summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bragi.nix105
-rw-r--r--custom/dhcp-helper.nix13
2 files changed, 67 insertions, 51 deletions
diff --git a/bragi.nix b/bragi.nix
index 045973a3..9dcb88e2 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -21,9 +21,60 @@ in rec {
21 21
22 boot.supportedFilesystems = [ "cifs" ]; 22 boot.supportedFilesystems = [ "cifs" ];
23 23
24 networking.hostName = "bragi"; 24 networking = {
25 networking.hostId = "2af11085"; 25 hostName = "bragi";
26 networking.wireless.enable = true; 26 hostId = "2af11085";
27 wireless.enable = true;
28
29 bridges = {
30 br0 = {
31 interfaces = [ "enp1s0" "enp2s0" "enp3s0" "wlp4s0" ];
32 };
33 };
34
35 interfaces = lib.genAttrs ["enp1s0" "enp2s0" "enp3s0"] {
36 proxyARP = true;
37 useDHCP = false;
38 };
39
40 interfaces.wlp4s0 = {
41 proxyARP = true;
42 useDHCP = true;
43 };
44
45 firewall = {
46 enable = true;
47 allowPing = true;
48 allowedTCPPorts = [ 22 # SSH
49 80 # HTTP
50 5432 # PostgreSQL
51 6600 # MPD
52 139 445 # SAMBA
53 ];
54 allowedUDPPorts = [ 137 138 # SAMBA
55 67 # DHCP
56 ];
57 allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
58 ];
59 };
60
61 networking.defaultMailServer = {
62 directDelivery = true;
63 hostName = "ymir.niflheim.yggdrasil";
64 useSTARTTLS = true;
65 setSendmail = true;
66 };
67 };
68
69 systemd.services."dhcp-helper" = {
70 serviceConfig = {
71 ExecStart = ''
72 ${pkgs.callPackage ./custom/dhcp-helper.nix {}}/bin/dhcp-helper -b wlp4s0
73 '';
74 };
75
76 wantedBy = [ "network.target" ];
77 };
27 78
28 nixpkgs.config.packageOverrides = oldPkgs: 79 nixpkgs.config.packageOverrides = oldPkgs:
29 rec { 80 rec {
@@ -225,54 +276,6 @@ in rec {
225 esac 276 esac
226 ''; 277 '';
227 278
228 networking.interfaces = {
229 "enp1s0" = {
230 useDHCP = false;
231 ipv4.addresses = [
232 { address = "10.141.4.1"; prefixLength = 24; }
233 ];
234 };
235 };
236
237 networking.nat = {
238 enable = true;
239 externalIP = "10.141.1.5";
240 externalInterface = "wlp4s0";
241 internalIPs = [ "10.141.4.0/24"
242 ];
243 internalInterfaces = [ "enp1s0"
244 ];
245 };
246
247 networking.firewall = {
248 enable = true;
249 allowPing = true;
250 allowedTCPPorts = [ 22 # SSH
251 80 # HTTP
252 5432 # PostgreSQL
253 6600 # MPD
254 139 445 # SAMBA
255 ];
256 allowedUDPPorts = [ 137 138 ]; # SAMBA
257 allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
258 ];
259 extraCommands = ''
260 iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE
261 #iptables -A FORWARD -i wlp4s0 -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
262 iptables -A FORWARD -i wlp4s0 -o enp1s0 -j ACCEPT
263 iptables -A FORWARD -i enp1s0 -o wlp4s0 -j ACCEPT
264 '';
265 };
266
267 networking.defaultMailServer = {
268 directDelivery = true;
269 hostName = "ymir.niflheim.yggdrasil";
270 useSTARTTLS = true;
271 setSendmail = true;
272 };
273
274 networking.search = [ "bragisheimr.yggdrasil" "asgard.yggdrasil" ];
275
276 services.dhcpd4 = { 279 services.dhcpd4 = {
277 enable = true; 280 enable = true;
278 interfaces = [ "enp1s0" 281 interfaces = [ "enp1s0"
diff --git a/custom/dhcp-helper.nix b/custom/dhcp-helper.nix
new file mode 100644
index 00000000..433528a3
--- /dev/null
+++ b/custom/dhcp-helper.nix
@@ -0,0 +1,13 @@
1{ stdenv, fetchurl }:
2
3stdenv.mkDerivation rec {
4 name = "dhcp-helper-${version}";
5 version = "1.2-1";
6
7 src = fetchurl {
8 url = "mirror://debian/pool/main/d/dhcp-helper/dhcp-helper_${version}.tar.gz";
9 sha256 = "0jby762a5f7mxwcfjzfr8rs0v4b6xi7l8vsbhpxjb2qzmzj4f5ni";
10 };
11
12 makeFlags = "PREFIX=$(out)";
13}