1 files changed, 87 insertions, 0 deletions

diff --git a/hosts/poweredge/networking.nix b/hosts/poweredge/networking.nix
new file mode 100644
index 0000000..7632a86
--- /dev/null
+++ b/hosts/poweredge/networking.nix
@@ -0,0 +1,87 @@
+{
+	networking = {
+		enableIPv6 = false;
+		# Label lan and wan interfaces
+		_interfaceLabels = {
+			enable = true;
+			interfaces = {
+				lan0 = "50:9a:4c:5d:c3:7a";
+				wan0 = "50:9a:4c:5d:c3:7b";
+			};
+		};
+		# Set ip addresses
+		interfaces = {
+			lan0.ipv4.addresses = [{
+				address = "192.168.1.1";
+				prefixLength = 24;
+			}];
+			wan0.useDHCP = true;
+		};
+		# Firewall rules
+		firewall = {
+			interfaces.wan0 = {
+				allowedUDPPorts = [ 51820 ];
+			};
+		};
+		# Additional advanced rules
+		# TODO add multi NAT feature to router service
+		nftables = {
+			enable = true;
+			tables = {
+				# NAT/masquerade wg1 allowing lan0 clients to access wg1
+				wg-nat = {
+					family = "ip";
+					content = ''
+						chain post {
+							type nat hook postrouting priority srcnat; policy accept;
+							iifname "lan0" oifname "wg1" masquerade comment "lan0 => wg1"
+						}
+					'';
+				};
+			};
+		};
+	};
+
+	services._router = {
+		dnsDhcpConfig = {
+			localDomain = "home.lan";
+			dhcp = {
+				defaultGateway = "192.168.1.1";
+				localhostIp = "192.168.1.1";
+				rangeStart = "192.168.1.50";
+				rangeEnd = "192.168.1.250";
+				# TODO think about moving leases to another file
+				staticLeases = {
+					idrac-7N94GK2 = {
+						macAddress = "50:9a:4c:5d:c3:7c";
+						staticIp = "192.168.1.3";
+					};
+					OpenWrt-Attic = {
+						macAddress = "34:98:b5:60:5e:be";
+						staticIp = "192.168.1.4";
+					};
+					OpenWrt-Basement = {
+						macAddress = "8c:3b:ad:35:c7:8c";
+						staticIp = "192.168.1.5";
+					};
+					ArcherC54 = {
+						macAddress = "12:eb:b6:13:f9:e2";
+						staticIp = "192.168.1.6";
+					};
+					T495 = {
+						macAddress = "04:33:c2:9d:34:74";
+						staticIp = "192.168.1.11";
+					};
+					optiplex = {
+						macAddress = "e4:54:e8:bc:ba:05";
+						staticIp = "192.168.1.12";
+					};
+					X230 = {
+						macAddress = "84:3a:4b:60:34:c4";
+						staticIp = "192.168.1.13";
+					};
+				};
+			};
+		};
+	};
+}