{ pkgs, lib, config, ... }: let keys = import ../../../variables/keys.nix; passwords = import ../../../variables/passwords.crypt.nix; in { # TASK: new device networking.hostName = "fwhost1"; # Define your hostname. networking.useDHCP = false; networking.firewall.enable = lib.mkForce false; networking.firewall.allowedTCPPorts = [ # iperf3 5201 ]; networking.firewall.logRefusedConnections = false; networking.usePredictableInterfaceNames = false; networking.bridges.breth.interfaces = ["eth0" "eth1"]; networking.bridges.breth.rstp = true; networking.defaultGateway.address = "172.172.171.10"; networking.nameservers = ["172.172.171.10"]; # WAN interfaces, currently unused because the OPNsense guest acts as a router. networking.vlans.wan1.id = 3; networking.vlans.wan1.interface = "breth"; networking.interfaces.wan1.ipv4.addresses = [ { address = "192.168.0.15"; prefixLength = 24; } ]; networking.vlans.wan2.id = 4; networking.vlans.wan2.interface = "breth"; networking.interfaces.wan2.ipv4.addresses = [ { address = "172.16.0.15"; prefixLength = 12; } ]; # Local interfaces, all accessed via VLAN tags on the main bridge networking.vlans.lan.id = 1; networking.vlans.lan.interface = "breth"; networking.interfaces.lan.ipv4.addresses = [ { address = "172.172.171.15"; prefixLength = 24; } ]; networking.vlans.dmz.id = 5; networking.vlans.dmz.interface = "breth"; networking.vlans.family.id = 6; networking.vlans.family.interface = "breth"; networking.vlans.guests.id = 7; networking.vlans.guests.interface = "breth"; services.hostapd = { enable = false; hwMode = "g"; interface = "wlan0"; ssid = "noowhere-lan"; wpaPassphrase = passwords.wifi.noowhere-lan; extraConfig = '' bridge=breth ''; }; virtualisation = { libvirtd = { onShutdown = "shutdown"; enable = true; }; }; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; }