{ config, pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix ../../configuration/router ./dns.nix ./net-gastnetz.nix ./net-heimnetz.nix ./net-voip.nix ./ppp.nix ]; boot.kernelParams = [ "console=ttyS0,115200n8" ]; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; boot.loader.grub.extraConfig = " serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 terminal_input serial terminal_output serial "; networking.useDHCP = false; # Local Router IPs networking.interfaces.lo.ipv6.addresses = [ { address = "fd00:152:152::1"; prefixLength = 128; } # Anycast ]; networking.interfaces.lo.ipv4.addresses = [ { address = "10.152.0.1"; prefixLength = 32; } # Anycast ]; # Network ## DSL-Uplink networking.vlans."enp1s0.7" = { id = 7; interface = "enp1s0"; }; networking.vlans."enp3s0.7" = { id = 7; interface = "enp3s0"; }; networking.bridges."net-dsl".interfaces = [ "enp1s0.7" "enp3s0.7" ]; ## LTE-Uplink networking.vlans."enp1s0.102" = { id = 102; interface = "enp1s0"; }; # Use Anycast Nameservers networking.nameservers = [ "fd00:152:152::1" "10.152.0.1" ]; networking.nat = { enableIPv6 = true; enable = true; externalInterface = "ppp-dtagdsl"; internalIPv6s = [ "fd00:152:152::/48" "fd00:3214:9453:4920::/64"]; internalIPs = [ "10.152.0.0/16" "192.168.32.0/24" ]; }; services.radvd.enable = true; services.kea.dhcp4 = { enable = true; settings = { interfaces-config = { service-sockets-max-retries = 15; service-sockets-retry-wait-time = 2000; }; lease-database = { name = "/var/lib/kea/dhcp4.leases"; persist = true; type = "memfile"; }; }; }; clerie.firewall.enable = true; clerie.firewall.extraForwardMangleCommands = '' ip46tables -t mangle -A forward-mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1416 ''; clerie.monitoring = { enable = true; id = "104"; pubkey = "sro9DUSMtVr5xV2o3GTgg+0vmLj+bRc8fN+3pIr6+HY="; blackbox = true; }; system.stateVersion = "21.03"; }