From e4aeb9621dec13e4301fec25b667ae6bea6d25f5 Mon Sep 17 00:00:00 2001
From: Stefan Junker <mail@stefanjunker.de>
Date: Sun, 16 Jan 2022 01:58:10 +0100
Subject: [PATCH] fwhosts: remove all addresses except lan

because the hosts answer packets directly to clients which do not expect
that to happen. the alternative would be to explicitly set up NAT,
however this solution is simpler.
the internal networks.
---
 nix/os/devices/fwhost1/system.nix | 3 ---
 nix/os/devices/fwhost2/system.nix | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/nix/os/devices/fwhost1/system.nix b/nix/os/devices/fwhost1/system.nix
index eb78072..75a5355 100644
--- a/nix/os/devices/fwhost1/system.nix
+++ b/nix/os/devices/fwhost1/system.nix
@@ -44,15 +44,12 @@ in {
 
   networking.vlans.dmz.id = 5;
   networking.vlans.dmz.interface = "breth";
-  networking.interfaces.dmz.ipv4.addresses = [{ address = "172.172.175.15"; prefixLength = 24; } ];
 
   networking.vlans.family.id = 6;
   networking.vlans.family.interface = "breth";
-  networking.interfaces.family.ipv4.addresses = [{ address = "172.172.176.15"; prefixLength = 24; } ];
 
   networking.vlans.guests.id = 7;
   networking.vlans.guests.interface = "breth";
-  networking.interfaces.guests.ipv4.addresses = [{ address = "172.172.177.15"; prefixLength = 24; } ];
 
   services.hostapd = {
     enable = false;
diff --git a/nix/os/devices/fwhost2/system.nix b/nix/os/devices/fwhost2/system.nix
index f6a60b7..7cee7c4 100644
--- a/nix/os/devices/fwhost2/system.nix
+++ b/nix/os/devices/fwhost2/system.nix
@@ -45,15 +45,12 @@ in {
 
   networking.vlans.dmz.id = 5;
   networking.vlans.dmz.interface = "breth";
-  networking.interfaces.dmz.ipv4.addresses = [{ address = "172.172.175.16"; prefixLength = 24; } ];
 
   networking.vlans.family.id = 6;
   networking.vlans.family.interface = "breth";
-  networking.interfaces.family.ipv4.addresses = [{ address = "172.172.176.16"; prefixLength = 24; } ];
 
   networking.vlans.guests.id = 7;
   networking.vlans.guests.interface = "breth";
-  networking.interfaces.guests.ipv4.addresses = [{ address = "172.172.177.16"; prefixLength = 24; } ];
 
   services.hostapd = {
     enable = false;