infra/nix/os/devices/fwhost2/system.nix

{ pkgs
, lib
, config
, ... }:

let
  keys = import ../../../variables/keys.nix;
in {

  # TASK: new device
  networking.hostName = "fwhost2"; # Define your hostname.

  networking.useDHCP = false;

  networking.firewall.enable = lib.mkForce false;
  networking.firewall.allowedTCPPorts = [
    # iperf3
    5201
  ];

  networking.firewall.logRefusedConnections = false;
  networking.usePredictableInterfaceNames = false;

  networking.bridges = {
    breth.interfaces = [ "eth0" "eth1" ];
    brlan.interfaces = [
      "lan"
      # "wllan"
    ];
    brdmz.interfaces = [ 
      "dmz"
      # "wldmz"
    ];
    brfamily.interfaces = [
      "family"
      # "wlfamily"
    ];
    brguests.interfaces = [
      "guests"
      "wlguests"
    ];
  };

  networking.defaultGateway.address = "172.172.171.10";
  networking.nameservers = [
    "172.172.171.10"
  ];

  # WAN interfaces, currently unused because the OPNsense guest acts as a router.
  networking.vlans.wan1.id = 3;
  networking.vlans.wan1.interface= "breth";
  networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.16"; prefixLength = 24; } ];

  networking.vlans.wan2.id = 4;
  networking.vlans.wan2.interface= "breth";
  networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.16"; prefixLength = 12; } ];


  # Local interfaces
  networking.vlans.lan.id = 1;
  networking.vlans.lan.interface= "breth";
  networking.interfaces.brlan.ipv4.addresses = [{ address = "172.172.171.16"; prefixLength = 24; } ];

  networking.vlans.dmz.id = 5;
  networking.vlans.dmz.interface= "breth";
  networking.interfaces.brdmz.ipv4.addresses = [{ address = "172.172.175.16"; prefixLength = 24; } ];

  networking.vlans.family.id = 6;
  networking.vlans.family.interface= "breth";
  networking.interfaces.brfamily.ipv4.addresses = [{ address = "172.172.176.16"; prefixLength = 24; } ];

  networking.vlans.guests.id = 7;
  networking.vlans.guests.interface= "breth";
  networking.interfaces.brguests.ipv4.addresses = [{ address = "172.172.177.16"; prefixLength = 24; } ];

  networking.wlanInterfaces = {
    wllan.device = "wlan0";
    wldmz.device = "wlan0";
    wlfamily.device = "wlan0";
    wlguests.device = "wlan0";
  };

  services.hostapd = {
    enable = true;
    hwMode = "g";
    interface = "wlguests";
    ssid = "noowhere-guests";
    wpaPassphrase = "the_sekrettt";
  };

  virtualisation = {
    libvirtd = {
      onShutdown = "shutdown";
      enable = true;
    };

    docker = {
      enable = true;
      extraOptions = "--experimental";
    };
  };

  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}
add fwhost2 2022-01-09 21:50:55 +01:00			`{ pkgs`
			`, lib`
			`, config`
			`, ... }:`

			`let`
			`keys = import ../../../variables/keys.nix;`
			`in {`

			`# TASK: new device`
			`networking.hostName = "fwhost2"; # Define your hostname.`

			`networking.useDHCP = false;`

			`networking.firewall.enable = lib.mkForce false;`
			`networking.firewall.allowedTCPPorts = [`
			`# iperf3`
			`5201`
			`];`

			`networking.firewall.logRefusedConnections = false;`
			`networking.usePredictableInterfaceNames = false;`

			`networking.bridges = {`
			`breth.interfaces = [ "eth0" "eth1" ];`
			`brlan.interfaces = [`
			`"lan"`
			`# "wllan"`
			`];`
			`brdmz.interfaces = [`
			`"dmz"`
			`# "wldmz"`
			`];`
			`brfamily.interfaces = [`
			`"family"`
			`# "wlfamily"`
			`];`
			`brguests.interfaces = [`
			`"guests"`
			`"wlguests"`
			`];`
			`};`

			`networking.defaultGateway.address = "172.172.171.10";`
			`networking.nameservers = [`
			`"172.172.171.10"`
			`];`

			`# WAN interfaces, currently unused because the OPNsense guest acts as a router.`
			`networking.vlans.wan1.id = 3;`
			`networking.vlans.wan1.interface= "breth";`
			`networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.16"; prefixLength = 24; } ];`

			`networking.vlans.wan2.id = 4;`
			`networking.vlans.wan2.interface= "breth";`
			`networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.16"; prefixLength = 12; } ];`


			`# Local interfaces`
			`networking.vlans.lan.id = 1;`
			`networking.vlans.lan.interface= "breth";`
			`networking.interfaces.brlan.ipv4.addresses = [{ address = "172.172.171.16"; prefixLength = 24; } ];`

			`networking.vlans.dmz.id = 5;`
			`networking.vlans.dmz.interface= "breth";`
			`networking.interfaces.brdmz.ipv4.addresses = [{ address = "172.172.175.16"; prefixLength = 24; } ];`

			`networking.vlans.family.id = 6;`
			`networking.vlans.family.interface= "breth";`
			`networking.interfaces.brfamily.ipv4.addresses = [{ address = "172.172.176.16"; prefixLength = 24; } ];`

			`networking.vlans.guests.id = 7;`
			`networking.vlans.guests.interface= "breth";`
			`networking.interfaces.brguests.ipv4.addresses = [{ address = "172.172.177.16"; prefixLength = 24; } ];`

			`networking.wlanInterfaces = {`
			`wllan.device = "wlan0";`
			`wldmz.device = "wlan0";`
			`wlfamily.device = "wlan0";`
			`wlguests.device = "wlan0";`
			`};`

			`services.hostapd = {`
			`enable = true;`
			`hwMode = "g";`
			`interface = "wlguests";`
			`ssid = "noowhere-guests";`
			`wpaPassphrase = "the_sekrettt";`
			`};`

			`virtualisation = {`
			`libvirtd = {`
			`onShutdown = "shutdown";`
			`enable = true;`
			`};`

			`docker = {`
			`enable = true;`
			`extraOptions = "--experimental";`
			`};`
			`};`

			`boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;`
			`}`