infrastructure/nixos-configurations/calanda/networking.nix

96 lines
2.3 KiB
Nix
Raw Normal View History

2024-10-02 15:52:04 +02:00
{ config, pkgs, ... }:
let
meta = config.qois.meta;
plessur-dmz-net = meta.network.physical.plessur-dmz;
plessur-lan-net = meta.network.physical.plessur-lan;
2024-12-11 14:25:47 +01:00
plessur-ext-net = meta.network.physical.plessur-ext;
2024-10-02 15:52:04 +02:00
getCalandaIp4 = net: net.hosts.calanda.v4.ip;
in
{
networking.hostName = meta.hosts.calanda.hostName;
networking.domain = "ilanz.fh2.ch";
networking.enableIPv6 = false; # TODO
networking.useDHCP = false;
networking.interfaces.enp4s0.useDHCP = true;
networking.firewall.allowedTCPPorts = [
80
443
];
networking.interfaces.enp3s0 = {
ipv4.addresses = [
{
inherit (plessur-dmz-net.v4) prefixLength;
address = getCalandaIp4 plessur-dmz-net;
}
];
};
qois.backplane-net.enable = true;
2024-10-02 15:52:04 +02:00
# TODO: Metaize ips
services.qois.router = {
enable = true;
wanInterface = "enp4s0";
wirelessInterfaces = [ "wlp5s0" ];
lanInterfaces = [ "enp2s0" ];
internalRouterIP = getCalandaIp4 plessur-lan-net;
dhcp = {
enable = true;
localDomain = "ilanz.fh2.ch"; # TODO: Legacy hostname
dhcpRange = "10.1.1.2,10.1.1.249";
};
recursiveDns = {
enable = true;
networkIdIp = plessur-lan-net.v4.id;
};
wireless = {
enable = true;
wleInterface24Ghz = "wlp5s0";
ssid = "hauser";
};
};
# DMZ
services.unbound.settings.server = {
interface = [ plessur-dmz-net.hosts.calanda.v4.ip ];
access-control = [
''"${plessur-dmz-net.v4.id}/${toString plessur-dmz-net.v4.prefixLength}" allow''
];
};
networking.firewall.interfaces.enp3s0.allowedUDPPorts = [ 53 ];
networking.nat.internalInterfaces = [ "enp3s0" ];
# DMZ Portforwarding
networking.nat.forwardPorts =
let
2024-12-11 14:25:47 +01:00
cyprianspitzPortDst = (
proto: sourcePort: dstPort: {
destination = "${plessur-lan-net.hosts.cyprianspitz.v4.ip}:${toString dstPort}";
inherit proto;
inherit sourcePort;
loopbackIPs = [ plessur-ext-net.hosts.calanda.v4.ip ];
2024-10-02 15:52:04 +02:00
}
);
2024-12-11 14:25:47 +01:00
cyprianspitzPort = proto: port: (cyprianspitzPortDst proto port port);
2024-10-02 15:52:04 +02:00
in
[
2024-12-11 14:25:47 +01:00
(cyprianspitzPortDst "tcp" 8222 22)
(cyprianspitzPortDst "tcp" 8223 2222)
2024-10-02 15:52:04 +02:00
]
++ map (cyprianspitzPort "tcp") [
80
443
]
++ map (cyprianspitzPort "udp") [
51824
1666
41641
3478
3479
];
}