From c0c48a83b3a79f4eae479be0129a52889c5c40c7 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 18 Nov 2019 23:52:17 +0000 Subject: [PATCH] Fix bugs --- host/achiles.nix | 2 +- role/router.nix | 21 +++++++++++++-------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/host/achiles.nix b/host/achiles.nix index 2409f0f..f0eaf9c 100644 --- a/host/achiles.nix +++ b/host/achiles.nix @@ -10,7 +10,7 @@ let routerConfig = { country = "CH"; wleInterface = "wlp5s0"; wleSSID = "hauser"; - wlePassphrase = "a5e42b914b5ad2b7e0474c3b9b35d0843a52668d30cd6aa8650ec43263a60b6e"; + wlePassphrase = "mifatielma"; }; lanInterfaces = [ "enp2s0" "enp3s0" "enp3s0" ]; lanNetwork = { diff --git a/role/router.nix b/role/router.nix index 36fe2ab..6c39972 100644 --- a/role/router.nix +++ b/role/router.nix @@ -19,6 +19,10 @@ dhcpRange = "10.1.1.2,10.1.1.249"; } }: + +let pkgs = import{}; + +in { # To get the MAC address of each card, use this command: cat /sys/class/net/*device_name*/address @@ -27,12 +31,6 @@ SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="${wanCardAddress}", NAME="wan" ''; - networking.nat = { - enable = true; - externalInterface = "wan"; - internalInterfaces = [ "lan" ]; - }; - boot.extraModprobeConfig = '' options cfg80211 ieee80211_regdom=${wireless.country} ''; @@ -75,7 +73,14 @@ }; networking = { - bridges.lan.interfaces = lanInterfaces ++ [ wireless.wleInterface ]; + nat = { + enable = true; + externalInterface = "wan"; + internalInterfaces = [ "lan" ]; + }; + + bridges.lan.interfaces = lanInterfaces; +# bridges.lan.interfaces = lanInterfaces ++ [ wireless.wleInterface ]; interfaces.lan = { ipv4 = { addresses = [ { address = lanNetwork.routerAddress; prefixLength = lanNetwork.prefixLength; } ]; @@ -87,7 +92,7 @@ services.unbound = { enable = true; interfaces = [ "127.0.0.1" lanNetwork.routerAddress ]; - allowedAccess = [ "127.0.0.0/24" lanNetwork.netid ++ "/" ++ lanNetwork.prefixLength ]; + allowedAccess = [ "127.0.0.0/24" "${lanNetwork.netid}/${toString lanNetwork.prefixLength}" ]; extraConfig = '' # Custom configuration (leave this note to assure indentation!) do-not-query-localhost: no