{ ... }: { ## Gastnetz networking.vlans."enp1s0.202" = { id = 202; interface = "enp1s0"; }; networking.bridges."net-gastnetz".interfaces = [ "enp1s0.202" ]; networking.interfaces."net-gastnetz".ipv6.addresses = [ { address = "fd00:3214:9453:4920::1"; prefixLength = 64; } ]; networking.interfaces."net-gastnetz".ipv4.addresses = [ { address = "192.168.32.1"; prefixLength = 24; } ]; services.radvd.config = '' interface net-gastnetz { AdvSendAdvert on; MaxRtrAdvInterval 30; prefix ::/64 { AdvValidLifetime 300; AdvPreferredLifetime 120; }; RDNSS 2620:fe::fe 2620:fe::9 {}; # Quad 9 }; ''; services.kea.dhcp4 = { settings = { interfaces-config = { interfaces = [ "net-gastnetz" ]; }; subnet4 = [ # Gastnetz { id = 202; subnet = "192.168.32.0/24"; pools = [ { pool = "192.168.32.100 - 192.168.32.240"; } ]; option-data = [ { name = "routers"; data = "192.168.32.1"; } { name = "domain-name-servers"; data = "9.9.9.9,149.112.112.112"; # Quad 9 } ]; } ]; }; }; # net-gastnetz can only access internet clerie.firewall.extraForwardFilterCommands = '' ip46tables -A forward-filter -i net-gastnetz -o ppp-dtagdsl -j ACCEPT ip46tables -A forward-filter -i net-gastnetz -j DROP ip46tables -A forward-filter -o net-gastnetz -j DROP ''; }