From def2055775680024eb927e21068f6b861ae377c8 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Thu, 8 Aug 2024 20:02:57 +0200
Subject: [PATCH 1/3] hosts/carbon: Add net-iot

---
 hosts/carbon/configuration.nix |  1 +
 hosts/carbon/net-iot.nix       | 69 ++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 hosts/carbon/net-iot.nix

diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix
index b97e2fe..c9cc78f 100644
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@@ -10,6 +10,7 @@
       ./net-dsl.nix
       ./net-gastnetz.nix
       ./net-heimnetz.nix
+      ./net-iot.nix
       ./net-lte.nix
       ./net-voip.nix
       ./ppp.nix
diff --git a/hosts/carbon/net-iot.nix b/hosts/carbon/net-iot.nix
new file mode 100644
index 0000000..be18bfc
--- /dev/null
+++ b/hosts/carbon/net-iot.nix
@@ -0,0 +1,69 @@
+{ ... }:
+
+{
+
+  networking.vlans."enp1s0.205" = {
+    id = 205;
+    interface = "enp1s0";
+  };
+  networking.bridges."net-iot".interfaces = [
+    "enp1s0.205"
+  ];
+  networking.interfaces."net-iot".ipv6.addresses = [
+    { address = "fe80::1"; prefixLength = 64; }
+    { address = "fd00:152:152:205::1"; prefixLength = 64; }
+  ];
+  networking.interfaces."net-iot".ipv4.addresses = [
+    { address = "10.152.205.1"; prefixLength = 24; }
+  ];
+
+  services.radvd.config = ''
+    interface net-iot {
+      AdvSendAdvert on;
+      prefix fd00:152:152:205::/64 {};
+      RDNSS fd00:152:152::1 {};
+      DNSSL iot.clerie.de {};
+    };
+  '';
+
+  services.kea.dhcp4 = {
+    settings = {
+      interfaces-config = {
+        interfaces = [ "net-iot" ];
+      };
+      subnet4 = [
+        {
+          id = 205;
+          subnet = "10.152.205.0/24";
+          pools = [
+            {
+              pool = "10.152.205.100 - 10.152.205.240";
+            }
+          ];
+          option-data = [
+            {
+              name = "routers";
+              data = "10.152.205.1";
+            }
+            {
+              name = "domain-name-servers";
+              data = "10.152.0.1";
+            }
+            {
+              name = "domain-name";
+              data = "iot.clerie.de";
+            }
+          ];
+        }
+      ];
+    };
+  };
+
+  clerie.firewall.extraForwardFilterCommands = ''
+    # Allow access from Heimnetz to IOT devices
+    ip46tables -A forward-filter -i net-heimnetz -o net-iot -j ACCEPT
+    ip46tables -A forward-filter -i net-iot -j DROP
+    ip46tables -A forward-filter -o net-iot -j DROP
+  '';
+
+}

From 9bc609fbb3eb8cbad6a15709c69b2277f82a821a Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Fri, 9 Aug 2024 18:02:48 +0200
Subject: [PATCH 2/3] hosts/carbon: Bootstrap chrony ntp server

---
 hosts/carbon/configuration.nix |  1 +
 hosts/carbon/net-iot.nix       |  7 +++++++
 hosts/carbon/ntp.nix           | 15 +++++++++++++++
 3 files changed, 23 insertions(+)
 create mode 100644 hosts/carbon/ntp.nix

diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix
index c9cc78f..df504e1 100644
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@@ -13,6 +13,7 @@
       ./net-iot.nix
       ./net-lte.nix
       ./net-voip.nix
+      ./ntp.nix
       ./ppp.nix
     ];
 
diff --git a/hosts/carbon/net-iot.nix b/hosts/carbon/net-iot.nix
index be18bfc..43e3c57 100644
--- a/hosts/carbon/net-iot.nix
+++ b/hosts/carbon/net-iot.nix
@@ -17,6 +17,9 @@
     { address = "10.152.205.1"; prefixLength = 24; }
   ];
 
+  # Enable NTP
+  networking.firewall.interfaces."net-iot".allowedUDPPorts = [ 123 ];
+
   services.radvd.config = ''
     interface net-iot {
       AdvSendAdvert on;
@@ -53,6 +56,10 @@
               name = "domain-name";
               data = "iot.clerie.de";
             }
+            {
+              name = "time-servers";
+              data = "10.152.0.1";
+            }
           ];
         }
       ];
diff --git a/hosts/carbon/ntp.nix b/hosts/carbon/ntp.nix
new file mode 100644
index 0000000..39663c8
--- /dev/null
+++ b/hosts/carbon/ntp.nix
@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+
+  services.chrony = {
+    enable = true;
+    extraConfig = ''
+      # Enable NTP server mode
+      allow
+      bindaddress fd00:152:152::1
+      bindaddress 10.152.0.1
+    '';
+  };
+
+}

From 1cd8f11597d10c0c635c3ef2d419b2bc16d49b45 Mon Sep 17 00:00:00 2001
From: Flake Update Bot <flake-update-bot@clerie.de>
Date: Sat, 10 Aug 2024 03:03:03 +0200
Subject: [PATCH 3/3] Update nixpkgs 2024-08-10-01-03

---
 flake.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index 06a5176..f42e0be 100644
--- a/flake.lock
+++ b/flake.lock
@@ -288,11 +288,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1722421184,
-        "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=",
+        "lastModified": 1722813957,
+        "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58",
+        "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
         "type": "github"
       },
       "original": {