|
|
}
|
|
{
|
|
address = "${guest0.ipv6.ula}";
|
|
prefixLength = 64;
|
|
}
|
|
];
|
|
preferTempAddress = false;
|
|
};
|
|
${iot0.name} = {
|
|
ipv4.addresses = [{
|
|
address = "${iot0.ipv4}";
|
|
prefixLength = 24;
|
|
}];
|
|
ipv6.addresses = [
|
|
{
|
|
address = "${iot0.ipv6.lla}";
|
|
prefixLength = 64;
|
|
}
|
|
{
|
|
address = "${iot0.ipv6.ula}";
|
|
prefixLength = 64;
|
|
}
|
|
];
|
|
preferTempAddress = false;
|
|
};
|
|
};
|
|
|
|
vlans = {
|
|
${lab0.name} = {
|
|
id = 2;
|
|
interface = "${lan0.name}";
|
|
};
|
|
${guest0.name} = {
|
|
id = 9;
|
|
interface = "${lan0.name}";
|
|
};
|
|
${iot0.name} = {
|
|
id = 66;
|
|
interface = "${lan0.name}";
|
|
};
|
|
};
|
|
|
|
wireguard = {
|
|
enable = true;
|
|
interfaces = {
|
|
${wg0.name} = {
|
|
listenPort = 51820;
|
|
ips = [
|
|
"${wg0.ipv4}/24"
|
|
"${wg0.ipv6.gua}/64"
|
|
"${wg0.ipv6.ula}/64"
|
|
"${wg0.ipv6.lla}/64"
|
|
];
|
|
privateKeyFile = "${vars.cfg}/wg0.key";
|
|
peers = [
|
|
# mdlayher-fastly
|
|
{
|
|
publicKey = "VWRsPtbdGtcNyaQ+cFAZfZnYL05uj+XINQS6yQY5gQ8=";
|
|
allowedIPs = [
|
|
"192.168.20.0/24"
|
|
"2600:6c4a:787f:d120::/64"
|
|
"fd9e:1a04:f01d:20::/64"
|
|
"fe80::10/128"
|
|
];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
nat.enable = false;
|
|
firewall.enable = false;
|
|
};
|
|
}
|