2024-10-02 15:52:04 +02:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
let
|
|
|
|
meta = config.qois.meta;
|
|
|
|
plessur-dmz-net = meta.network.physical.plessur-dmz;
|
|
|
|
plessur-lan-net = meta.network.physical.plessur-lan;
|
|
|
|
getCalandaIp4 = net: net.hosts.calanda.v4.ip;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
networking.hostName = meta.hosts.calanda.hostName;
|
|
|
|
networking.domain = "ilanz.fh2.ch";
|
|
|
|
networking.enableIPv6 = false; # TODO
|
|
|
|
|
|
|
|
networking.useDHCP = false;
|
|
|
|
networking.interfaces.enp4s0.useDHCP = true;
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
80
|
|
|
|
443
|
|
|
|
];
|
|
|
|
|
|
|
|
networking.interfaces.enp3s0 = {
|
|
|
|
ipv4.addresses = [
|
|
|
|
{
|
|
|
|
inherit (plessur-dmz-net.v4) prefixLength;
|
|
|
|
address = getCalandaIp4 plessur-dmz-net;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2024-12-09 15:20:35 +01:00
|
|
|
qois.backplane-net.enable = true;
|
|
|
|
|
2024-10-02 15:52:04 +02:00
|
|
|
# TODO: Metaize ips
|
|
|
|
services.qois.router = {
|
|
|
|
enable = true;
|
|
|
|
wanInterface = "enp4s0";
|
|
|
|
wirelessInterfaces = [ "wlp5s0" ];
|
|
|
|
lanInterfaces = [ "enp2s0" ];
|
|
|
|
internalRouterIP = getCalandaIp4 plessur-lan-net;
|
|
|
|
dhcp = {
|
|
|
|
enable = true;
|
|
|
|
localDomain = "ilanz.fh2.ch"; # TODO: Legacy hostname
|
|
|
|
dhcpRange = "10.1.1.2,10.1.1.249";
|
|
|
|
};
|
|
|
|
recursiveDns = {
|
|
|
|
enable = true;
|
|
|
|
networkIdIp = plessur-lan-net.v4.id;
|
|
|
|
};
|
|
|
|
wireless = {
|
|
|
|
enable = true;
|
|
|
|
wleInterface24Ghz = "wlp5s0";
|
|
|
|
ssid = "hauser";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# DMZ
|
|
|
|
services.unbound.settings.server = {
|
|
|
|
interface = [ plessur-dmz-net.hosts.calanda.v4.ip ];
|
|
|
|
access-control = [
|
|
|
|
''"${plessur-dmz-net.v4.id}/${toString plessur-dmz-net.v4.prefixLength}" allow''
|
|
|
|
];
|
|
|
|
};
|
|
|
|
networking.firewall.interfaces.enp3s0.allowedUDPPorts = [ 53 ];
|
|
|
|
networking.nat.internalInterfaces = [ "enp3s0" ];
|
|
|
|
|
|
|
|
# DMZ Portforwarding
|
|
|
|
networking.nat.forwardPorts =
|
|
|
|
let
|
|
|
|
cyprianspitzPort = (
|
|
|
|
proto: port: {
|
|
|
|
destination = "10.1.1.11:${toString port}";
|
|
|
|
proto = proto;
|
|
|
|
sourcePort = port;
|
|
|
|
loopbackIPs = [ "85.195.200.253" ];
|
|
|
|
}
|
|
|
|
);
|
|
|
|
in
|
|
|
|
[
|
|
|
|
{
|
|
|
|
destination = "10.1.1.11:2222";
|
|
|
|
proto = "tcp";
|
|
|
|
sourcePort = 8223;
|
|
|
|
}
|
|
|
|
]
|
|
|
|
++ map (cyprianspitzPort "tcp") [
|
|
|
|
80
|
|
|
|
443
|
|
|
|
]
|
|
|
|
++ map (cyprianspitzPort "udp") [
|
|
|
|
51824
|
|
|
|
1666
|
|
|
|
41641
|
|
|
|
3478
|
|
|
|
3479
|
|
|
|
];
|
|
|
|
}
|