Stefan Junker
e4aeb9621d
because the hosts answer packets directly to clients which do not expect that to happen. the alternative would be to explicitly set up NAT, however this solution is simpler. the internal networks.
75 lines
2 KiB
Nix
75 lines
2 KiB
Nix
{ pkgs
|
|
, lib
|
|
, config
|
|
, utils
|
|
, ... }:
|
|
|
|
let
|
|
keys = import ../../../variables/keys.nix;
|
|
passwords = import ../../../variables/passwords.crypt.nix;
|
|
in {
|
|
|
|
# TASK: new device
|
|
networking.hostName = "fwhost2"; # Define your hostname.
|
|
|
|
networking.useDHCP = false;
|
|
|
|
networking.firewall.enable = lib.mkForce false;
|
|
networking.firewall.allowedTCPPorts = [
|
|
# iperf3
|
|
5201
|
|
];
|
|
|
|
networking.firewall.logRefusedConnections = false;
|
|
networking.usePredictableInterfaceNames = false;
|
|
|
|
networking.bridges.breth.interfaces = [ "eth0" "eth1" ];
|
|
networking.bridges.breth.rstp = true;
|
|
|
|
networking.defaultGateway.address = "172.172.171.10";
|
|
networking.nameservers = [ "172.172.171.10" ];
|
|
|
|
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
|
|
networking.vlans.wan1.id = 3;
|
|
networking.vlans.wan1.interface = "breth";
|
|
networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.16"; prefixLength = 24; } ];
|
|
|
|
networking.vlans.wan2.id = 4;
|
|
networking.vlans.wan2.interface = "breth";
|
|
networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.16"; prefixLength = 12; } ];
|
|
|
|
# Local interfaces, all accessed via VLAN tags on the main bridge
|
|
networking.vlans.lan.id = 1;
|
|
networking.vlans.lan.interface = "breth";
|
|
networking.interfaces.lan.ipv4.addresses = [{ address = "172.172.171.16"; prefixLength = 24; } ];
|
|
|
|
networking.vlans.dmz.id = 5;
|
|
networking.vlans.dmz.interface = "breth";
|
|
|
|
networking.vlans.family.id = 6;
|
|
networking.vlans.family.interface = "breth";
|
|
|
|
networking.vlans.guests.id = 7;
|
|
networking.vlans.guests.interface = "breth";
|
|
|
|
services.hostapd = {
|
|
enable = false;
|
|
hwMode = "g";
|
|
interface = "wlan0";
|
|
ssid = "noowhere-lan";
|
|
wpaPassphrase = passwords.wifi.noowhere-lan;
|
|
extraConfig = ''
|
|
bridge=breth
|
|
'';
|
|
};
|
|
|
|
virtualisation = {
|
|
libvirtd = {
|
|
onShutdown = "shutdown";
|
|
enable = true;
|
|
};
|
|
};
|
|
|
|
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
|
}
|
|
|