87 lines
2 KiB
Nix
87 lines
2 KiB
Nix
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}: let
|
|
keys = import ../../../variables/keys.nix;
|
|
passwords = import ../../../variables/passwords.crypt.nix;
|
|
in {
|
|
# TASK: new device
|
|
networking.hostName = "fwhost1"; # Define your hostname.
|
|
|
|
networking.useDHCP = false;
|
|
|
|
networking.firewall.enable = lib.mkForce false;
|
|
networking.firewall.allowedTCPPorts = [
|
|
# iperf3
|
|
5201
|
|
];
|
|
|
|
networking.firewall.logRefusedConnections = false;
|
|
networking.usePredictableInterfaceNames = false;
|
|
|
|
networking.bridges.breth.interfaces = ["eth0" "eth1"];
|
|
networking.bridges.breth.rstp = true;
|
|
|
|
networking.defaultGateway.address = "172.172.171.10";
|
|
networking.nameservers = ["172.172.171.10"];
|
|
|
|
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
|
|
networking.vlans.wan1.id = 3;
|
|
networking.vlans.wan1.interface = "breth";
|
|
networking.interfaces.wan1.ipv4.addresses = [
|
|
{
|
|
address = "192.168.0.15";
|
|
prefixLength = 24;
|
|
}
|
|
];
|
|
|
|
networking.vlans.wan2.id = 4;
|
|
networking.vlans.wan2.interface = "breth";
|
|
networking.interfaces.wan2.ipv4.addresses = [
|
|
{
|
|
address = "172.16.0.15";
|
|
prefixLength = 12;
|
|
}
|
|
];
|
|
|
|
# Local interfaces, all accessed via VLAN tags on the main bridge
|
|
networking.vlans.lan.id = 1;
|
|
networking.vlans.lan.interface = "breth";
|
|
networking.interfaces.lan.ipv4.addresses = [
|
|
{
|
|
address = "172.172.171.15";
|
|
prefixLength = 24;
|
|
}
|
|
];
|
|
|
|
networking.vlans.dmz.id = 5;
|
|
networking.vlans.dmz.interface = "breth";
|
|
|
|
networking.vlans.family.id = 6;
|
|
networking.vlans.family.interface = "breth";
|
|
|
|
networking.vlans.guests.id = 7;
|
|
networking.vlans.guests.interface = "breth";
|
|
|
|
services.hostapd = {
|
|
enable = false;
|
|
hwMode = "g";
|
|
interface = "wlan0";
|
|
ssid = "noowhere-lan";
|
|
wpaPassphrase = passwords.wifi.noowhere-lan;
|
|
extraConfig = ''
|
|
bridge=breth
|
|
'';
|
|
};
|
|
|
|
virtualisation = {
|
|
libvirtd = {
|
|
onShutdown = "shutdown";
|
|
enable = true;
|
|
};
|
|
};
|
|
|
|
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
|
}
|