WIP everything
This commit is contained in:
parent
2a23c7fdbe
commit
26f0bde4b3
29 changed files with 1630 additions and 423 deletions
|
@ -184,10 +184,11 @@ in {
|
|||
after = ["hook"];
|
||||
rules = let
|
||||
wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces;
|
||||
exposedHost = "192.168.22.121";
|
||||
exposedHost = "srv0-dmz0.dmz.internal";
|
||||
in [
|
||||
"iifname { ${wanInterfaces} } tcp dport 220 redirect to 22"
|
||||
"iifname { ${wanInterfaces} } dnat ip to ${exposedHost}"
|
||||
# TODO: if this hostname doesn't resolve it'll break the whole ruleset
|
||||
# "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
@ -574,7 +575,8 @@ in {
|
|||
# sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path;
|
||||
|
||||
# enables debug logging
|
||||
# logger_stdout_level= lib.mkForce 0;
|
||||
logger_stdout_level= lib.mkForce 0;
|
||||
logger_stdout = -1;
|
||||
# logger_syslog_level= lib.mkForce 0;
|
||||
|
||||
# resources on vlan tagging
|
||||
|
@ -583,6 +585,7 @@ in {
|
|||
|
||||
dynamic_vlan = 1;
|
||||
|
||||
# this option currently requires a patch to hostapd
|
||||
vlan_no_bridge = 1;
|
||||
|
||||
/* not used due to the above vlan_no_bridge setting
|
||||
|
@ -620,14 +623,36 @@ in {
|
|||
# "SAE"
|
||||
]);
|
||||
|
||||
# wpa_psk_radius = 0;
|
||||
wpa_pairwise = "CCMP";
|
||||
wmm_enabled = 1;
|
||||
|
||||
# IEEE 802.11i (authentication) related configuration
|
||||
# Encrypt management frames to protect against deauthentication and similar attacks
|
||||
ieee80211w = 1;
|
||||
sae_require_mfp = 1;
|
||||
sae_groups = "19 20 21";
|
||||
|
||||
# [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default)
|
||||
tls_flags= "[ENABLE-TLSv1.3]";
|
||||
|
||||
ieee8021x=0;
|
||||
eap_server=0;
|
||||
};
|
||||
};
|
||||
|
||||
# wlan0-1 = {
|
||||
# ssid = "mlsia-testing";
|
||||
# authentication = {
|
||||
# mode = "wpa3-sae-transition";
|
||||
# };
|
||||
|
||||
# bssid = mkBssid 1;
|
||||
# settings = {
|
||||
# bridge = bridgeInterfaceName;
|
||||
# };
|
||||
# };
|
||||
|
||||
# wlan0-1 = {
|
||||
# ssid = "justtestingwifi-wpa3";
|
||||
# authentication = {
|
||||
|
@ -777,7 +802,7 @@ in {
|
|||
tag
|
||||
(mkVlanIpv4HostAddr { inherit vlanid; host = 100; cidr = false; })
|
||||
(mkVlanIpv4HostAddr { inherit vlanid; host = 199; cidr = false; })
|
||||
"30m"
|
||||
"12h"
|
||||
];
|
||||
in
|
||||
builtins.map
|
||||
|
@ -843,7 +868,8 @@ in {
|
|||
};
|
||||
|
||||
# The service irqbalance is useful as it assigns certain IRQ calls to specific CPUs instead of letting the first CPU core to handle everything. This is supposed to increase performance by hitting CPU cache more often.
|
||||
services.irqbalance.enable = true;
|
||||
# disable for now as i think it causes wifi issues
|
||||
services.irqbalance.enable = false;
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue