Update from updated-inputs-2024-08-10-01-03

2024-08-10 03:03:05 +02:00
parent d1fffe1c99 1cd8f11597
commit c7a6eb10de
3 changed files with 93 additions and 0 deletions
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@@ -10,8 +10,10 @@
      ./net-dsl.nix
      ./net-gastnetz.nix
      ./net-heimnetz.nix
+      ./net-iot.nix
      ./net-lte.nix
      ./net-voip.nix
+      ./ntp.nix
      ./ppp.nix
    ];

--- a/hosts/carbon/net-iot.nix
+++ b/hosts/carbon/net-iot.nix
@@ -0,0 +1,76 @@
+{ ... }:
+
+{
+
+  networking.vlans."enp1s0.205" = {
+    id = 205;
+    interface = "enp1s0";
+  };
+  networking.bridges."net-iot".interfaces = [
+    "enp1s0.205"
+  ];
+  networking.interfaces."net-iot".ipv6.addresses = [
+    { address = "fe80::1"; prefixLength = 64; }
+    { address = "fd00:152:152:205::1"; prefixLength = 64; }
+  ];
+  networking.interfaces."net-iot".ipv4.addresses = [
+    { address = "10.152.205.1"; prefixLength = 24; }
+  ];
+
+  # Enable NTP
+  networking.firewall.interfaces."net-iot".allowedUDPPorts = [ 123 ];
+
+  services.radvd.config = ''
+    interface net-iot {
+      AdvSendAdvert on;
+      prefix fd00:152:152:205::/64 {};
+      RDNSS fd00:152:152::1 {};
+      DNSSL iot.clerie.de {};
+    };
+  '';
+
+  services.kea.dhcp4 = {
+    settings = {
+      interfaces-config = {
+        interfaces = [ "net-iot" ];
+      };
+      subnet4 = [
+        {
+          id = 205;
+          subnet = "10.152.205.0/24";
+          pools = [
+            {
+              pool = "10.152.205.100 - 10.152.205.240";
+            }
+          ];
+          option-data = [
+            {
+              name = "routers";
+              data = "10.152.205.1";
+            }
+            {
+              name = "domain-name-servers";
+              data = "10.152.0.1";
+            }
+            {
+              name = "domain-name";
+              data = "iot.clerie.de";
+            }
+            {
+              name = "time-servers";
+              data = "10.152.0.1";
+            }
+          ];
+        }
+      ];
+    };
+  };
+
+  clerie.firewall.extraForwardFilterCommands = ''
+    # Allow access from Heimnetz to IOT devices
+    ip46tables -A forward-filter -i net-heimnetz -o net-iot -j ACCEPT
+    ip46tables -A forward-filter -i net-iot -j DROP
+    ip46tables -A forward-filter -o net-iot -j DROP
+  '';
+
+}
--- a/hosts/carbon/ntp.nix
+++ b/hosts/carbon/ntp.nix
@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+
+  services.chrony = {
+    enable = true;
+    extraConfig = ''
+      # Enable NTP server mode
+      allow
+      bindaddress fd00:152:152::1
+      bindaddress 10.152.0.1
+    '';
+  };
+
+}