diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix index 63a8393..9508a93 100644 --- a/hosts/carbon/configuration.nix +++ b/hosts/carbon/configuration.nix @@ -7,6 +7,7 @@ ../../configuration/router ./dns.nix + ./net-gastnetz.nix ./net-heimnetz.nix ./ppp.nix ]; @@ -48,18 +49,6 @@ id = 102; interface = "enp1s0"; }; - ## Gastnetz - networking.vlans."enp1s0.202" = { - id = 202; - interface = "enp1s0"; - }; - networking.interfaces."enp1s0.202".ipv6.addresses = [ - { address = "fd00:3214:9453:4920::1"; prefixLength = 64; } - { address = "2001:4cd8:100:1313::1"; prefixLength = 64; } # public IPs for local network - ]; - networking.interfaces."enp1s0.202".ipv4.addresses = [ - { address = "192.168.32.1"; prefixLength = 24; } - ]; ## VoIP networking.vlans."enp1s0.204" = { id = 204; @@ -81,19 +70,12 @@ }; services.radvd.enable = true; - services.radvd.config = '' - interface enp1s0.202 { - AdvSendAdvert on; - prefix 2001:4cd8:100:1313::/64 {}; - RDNSS 2620:fe::fe 2620:fe::9 {}; # Quad 9 - }; - ''; services.kea.dhcp4 = { enable = true; settings = { interfaces-config = { - interfaces = [ "enp1s0.202" "enp1s0.204" ]; + interfaces = [ "enp1s0.204" ]; service-sockets-max-retries = 15; service-sockets-retry-wait-time = 2000; }; @@ -142,26 +124,6 @@ } ]; subnet4 = [ - # Gastnetz - { - id = 202; - subnet = "192.168.32.0/24"; - pools = [ - { - pool = "192.168.32.100 - 192.168.32.240"; - } - ]; - option-data = [ - { - name = "routers"; - data = "192.168.32.1"; - } - { - name = "domain-name-servers"; - data = "9.9.9.9,149.112.112.112"; # Quad 9 - } - ]; - } # VoIP { id = 204; @@ -209,11 +171,6 @@ }; clerie.firewall.enable = true; - clerie.firewall.extraForwardFilterCommands = '' - ip46tables -A forward-filter -i enp1s0.202 -o ppp-dtagdsl -j ACCEPT - ip46tables -A forward-filter -i enp1s0.202 -j DROP - ip46tables -A forward-filter -o enp1s0.202 -j DROP - ''; clerie.firewall.extraForwardMangleCommands = '' ip46tables -t mangle -A forward-mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1416 ''; diff --git a/hosts/carbon/net-gastnetz.nix b/hosts/carbon/net-gastnetz.nix new file mode 100644 index 0000000..932c374 --- /dev/null +++ b/hosts/carbon/net-gastnetz.nix @@ -0,0 +1,63 @@ +{ ... }: + +{ + + ## Gastnetz + networking.vlans."enp1s0.202" = { + id = 202; + interface = "enp1s0"; + }; + networking.interfaces."enp1s0.202".ipv6.addresses = [ + { address = "fd00:3214:9453:4920::1"; prefixLength = 64; } + { address = "2001:4cd8:100:1313::1"; prefixLength = 64; } # public IPs for local network + ]; + networking.interfaces."enp1s0.202".ipv4.addresses = [ + { address = "192.168.32.1"; prefixLength = 24; } + ]; + + services.radvd.config = '' + interface enp1s0.202 { + AdvSendAdvert on; + prefix 2001:4cd8:100:1313::/64 {}; + RDNSS 2620:fe::fe 2620:fe::9 {}; # Quad 9 + }; + ''; + + services.kea.dhcp4 = { + settings = { + interfaces-config = { + interfaces = [ "enp1s0.202" ]; + }; + subnet4 = [ + # Gastnetz + { + id = 202; + subnet = "192.168.32.0/24"; + pools = [ + { + pool = "192.168.32.100 - 192.168.32.240"; + } + ]; + option-data = [ + { + name = "routers"; + data = "192.168.32.1"; + } + { + name = "domain-name-servers"; + data = "9.9.9.9,149.112.112.112"; # Quad 9 + } + ]; + } + ]; + }; + }; + + # net-gastnetz can only access internet + clerie.firewall.extraForwardFilterCommands = '' + ip46tables -A forward-filter -i enp1s0.202 -o ppp-dtagdsl -j ACCEPT + ip46tables -A forward-filter -i enp1s0.202 -j DROP + ip46tables -A forward-filter -o enp1s0.202 -j DROP + ''; + +}