diff options
| author | Tim Keller <tjk@tjkeller.xyz> | 2026-03-28 14:31:17 -0500 |
|---|---|---|
| committer | Tim Keller <tjk@tjkeller.xyz> | 2026-03-28 14:31:17 -0500 |
| commit | 63c261391ea77f2d940997a7c403a7426b90ab02 (patch) | |
| tree | 4eb6a2093d6b865fc213658cdfa9150291e689d6 /hosts | |
| parent | fba387bf6ed132ad7e3b0bdb35617dbc20357c61 (diff) | |
| parent | 0538c0398cbf338ad1261b1f58a01d3aaed94d50 (diff) | |
| download | nixos-63c261391ea77f2d940997a7c403a7426b90ab02.tar.xz nixos-63c261391ea77f2d940997a7c403a7426b90ab02.zip | |
Merge branch 'master' of 192.168.77.8:nixos
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/flex-wg-router/configuration.nix | 45 |
1 files changed, 34 insertions, 11 deletions
diff --git a/hosts/flex-wg-router/configuration.nix b/hosts/flex-wg-router/configuration.nix index 6fea096..5777626 100644 --- a/hosts/flex-wg-router/configuration.nix +++ b/hosts/flex-wg-router/configuration.nix @@ -6,33 +6,56 @@ in { # Enable common options _archetypes = { - # Use headless profile profiles.headless = { enable = true; home.users.timmy.enable = true; }; - profiles.router = { - enable = true; - home.users.timmy.enable = true; - }; + profiles.router.enable = true; }; networking = { + # Label lan and wan interfaces _interfaceLabels = { - lan0 = "98:b7:85:22:9b:43"; # internal - wan0 = "54:ee:75:8c:4b:2d"; # external + enable = true; + interfaces = { + lan0 = "98:b7:85:22:9b:43"; # Internal + wan0 = "54:ee:75:8c:4b:2d"; # External + }; }; - #useDHCP = false; # TODO Enable when accessible via wireguard + # Set ip addresses interfaces = { lan0.ipv4.addresses = [{ address = ipAddress; prefixLength = 24; }]; wan0.ipv4.addresses = [{ - address = "46.110.173.165"; # Public static ip 4 + address = "46.110.173.163"; # Reserved static ip for wg-router prefixLength = 31; }]; }; + defaultGateway = { + address = "46.110.173.161"; + interface = "wan0"; + }; + nameservers = [ "127.0.0.1" ]; + # Firewall rules + firewall = { + interfaces.wan0 = { + allowedTCPPorts = [ 22 ]; + }; + }; + #nat.forwardPorts = [ + # { + # sourcePort = 2222; + # proto = "tcp"; + # destination = "10.1.1.1:22"; + # } + # { + # sourcePort = 22; + # proto = "tcp"; + # destination = "10.1.1.1:22"; + # } + #]; }; services._router = { @@ -44,8 +67,8 @@ in { rangeStart = "10.1.1.100"; rangeEnd = "10.1.1.250"; staticLeases = { - poweredge-pro-idrac = { - macAddress = "00:11:22:33:44:55"; + idrac-8HT2W52 = { + macAddress = "18:fb:7b:9d:16:b3"; staticIp = "10.1.1.10"; }; }; |