summaryrefslogtreecommitdiff
path: root/bragi.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2018-04-15 17:03:26 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2018-04-15 17:03:26 +0200
commitc9a1fd0189a14fdad9521439605f6f2a1e5904bf (patch)
treed61c434e776ba1554fbbd933ece6fb09d89e8795 /bragi.nix
parent8c3b76419eb5b6a5c56568cb0c7f3a06051cbd7c (diff)
downloadnixos-c9a1fd0189a14fdad9521439605f6f2a1e5904bf.tar
nixos-c9a1fd0189a14fdad9521439605f6f2a1e5904bf.tar.gz
nixos-c9a1fd0189a14fdad9521439605f6f2a1e5904bf.tar.bz2
nixos-c9a1fd0189a14fdad9521439605f6f2a1e5904bf.tar.xz
nixos-c9a1fd0189a14fdad9521439605f6f2a1e5904bf.zip
bridge on bragi
Diffstat (limited to 'bragi.nix')
-rw-r--r--bragi.nix105
1 files changed, 54 insertions, 51 deletions
diff --git a/bragi.nix b/bragi.nix
index 045973a3..9dcb88e2 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -21,9 +21,60 @@ in rec {
21 21
22 boot.supportedFilesystems = [ "cifs" ]; 22 boot.supportedFilesystems = [ "cifs" ];
23 23
24 networking.hostName = "bragi"; 24 networking = {
25 networking.hostId = "2af11085"; 25 hostName = "bragi";
26 networking.wireless.enable = true; 26 hostId = "2af11085";
27 wireless.enable = true;
28
29 bridges = {
30 br0 = {
31 interfaces = [ "enp1s0" "enp2s0" "enp3s0" "wlp4s0" ];
32 };
33 };
34
35 interfaces = lib.genAttrs ["enp1s0" "enp2s0" "enp3s0"] {
36 proxyARP = true;
37 useDHCP = false;
38 };
39
40 interfaces.wlp4s0 = {
41 proxyARP = true;
42 useDHCP = true;
43 };
44
45 firewall = {
46 enable = true;
47 allowPing = true;
48 allowedTCPPorts = [ 22 # SSH
49 80 # HTTP
50 5432 # PostgreSQL
51 6600 # MPD
52 139 445 # SAMBA
53 ];
54 allowedUDPPorts = [ 137 138 # SAMBA
55 67 # DHCP
56 ];
57 allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
58 ];
59 };
60
61 networking.defaultMailServer = {
62 directDelivery = true;
63 hostName = "ymir.niflheim.yggdrasil";
64 useSTARTTLS = true;
65 setSendmail = true;
66 };
67 };
68
69 systemd.services."dhcp-helper" = {
70 serviceConfig = {
71 ExecStart = ''
72 ${pkgs.callPackage ./custom/dhcp-helper.nix {}}/bin/dhcp-helper -b wlp4s0
73 '';
74 };
75
76 wantedBy = [ "network.target" ];
77 };
27 78
28 nixpkgs.config.packageOverrides = oldPkgs: 79 nixpkgs.config.packageOverrides = oldPkgs:
29 rec { 80 rec {
@@ -225,54 +276,6 @@ in rec {
225 esac 276 esac
226 ''; 277 '';
227 278
228 networking.interfaces = {
229 "enp1s0" = {
230 useDHCP = false;
231 ipv4.addresses = [
232 { address = "10.141.4.1"; prefixLength = 24; }
233 ];
234 };
235 };
236
237 networking.nat = {
238 enable = true;
239 externalIP = "10.141.1.5";
240 externalInterface = "wlp4s0";
241 internalIPs = [ "10.141.4.0/24"
242 ];
243 internalInterfaces = [ "enp1s0"
244 ];
245 };
246
247 networking.firewall = {
248 enable = true;
249 allowPing = true;
250 allowedTCPPorts = [ 22 # SSH
251 80 # HTTP
252 5432 # PostgreSQL
253 6600 # MPD
254 139 445 # SAMBA
255 ];
256 allowedUDPPorts = [ 137 138 ]; # SAMBA
257 allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
258 ];
259 extraCommands = ''
260 iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE
261 #iptables -A FORWARD -i wlp4s0 -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
262 iptables -A FORWARD -i wlp4s0 -o enp1s0 -j ACCEPT
263 iptables -A FORWARD -i enp1s0 -o wlp4s0 -j ACCEPT
264 '';
265 };
266
267 networking.defaultMailServer = {
268 directDelivery = true;
269 hostName = "ymir.niflheim.yggdrasil";
270 useSTARTTLS = true;
271 setSendmail = true;
272 };
273
274 networking.search = [ "bragisheimr.yggdrasil" "asgard.yggdrasil" ];
275
276 services.dhcpd4 = { 279 services.dhcpd4 = {
277 enable = true; 280 enable = true;
278 interfaces = [ "enp1s0" 281 interfaces = [ "enp1s0"
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-24 08:07:34 +0000