blob: 7632a86902d94a2aa2f2730246c311415ec6e7e5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
{
networking = {
enableIPv6 = false;
# Label lan and wan interfaces
_interfaceLabels = {
enable = true;
interfaces = {
lan0 = "50:9a:4c:5d:c3:7a";
wan0 = "50:9a:4c:5d:c3:7b";
};
};
# Set ip addresses
interfaces = {
lan0.ipv4.addresses = [{
address = "192.168.1.1";
prefixLength = 24;
}];
wan0.useDHCP = true;
};
# Firewall rules
firewall = {
interfaces.wan0 = {
allowedUDPPorts = [ 51820 ];
};
};
# Additional advanced rules
# TODO add multi NAT feature to router service
nftables = {
enable = true;
tables = {
# NAT/masquerade wg1 allowing lan0 clients to access wg1
wg-nat = {
family = "ip";
content = ''
chain post {
type nat hook postrouting priority srcnat; policy accept;
iifname "lan0" oifname "wg1" masquerade comment "lan0 => wg1"
}
'';
};
};
};
};
services._router = {
dnsDhcpConfig = {
localDomain = "home.lan";
dhcp = {
defaultGateway = "192.168.1.1";
localhostIp = "192.168.1.1";
rangeStart = "192.168.1.50";
rangeEnd = "192.168.1.250";
# TODO think about moving leases to another file
staticLeases = {
idrac-7N94GK2 = {
macAddress = "50:9a:4c:5d:c3:7c";
staticIp = "192.168.1.3";
};
OpenWrt-Attic = {
macAddress = "34:98:b5:60:5e:be";
staticIp = "192.168.1.4";
};
OpenWrt-Basement = {
macAddress = "8c:3b:ad:35:c7:8c";
staticIp = "192.168.1.5";
};
ArcherC54 = {
macAddress = "12:eb:b6:13:f9:e2";
staticIp = "192.168.1.6";
};
T495 = {
macAddress = "04:33:c2:9d:34:74";
staticIp = "192.168.1.11";
};
optiplex = {
macAddress = "e4:54:e8:bc:ba:05";
staticIp = "192.168.1.12";
};
X230 = {
macAddress = "84:3a:4b:60:34:c4";
staticIp = "192.168.1.13";
};
};
};
};
};
}
|
