Split up router role into multiple roles

This commit is contained in:
Fabian Hauser 2020-05-17 12:04:30 +00:00
parent 51ac8518a2
commit 508b86c9cc
6 changed files with 29 additions and 45 deletions

View file

@ -1,47 +1,32 @@
{
# To get the MAC address of each card, use this command: cat /sys/class/net/*device_name*/address
# Make sure to use the lower-case hex values in your udev rules. It does not like upper-case.
wanInterface, wireless ? {
wleInterface = "wlp5s0";
wleSSID = "hauser";
# Generate Encrypted Passphrase with: wpa_passphrase <wleSSID> <passphrase>
wlePassphrase =
"a5e42b914b5ad2b7e0474c3b9b35d0843a52668d30cd6aa8650ec43263a60b6e";
}, lanInterfaces ? [ "enp2s0" "enp3s0" ], lanNetwork ? {
routerAddress = "10.1.1.1";
netid = "10.1.1.0";
revIpDomain = "1.1.10";
prefixLength = 24;
domain = "ilanz.fh2.ch";
dhcpRange = "10.1.1.2,10.1.1.249";
routerHostName = "router";
}, }:
wanInterface, wirelessInterfaces, lanInterfaces,
internalRouterIP,
internalPrefixLength? 24,
internalBridgeInterfaceName? "lan"
}:
let pkgs = import <nixpkgs> { };
in {
imports = [
(import ./wireless-access-point.nix wireless)
(import ./dns-recursive.nix lanNetwork)
];
networking = {
enableIPv6 = false; # TODO
nat = {
enable = true;
externalInterface = wanInterface;
internalInterfaces = [ "lan" ];
internalInterfaces = [ internalBridgeInterfaceName ];
};
bridges.lan.interfaces = lanInterfaces ++ [ wireless.wleInterface ];
bridges.lan.interfaces = lanInterfaces ++ wirelessInterfaces;
interfaces.lan = {
ipv4 = {
addresses = [{
address = lanNetwork.routerAddress;
prefixLength = lanNetwork.prefixLength;
address = internalRouterIP;
prefixLength = internalPrefixLength;
}];
};
};
firewall.trustedInterfaces = [ "lan" ];
firewall.trustedInterfaces = [ internalBridgeInterfaceName ];
};
}