diff options
-rw-r--r-- | bragi.nix | 105 | ||||
-rw-r--r-- | custom/dhcp-helper.nix | 13 |
2 files changed, 67 insertions, 51 deletions
@@ -21,9 +21,60 @@ in rec { | |||
21 | 21 | ||
22 | boot.supportedFilesystems = [ "cifs" ]; | 22 | boot.supportedFilesystems = [ "cifs" ]; |
23 | 23 | ||
24 | networking.hostName = "bragi"; | 24 | networking = { |
25 | networking.hostId = "2af11085"; | 25 | hostName = "bragi"; |
26 | networking.wireless.enable = true; | 26 | hostId = "2af11085"; |
27 | wireless.enable = true; | ||
28 | |||
29 | bridges = { | ||
30 | br0 = { | ||
31 | interfaces = [ "enp1s0" "enp2s0" "enp3s0" "wlp4s0" ]; | ||
32 | }; | ||
33 | }; | ||
34 | |||
35 | interfaces = lib.genAttrs ["enp1s0" "enp2s0" "enp3s0"] { | ||
36 | proxyARP = true; | ||
37 | useDHCP = false; | ||
38 | }; | ||
39 | |||
40 | interfaces.wlp4s0 = { | ||
41 | proxyARP = true; | ||
42 | useDHCP = true; | ||
43 | }; | ||
44 | |||
45 | firewall = { | ||
46 | enable = true; | ||
47 | allowPing = true; | ||
48 | allowedTCPPorts = [ 22 # SSH | ||
49 | 80 # HTTP | ||
50 | 5432 # PostgreSQL | ||
51 | 6600 # MPD | ||
52 | 139 445 # SAMBA | ||
53 | ]; | ||
54 | allowedUDPPorts = [ 137 138 # SAMBA | ||
55 | 67 # DHCP | ||
56 | ]; | ||
57 | allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh | ||
58 | ]; | ||
59 | }; | ||
60 | |||
61 | networking.defaultMailServer = { | ||
62 | directDelivery = true; | ||
63 | hostName = "ymir.niflheim.yggdrasil"; | ||
64 | useSTARTTLS = true; | ||
65 | setSendmail = true; | ||
66 | }; | ||
67 | }; | ||
68 | |||
69 | systemd.services."dhcp-helper" = { | ||
70 | serviceConfig = { | ||
71 | ExecStart = '' | ||
72 | ${pkgs.callPackage ./custom/dhcp-helper.nix {}}/bin/dhcp-helper -b wlp4s0 | ||
73 | ''; | ||
74 | }; | ||
75 | |||
76 | wantedBy = [ "network.target" ]; | ||
77 | }; | ||
27 | 78 | ||
28 | nixpkgs.config.packageOverrides = oldPkgs: | 79 | nixpkgs.config.packageOverrides = oldPkgs: |
29 | rec { | 80 | rec { |
@@ -225,54 +276,6 @@ in rec { | |||
225 | esac | 276 | esac |
226 | ''; | 277 | ''; |
227 | 278 | ||
228 | networking.interfaces = { | ||
229 | "enp1s0" = { | ||
230 | useDHCP = false; | ||
231 | ipv4.addresses = [ | ||
232 | { address = "10.141.4.1"; prefixLength = 24; } | ||
233 | ]; | ||
234 | }; | ||
235 | }; | ||
236 | |||
237 | networking.nat = { | ||
238 | enable = true; | ||
239 | externalIP = "10.141.1.5"; | ||
240 | externalInterface = "wlp4s0"; | ||
241 | internalIPs = [ "10.141.4.0/24" | ||
242 | ]; | ||
243 | internalInterfaces = [ "enp1s0" | ||
244 | ]; | ||
245 | }; | ||
246 | |||
247 | networking.firewall = { | ||
248 | enable = true; | ||
249 | allowPing = true; | ||
250 | allowedTCPPorts = [ 22 # SSH | ||
251 | 80 # HTTP | ||
252 | 5432 # PostgreSQL | ||
253 | 6600 # MPD | ||
254 | 139 445 # SAMBA | ||
255 | ]; | ||
256 | allowedUDPPorts = [ 137 138 ]; # SAMBA | ||
257 | allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh | ||
258 | ]; | ||
259 | extraCommands = '' | ||
260 | iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE | ||
261 | #iptables -A FORWARD -i wlp4s0 -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
262 | iptables -A FORWARD -i wlp4s0 -o enp1s0 -j ACCEPT | ||
263 | iptables -A FORWARD -i enp1s0 -o wlp4s0 -j ACCEPT | ||
264 | ''; | ||
265 | }; | ||
266 | |||
267 | networking.defaultMailServer = { | ||
268 | directDelivery = true; | ||
269 | hostName = "ymir.niflheim.yggdrasil"; | ||
270 | useSTARTTLS = true; | ||
271 | setSendmail = true; | ||
272 | }; | ||
273 | |||
274 | networking.search = [ "bragisheimr.yggdrasil" "asgard.yggdrasil" ]; | ||
275 | |||
276 | services.dhcpd4 = { | 279 | services.dhcpd4 = { |
277 | enable = true; | 280 | enable = true; |
278 | interfaces = [ "enp1s0" | 281 | interfaces = [ "enp1s0" |
diff --git a/custom/dhcp-helper.nix b/custom/dhcp-helper.nix new file mode 100644 index 00000000..433528a3 --- /dev/null +++ b/custom/dhcp-helper.nix | |||
@@ -0,0 +1,13 @@ | |||
1 | { stdenv, fetchurl }: | ||
2 | |||
3 | stdenv.mkDerivation rec { | ||
4 | name = "dhcp-helper-${version}"; | ||
5 | version = "1.2-1"; | ||
6 | |||
7 | src = fetchurl { | ||
8 | url = "mirror://debian/pool/main/d/dhcp-helper/dhcp-helper_${version}.tar.gz"; | ||
9 | sha256 = "0jby762a5f7mxwcfjzfr8rs0v4b6xi7l8vsbhpxjb2qzmzj4f5ni"; | ||
10 | }; | ||
11 | |||
12 | makeFlags = "PREFIX=$(out)"; | ||
13 | } | ||