add more interfaces
parent
6d2cbcac8d
commit
c9cb1ed9e2
|
|
@ -1,23 +1,34 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
fw = import ./fw-7535.nix;
|
||||
vuko-pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhaCaC/CVYv6hphqmEdKaPrIn+Q946+myvL9SSnzFZk vuko@eagle";
|
||||
uplink = {
|
||||
ipv4 = {
|
||||
addr = "10.8.1.112"; # TODO 185.236.240.5
|
||||
prefixlen = 16; # TODO 31
|
||||
networks = {
|
||||
uplink = {
|
||||
description = "Hackerspace Internet Uplink";
|
||||
hw_addr = builtins.elemAt fw.hw_addresses 0;
|
||||
ipv4 = "185.236.240.5";
|
||||
ipv6 = "2a0d:eb00:2137:1::3";
|
||||
};
|
||||
ipv6 = {
|
||||
addr = "2a0d:eb00:2137:1::3";
|
||||
prefixlen = 127;
|
||||
};
|
||||
};
|
||||
lan = {
|
||||
ipv4 = {
|
||||
addr = "10.3.1.2"; # TODO 10.8.1.2
|
||||
prefixlen = 16;
|
||||
lan = {
|
||||
description = "Hackerspace LAN";
|
||||
hw_addr = builtins.elemAt fw.hw_addresses 1;
|
||||
ipv4 = "10.8.1.2";
|
||||
};
|
||||
managment = {
|
||||
description = "Management network (temporary routing)";
|
||||
hw_addr = builtins.elemAt fw.hw_addresses 2;
|
||||
};
|
||||
lte = {
|
||||
description = "temp LTE uplink";
|
||||
hw_addr = builtins.elemAt fw.hw_addresses 3;
|
||||
};
|
||||
vpn = {
|
||||
description = "Hackerspace members vpn";
|
||||
ipv4 = "10.9.1.1";
|
||||
};
|
||||
};
|
||||
|
||||
openvpn-auth = import ./openvpn-auth { inherit pkgs; };
|
||||
in {
|
||||
imports =
|
||||
|
|
@ -34,25 +45,17 @@ in {
|
|||
|
||||
networking.hostName = "vuko-hsemu-customs";
|
||||
|
||||
systemd.network.links."10-uplink" = {
|
||||
enable = true;
|
||||
matchConfig = {
|
||||
MACAddress = "52:54:00:34:0c:89";
|
||||
};
|
||||
linkConfig = {
|
||||
Name = "uplink";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.network.links."10-lan" = {
|
||||
enable = true;
|
||||
matchConfig = {
|
||||
MACAddress = "52:54:00:f1:85:2f";
|
||||
};
|
||||
linkConfig = {
|
||||
Name = "lan";
|
||||
};
|
||||
};
|
||||
systemd.network.links = builtins.listToAttrs (map (
|
||||
name: { name = "10-link-${name}"; value = {
|
||||
enable = true;
|
||||
matchConfig = {
|
||||
MACAddress = networks."${name}".hw_addr;
|
||||
};
|
||||
linkConfig = {
|
||||
Name = "${name}";
|
||||
};
|
||||
}; }
|
||||
) (builtins.filter (name: builtins.hasAttr "hw_addr" networks."${name}") (builtins.attrNames networks)));
|
||||
|
||||
#networking.interfaces.vpn = {
|
||||
# virtual = true;
|
||||
|
|
@ -60,6 +63,11 @@ in {
|
|||
# #ipv4.addresses = [ { address = 10.9.1.1; prefixlen = 16; } ];
|
||||
#};
|
||||
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv4.ip_forward" = true;
|
||||
"net.ipv6.conf.all.forwarding" = true;
|
||||
};
|
||||
|
||||
# using nftables so firewall has to be disabled
|
||||
networking.firewall.enable = false;
|
||||
networking.nftables.enable = true;
|
||||
|
|
@ -117,8 +125,8 @@ in {
|
|||
table inet net {
|
||||
chain postrouting {
|
||||
type nat hook postrouting priority 100;
|
||||
ip saddr 10.8.0.0/16 oifname uplink snat ${uplink.ipv4.addr}
|
||||
ip saddr 10.9.0.0/16 oifname uplink snat ${uplink.ipv4.addr}
|
||||
ip saddr 10.8.0.0/16 oifname uplink snat ${networks.uplink.ipv4}
|
||||
ip saddr 10.9.0.0/16 oifname uplink snat ${networks.uplink.ipv4}
|
||||
}
|
||||
|
||||
chain prerouting {
|
||||
|
|
@ -130,22 +138,34 @@ in {
|
|||
}
|
||||
'';
|
||||
|
||||
#networking.useDHCP = false;
|
||||
#networking.interfaces.ens3.useDHCP = true;
|
||||
#networking.interfaces.ens3.ipv4.addresses = [
|
||||
# { address = "10.8.1.112"; prefixLength = 16; }
|
||||
#];
|
||||
networking.interfaces = {
|
||||
uplink = {
|
||||
ipv4.addresses = [ { address = networks.uplink.ipv4; prefixLength = 31; } ];
|
||||
ipv6.addresses = [
|
||||
{ address = networks.uplink.ipv6; prefixLength = 127; }
|
||||
];
|
||||
};
|
||||
lan = {
|
||||
ipv4.addresses = [ { address = networks.lan.ipv4; prefixLength = 16; } ];
|
||||
};
|
||||
managment = {
|
||||
ipv4.addresses = [ { address = "10.10.1.1"; prefixLength = 24; } ];
|
||||
};
|
||||
lte = {
|
||||
ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ];
|
||||
};
|
||||
};
|
||||
|
||||
networking.interfaces.uplink.useDHCP = true;
|
||||
networking.interfaces.uplink.ipv4.addresses = [
|
||||
{ address = uplink.ipv4.addr; prefixLength = uplink.ipv4.prefixlen; }
|
||||
];
|
||||
networking.interfaces.lan.ipv4.addresses = [
|
||||
{ address = lan.ipv4.addr; prefixLength = lan.ipv4.prefixlen; }
|
||||
];
|
||||
networking.defaultGateway = {
|
||||
address = "185.236.240.4";
|
||||
interface = "uplink";
|
||||
};
|
||||
networking.defaultGateway6 = {
|
||||
address = "2a0d:eb00:2137:1::3";
|
||||
interface = "uplink";
|
||||
};
|
||||
|
||||
networking.defaultGateway = "10.8.1.2";
|
||||
networking.nameservers = [ "10.8.1.2" ];
|
||||
networking.nameservers = [ "1.0.0.1" "8.8.8.8" ];
|
||||
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [ vuko-pubkey ];
|
||||
|
|
@ -160,8 +180,8 @@ in {
|
|||
enable = true;
|
||||
extraConfig = ''
|
||||
server:
|
||||
listen: ${uplink.ipv4.addr}@53
|
||||
#listen: ${uplink.ipv6.addr}@53
|
||||
listen: ${networks.uplink.ipv4}@53
|
||||
listen: ${networks.uplink.ipv6}@53
|
||||
|
||||
zone:
|
||||
- domain: waw.hackerspace.pl
|
||||
|
|
@ -208,7 +228,7 @@ in {
|
|||
server 10.9.1.0 255.255.255.0
|
||||
|
||||
push "route 10.0.0.0 255.0.0.0"
|
||||
push "dhcp-option DNS 10.8.1.2"
|
||||
push "dhcp-option DNS ${networks.lan.ipv4}"
|
||||
push "dhcp-option DOMAIN waw.hackerspace.pl"
|
||||
|
||||
ifconfig-pool-persist /var/lib/openvpn-public/ipp.txt
|
||||
|
|
|
|||
|
|
@ -0,0 +1,13 @@
|
|||
|
||||
{
|
||||
model = "FW-7535";
|
||||
hw_addresses = [
|
||||
"00:90:0b:25:bd:e0"
|
||||
"00:90:0b:25:bd:e1"
|
||||
"00:90:0b:25:bd:e2"
|
||||
"00:90:0b:25:bd:e3"
|
||||
"00:90:0b:25:bd:e4"
|
||||
"00:90:0b:25:bd:e5"
|
||||
];
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue