{ config, pkgs, ... }: let meta = config.qois.meta; plessur-dmz-net = meta.network.physical.plessur-dmz; plessur-lan-net = meta.network.physical.plessur-lan; plessur-ext-net = meta.network.physical.plessur-ext; getCalandaIp4 = net: net.hosts.calanda.v4.ip; in { networking.hostName = meta.hosts.calanda.hostName; networking.domain = "ilanz.fh2.ch"; networking.enableIPv6 = false; # TODO networking.useDHCP = false; networking.interfaces.enp4s0.useDHCP = true; networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.interfaces.enp3s0 = { ipv4.addresses = [ { inherit (plessur-dmz-net.v4) prefixLength; address = getCalandaIp4 plessur-dmz-net; } ]; }; qois.backplane-net.enable = true; # TODO: Metaize ips services.qois.router = { enable = true; wanInterface = "enp4s0"; wirelessInterfaces = [ "wlp5s0" ]; lanInterfaces = [ "enp2s0" ]; internalRouterIP = getCalandaIp4 plessur-lan-net; dhcp = { enable = true; localDomain = "ilanz.fh2.ch"; # TODO: Legacy hostname dhcpRange = "10.1.1.2,10.1.1.249"; }; recursiveDns = { enable = true; networkIdIp = plessur-lan-net.v4.id; }; wireless = { enable = true; wleInterface24Ghz = "wlp5s0"; ssid = "hauser"; }; }; # DMZ services.unbound.settings.server = { interface = [ plessur-dmz-net.hosts.calanda.v4.ip ]; access-control = [ ''"${plessur-dmz-net.v4.id}/${toString plessur-dmz-net.v4.prefixLength}" allow'' ]; }; networking.firewall.interfaces.enp3s0.allowedUDPPorts = [ 53 ]; networking.nat.internalInterfaces = [ "enp3s0" ]; # DMZ Portforwarding networking.nat.forwardPorts = let cyprianspitzPortDst = ( proto: sourcePort: dstPort: { destination = "${plessur-lan-net.hosts.cyprianspitz.v4.ip}:${toString dstPort}"; inherit proto; inherit sourcePort; loopbackIPs = [ plessur-ext-net.hosts.calanda.v4.ip ]; } ); cyprianspitzPort = proto: port: (cyprianspitzPortDst proto port port); in [ (cyprianspitzPortDst "tcp" 8222 22) (cyprianspitzPortDst "tcp" 8223 2222) ] ++ map (cyprianspitzPort "tcp") [ 80 443 ] ++ map (cyprianspitzPort "udp") [ 51824 1666 41641 3478 3479 ]; }