2 files changed, 67 insertions, 51 deletions
diff --git a/bragi.nix b/bragi.nix
index 045973a3..9dcb88e2 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -21,9 +21,60 @@ in rec {
  boot.supportedFilesystems = [ "cifs" ];
-  networking.hostName = "bragi";
+  networking = {
-  networking.hostId = "2af11085";
+    hostName = "bragi";
-  networking.wireless.enable = true;
+    hostId = "2af11085";
+    wireless.enable = true;
+    bridges = {
+      br0 = {
+        interfaces = [ "enp1s0" "enp2s0" "enp3s0" "wlp4s0" ];
+      };
+    };
+    interfaces = lib.genAttrs ["enp1s0" "enp2s0" "enp3s0"] {
+      proxyARP = true;
+      useDHCP = false;
+    };
+    interfaces.wlp4s0 = {
+      proxyARP = true;
+      useDHCP = true;
+    };
+    firewall = {
+      enable = true;
+      allowPing = true;
+      allowedTCPPorts = [ 22 # SSH
+                          80 # HTTP
+                          5432 # PostgreSQL
+                          6600 # MPD
+                          139 445 # SAMBA
+                        ];
+      allowedUDPPorts = [ 137 138 # SAMBA
+                          67 # DHCP
+                        ];
+      allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
+                             ];
+    };
+    networking.defaultMailServer = {
+      directDelivery = true;
+      hostName = "ymir.niflheim.yggdrasil";
+      useSTARTTLS = true;
+      setSendmail = true;
+    };
+  };
+  systemd.services."dhcp-helper" = {
+    serviceConfig = {
+      ExecStart = ''
+        ${pkgs.callPackage ./custom/dhcp-helper.nix {}}/bin/dhcp-helper -b wlp4s0
+      '';
+    };
+  
+    wantedBy = [ "network.target" ];
+  };
  nixpkgs.config.packageOverrides = oldPkgs:
    rec {
@@ -225,54 +276,6 @@ in rec {
    esac
  '';
-  networking.interfaces = {
-    "enp1s0" = {
-      useDHCP = false;
-      ipv4.addresses = [
-        { address = "10.141.4.1"; prefixLength = 24; }
-      ];
-    };
-  };
-  networking.nat = {
-    enable = true;
-    externalIP = "10.141.1.5";
-    externalInterface = "wlp4s0";
-    internalIPs = [ "10.141.4.0/24"
-                  ];
-    internalInterfaces = [ "enp1s0"
-                         ];
-  };
-  networking.firewall = {
-    enable = true;
-    allowPing = true;
-    allowedTCPPorts = [ 22 # SSH
-                        80 # HTTP
-                        5432 # PostgreSQL
-                        6600 # MPD
-                        139 445 # SAMBA
-                      ];
-    allowedUDPPorts = [ 137 138 ]; # SAMBA
-    allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
-                           ];
-    extraCommands = ''
-      iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE
-      #iptables -A FORWARD -i wlp4s0 -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-      iptables -A FORWARD -i wlp4s0 -o enp1s0 -j ACCEPT
-      iptables -A FORWARD -i enp1s0 -o wlp4s0 -j ACCEPT
-    '';
-  };
-  networking.defaultMailServer = {
-    directDelivery = true;
-    hostName = "ymir.niflheim.yggdrasil";
-    useSTARTTLS = true;
-    setSendmail = true;
-  };
-  networking.search = [ "bragisheimr.yggdrasil" "asgard.yggdrasil" ];
  services.dhcpd4 = {
    enable = true;
    interfaces = [ "enp1s0"
diff --git a/custom/dhcp-helper.nix b/custom/dhcp-helper.nix
new file mode 100644
index 00000000..433528a3
--- /dev/null
+++ b/custom/dhcp-helper.nix
@@ -0,0 +1,13 @@
+{ stdenv, fetchurl }:
+stdenv.mkDerivation rec {
+  name = "dhcp-helper-${version}";
+  version = "1.2-1";
+  src = fetchurl {
+    url = "mirror://debian/pool/main/d/dhcp-helper/dhcp-helper_${version}.tar.gz";
+    sha256 = "0jby762a5f7mxwcfjzfr8rs0v4b6xi7l8vsbhpxjb2qzmzj4f5ni";
+  };
+  makeFlags = "PREFIX=$(out)";
+}

diff --git a/bragi.nix b/bragi.nix index 045973a3..9dcb88e2 100644 --- a/bragi.nix +++ b/bragi.nix
@@ -21,9 +21,60 @@ in rec {
21		21
22	boot.supportedFilesystems = [ "cifs" ];	22	boot.supportedFilesystems = [ "cifs" ];
23		23
24	networking.hostName = "bragi";	24	networking = {
25	networking.hostId = "2af11085";	25	hostName = "bragi";
26	networking.wireless.enable = true;	26	hostId = "2af11085";
		27	wireless.enable = true;
		28
		29	bridges = {
		30	br0 = {
		31	interfaces = [ "enp1s0" "enp2s0" "enp3s0" "wlp4s0" ];
		32	};
		33	};
		34
		35	interfaces = lib.genAttrs ["enp1s0" "enp2s0" "enp3s0"] {
		36	proxyARP = true;
		37	useDHCP = false;
		38	};
		39
		40	interfaces.wlp4s0 = {
		41	proxyARP = true;
		42	useDHCP = true;
		43	};
		44
		45	firewall = {
		46	enable = true;
		47	allowPing = true;
		48	allowedTCPPorts = [ 22 # SSH
		49	80 # HTTP
		50	5432 # PostgreSQL
		51	6600 # MPD
		52	139 445 # SAMBA
		53	];
		54	allowedUDPPorts = [ 137 138 # SAMBA
		55	67 # DHCP
		56	];
		57	allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
		58	];
		59	};
		60
		61	networking.defaultMailServer = {
		62	directDelivery = true;
		63	hostName = "ymir.niflheim.yggdrasil";
		64	useSTARTTLS = true;
		65	setSendmail = true;
		66	};
		67	};
		68
		69	systemd.services."dhcp-helper" = {
		70	serviceConfig = {
		71	ExecStart = ''
		72	${pkgs.callPackage ./custom/dhcp-helper.nix {}}/bin/dhcp-helper -b wlp4s0
		73	'';
		74	};
		75
		76	wantedBy = [ "network.target" ];
		77	};
27		78
28	nixpkgs.config.packageOverrides = oldPkgs:	79	nixpkgs.config.packageOverrides = oldPkgs:
29	rec {	80	rec {
@@ -225,54 +276,6 @@ in rec {
225	esac	276	esac
226	'';	277	'';
227		278
228	networking.interfaces = {
229	"enp1s0" = {
230	useDHCP = false;
231	ipv4.addresses = [
232	{ address = "10.141.4.1"; prefixLength = 24; }
233	];
234	};
235	};
236
237	networking.nat = {
238	enable = true;
239	externalIP = "10.141.1.5";
240	externalInterface = "wlp4s0";
241	internalIPs = [ "10.141.4.0/24"
242	];
243	internalInterfaces = [ "enp1s0"
244	];
245	};
246
247	networking.firewall = {
248	enable = true;
249	allowPing = true;
250	allowedTCPPorts = [ 22 # SSH
251	80 # HTTP
252	5432 # PostgreSQL
253	6600 # MPD
254	139 445 # SAMBA
255	];
256	allowedUDPPorts = [ 137 138 ]; # SAMBA
257	allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
258	];
259	extraCommands = ''
260	iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE
261	#iptables -A FORWARD -i wlp4s0 -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
262	iptables -A FORWARD -i wlp4s0 -o enp1s0 -j ACCEPT
263	iptables -A FORWARD -i enp1s0 -o wlp4s0 -j ACCEPT
264	'';
265	};
266
267	networking.defaultMailServer = {
268	directDelivery = true;
269	hostName = "ymir.niflheim.yggdrasil";
270	useSTARTTLS = true;
271	setSendmail = true;
272	};
273
274	networking.search = [ "bragisheimr.yggdrasil" "asgard.yggdrasil" ];
275
276	services.dhcpd4 = {	279	services.dhcpd4 = {
277	enable = true;	280	enable = true;
278	interfaces = [ "enp1s0"	281	interfaces = [ "enp1s0"


diff --git a/custom/dhcp-helper.nix b/custom/dhcp-helper.nix new file mode 100644 index 00000000..433528a3 --- /dev/null +++ b/custom/dhcp-helper.nix
@@ -0,0 +1,13 @@
		1	{ stdenv, fetchurl }:
		2
		3	stdenv.mkDerivation rec {
		4	name = "dhcp-helper-${version}";
		5	version = "1.2-1";
		6
		7	src = fetchurl {
		8	url = "mirror://debian/pool/main/d/dhcp-helper/dhcp-helper_${version}.tar.gz";
		9	sha256 = "0jby762a5f7mxwcfjzfr8rs0v4b6xi7l8vsbhpxjb2qzmzj4f5ni";
		10	};
		11
		12	makeFlags = "PREFIX=$(out)";
		13	}