add fwhost1

2022-01-12 04:11:18 +01:00 · 2022-01-12 04:11:18 +01:00 · bd591726ac
commit bd591726ac
parent 489cad342e
10 changed files with 232 additions and 50 deletions
--- a/nix/os/devices/fwhost1/system.nix
+++ b/nix/os/devices/fwhost1/system.nix
@ -0,0 +1,76 @@
+{ pkgs
+, lib
+, config
+, ... }:
+
+let
+  keys = import ../../../variables/keys.nix;
+  passwords = import ../../../variables/passwords.crypt.nix;
+in {
+
+  # TASK: new device
+  networking.hostName = "fwhost1"; # Define your hostname.
+
+  networking.useDHCP = false;
+
+  networking.firewall.enable = lib.mkForce false;
+  networking.firewall.allowedTCPPorts = [
+    # iperf3
+    5201
+  ];
+
+  networking.firewall.logRefusedConnections = false;
+  networking.usePredictableInterfaceNames = false;
+
+  networking.bridges.breth.interfaces = [ "eth0" "eth1" ];
+
+  networking.defaultGateway.address = "172.172.171.10";
+  networking.nameservers = [ "172.172.171.10" ];
+
+  # WAN interfaces, currently unused because the OPNsense guest acts as a router.
+  networking.vlans.wan1.id = 3;
+  networking.vlans.wan1.interface = "breth";
+  networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.15"; prefixLength = 24; } ];
+
+  networking.vlans.wan2.id = 4;
+  networking.vlans.wan2.interface = "breth";
+  networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.15"; prefixLength = 12; } ];
+
+  # Local interfaces, all accessed via VLAN tags on the main bridge
+  networking.vlans.lan.id = 1;
+  networking.vlans.lan.interface = "breth";
+  networking.interfaces.lan.ipv4.addresses = [{ address = "172.172.171.15"; prefixLength = 24; } ];
+
+  networking.vlans.dmz.id = 5;
+  networking.vlans.dmz.interface = "breth";
+  networking.interfaces.dmz.ipv4.addresses = [{ address = "172.172.175.15"; prefixLength = 24; } ];
+
+  networking.vlans.family.id = 6;
+  networking.vlans.family.interface = "breth";
+  networking.interfaces.family.ipv4.addresses = [{ address = "172.172.176.15"; prefixLength = 24; } ];
+
+  networking.vlans.guests.id = 7;
+  networking.vlans.guests.interface = "breth";
+  networking.interfaces.guests.ipv4.addresses = [{ address = "172.172.177.15"; prefixLength = 24; } ];
+
+  services.hostapd = {
+    enable = false;
+    hwMode = "g";
+    interface = "wlan0";
+    ssid = "noowhere-lan";
+    wpaPassphrase = passwords.wifi.noowhere-lan;
+    extraConfig = ''
+      bridge=breth
+    '';
+  };
+
+  virtualisation = {
+    libvirtd = {
+      onShutdown = "shutdown";
+      enable = true;
+    };
+  };
+
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+}
+