dotfiles/role/router.nix

{
  # To get the MAC address of each card, use this command: cat /sys/class/net/*device_name*/address
  # Make sure to use the lower-case hex values in your udev rules. It does not like upper-case.
  wanInterface,
  wireless ? {
    wleInterface = "wlp5s0";
    wleSSID = "hauser";
    # Generate Encrypted Passphrase with: wpa_passphrase <wleSSID> <passphrase>
    wlePassphrase = "a5e42b914b5ad2b7e0474c3b9b35d0843a52668d30cd6aa8650ec43263a60b6e";
  },
  lanInterfaces ? [ "enp2s0" "enp3s0" ],
  lanNetwork ? {
    routerAddress = "10.1.1.1";
    netid = "10.1.1.0";
    revIpDomain = "1.1.10";
    prefixLength = 24;
    domain = "ilanz.fh2.ch";
    dhcpRange = "10.1.1.2,10.1.1.249";
    routerHostName = "router";
  },
}:

let pkgs = import<nixpkgs>{};
in
{
  imports = [
   (import ./networking/wireless-access-point.nix wireless)
   (import ./networking/dns-recursive.nix lanNetwork)
  ];
 
  networking = {
    nat = {
      enable = true;
      externalInterface = wanInterface;
      internalInterfaces = [ "lan" ];
    };

    bridges.lan.interfaces = lanInterfaces ++ [ wireless.wleInterface ];
    interfaces.lan = {
        ipv4 = {
        addresses = [ { address = lanNetwork.routerAddress; prefixLength = lanNetwork.prefixLength; } ];
      };
    };
    firewall.trustedInterfaces = [ "lan" ];
  };

}