Update from updated-inputs-2024-08-10-01-03

2024-08-10 03:03:05 +02:00
parent d1fffe1c99 1cd8f11597
commit c7a6eb10de
3 changed files with 93 additions and 0 deletions
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@@ -10,8 +10,10 @@
      ./net-dsl.nix
      ./net-gastnetz.nix
      ./net-heimnetz.nix
      ./net-iot.nix
      ./net-lte.nix
      ./net-voip.nix
      ./ntp.nix
      ./ppp.nix
    ];
--- a/hosts/carbon/net-iot.nix
+++ b/hosts/carbon/net-iot.nix
@@ -0,0 +1,76 @@
 { ... }:
 {
  networking.vlans."enp1s0.205" = {
    id = 205;
    interface = "enp1s0";
  };
  networking.bridges."net-iot".interfaces = [
    "enp1s0.205"
  ];
  networking.interfaces."net-iot".ipv6.addresses = [
    { address = "fe80::1"; prefixLength = 64; }
    { address = "fd00:152:152:205::1"; prefixLength = 64; }
  ];
  networking.interfaces."net-iot".ipv4.addresses = [
    { address = "10.152.205.1"; prefixLength = 24; }
  ];
  # Enable NTP
  networking.firewall.interfaces."net-iot".allowedUDPPorts = [ 123 ];
  services.radvd.config = ''
    interface net-iot {
      AdvSendAdvert on;
      prefix fd00:152:152:205::/64 {};
      RDNSS fd00:152:152::1 {};
      DNSSL iot.clerie.de {};
    };
  '';
  services.kea.dhcp4 = {
    settings = {
      interfaces-config = {
        interfaces = [ "net-iot" ];
      };
      subnet4 = [
        {
          id = 205;
          subnet = "10.152.205.0/24";
          pools = [
            {
              pool = "10.152.205.100 - 10.152.205.240";
            }
          ];
          option-data = [
            {
              name = "routers";
              data = "10.152.205.1";
            }
            {
              name = "domain-name-servers";
              data = "10.152.0.1";
            }
            {
              name = "domain-name";
              data = "iot.clerie.de";
            }
            {
              name = "time-servers";
              data = "10.152.0.1";
            }
          ];
        }
      ];
    };
  };
  clerie.firewall.extraForwardFilterCommands = ''
    # Allow access from Heimnetz to IOT devices
    ip46tables -A forward-filter -i net-heimnetz -o net-iot -j ACCEPT
    ip46tables -A forward-filter -i net-iot -j DROP
    ip46tables -A forward-filter -o net-iot -j DROP
  '';
 }
--- a/hosts/carbon/ntp.nix
+++ b/hosts/carbon/ntp.nix
@@ -0,0 +1,15 @@
 { ... }:
 {
  services.chrony = {
    enable = true;
    extraConfig = ''
      # Enable NTP server mode
      allow
      bindaddress fd00:152:152::1
      bindaddress 10.152.0.1
    '';
  };
 }