{ config, pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix ../../configuration/router ]; boot.kernelParams = [ "console=ttyS0,115200n8" ]; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; boot.loader.grub.extraConfig = " serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 terminal_input serial terminal_output serial "; networking.useDHCP = false; # Local Router IPs networking.interfaces.lo.ipv6.addresses = [ { address = "fd00:152:152::1"; prefixLength = 128; } # Anycast ]; networking.interfaces.lo.ipv4.addresses = [ { address = "10.152.0.1"; prefixLength = 32; } # Anycast ]; # Network ## DSL-Uplink networking.vlans."enp1s0.7" = { id = 7; interface = "enp1s0"; }; networking.vlans."enp3s0.7" = { id = 7; interface = "enp3s0"; }; networking.bridges."net-dsl".interfaces = [ "enp1s0.7" "enp3s0.7" ]; ## LTE-Uplink networking.vlans."enp1s0.102" = { id = 102; interface = "enp1s0"; }; ## Heimnetz networking.vlans."enp1s0.201" = { id = 201; interface = "enp1s0"; }; networking.bridges."net-heimnetz".interfaces = [ "enp1s0.201" "enp2s0" ]; networking.interfaces."net-heimnetz".ipv6.addresses = [ { address = "fe80::1"; prefixLength = 64; } { address = "fd00:152:152:4::1"; prefixLength = 64; } { address = "2001:4cd8:100:1337::1"; prefixLength = 64; } # public IPs for local network ]; networking.interfaces."net-heimnetz".ipv4.addresses = [ { address = "10.152.4.1"; prefixLength = 24; } ]; ## Gastnetz networking.vlans."enp1s0.202" = { id = 202; interface = "enp1s0"; }; networking.interfaces."enp1s0.202".ipv6.addresses = [ { address = "fd00:3214:9453:4920::1"; prefixLength = 64; } { address = "2001:4cd8:100:1313::1"; prefixLength = 64; } # public IPs for local network ]; networking.interfaces."enp1s0.202".ipv4.addresses = [ { address = "192.168.32.1"; prefixLength = 24; } ]; ## VoIP networking.vlans."enp1s0.204" = { id = 204; interface = "enp1s0"; }; networking.interfaces."enp1s0.204".ipv4.addresses = [ { address = "10.152.33.1"; prefixLength = 24; } ]; # Use Anycast Nameservers networking.nameservers = [ "fd00:152:152::1" "10.152.0.1" ]; networking.nat = { enableIPv6 = true; enable = true; externalInterface = "ppp-ntvdsl"; internalIPv6s = [ "fd00:152:152::/48" "fd00:3214:9453:4920::/64"]; internalIPs = [ "10.152.0.0/16" "192.168.32.0/24" ]; }; services.radvd.enable = true; services.radvd.config = '' interface net-heimnetz { AdvSendAdvert on; prefix 2001:4cd8:100:1337::/64 {}; RDNSS fd00:152:152::1 {}; DNSSL net.clerie.de {}; }; interface enp1s0.202 { AdvSendAdvert on; prefix 2001:4cd8:100:1313::/64 {}; RDNSS 2620:fe::fe 2620:fe::9 {}; # Quad 9 }; ''; services.kea.dhcp4 = { enable = true; settings = { interfaces-config = { interfaces = [ "net-heimnetz" "enp1s0.202" "enp1s0.204" ]; service-sockets-max-retries = 15; service-sockets-retry-wait-time = 2000; }; lease-database = { name = "/var/lib/kea/dhcp4.leases"; persist = true; type = "memfile"; }; option-def = [ { space = "dhcp4"; name = "vendor-encapsulated-options"; code = 43; type = "empty"; encapsulate = "sipdect"; } { space = "sipdect"; name = "ommip1"; code = 10; type = "ipv4-address"; } { space = "sipdect"; name = "ommip2"; code = 19; type = "ipv4-address"; } { space = "sipdect"; name = "syslogip"; code = 14; type = "ipv4-address"; } { space = "sipdect"; name = "syslogport"; code = 15; type = "int16"; } { space = "dhcp4"; name = "magic_str"; code = 224; type = "string"; } ]; subnet4 = [ # Heimnetz { id = 201; subnet = "10.152.4.0/24"; pools = [ { pool = "10.152.4.100 - 10.152.4.240"; } ]; option-data = [ { name = "routers"; data = "10.152.4.1"; } { name = "domain-name-servers"; data = "10.152.0.1"; } { name = "domain-name"; data = "net.clerie.de"; } ]; } # Gastnetz { id = 202; subnet = "192.168.32.0/24"; pools = [ { pool = "192.168.32.100 - 192.168.32.240"; } ]; option-data = [ { name = "routers"; data = "192.168.32.1"; } { name = "domain-name-servers"; data = "9.9.9.9,149.112.112.112"; # Quad 9 } ]; } # VoIP { id = 204; subnet = "10.152.33.0/24"; pools = [ { pool = "10.152.33.10 - 10.152.33.200"; } ]; option-data = [ { name = "routers"; data = "10.152.33.1"; } ]; reservations = [ { hostname = "iridium"; hw-address = "00:30:42:1B:8C:7C"; ip-address = "10.152.33.11"; option-data = [ { name = "host-name"; data = "iridium"; } { name = "vendor-encapsulated-options"; } { space = "sipdect"; name = "ommip1"; data = "10.152.33.11"; } { name = "magic_str"; data = "OpenMobilitySIP-DECT"; } ]; } ]; } ]; }; }; networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ]; clerie.firewall.enable = true; clerie.firewall.extraForwardFilterCommands = '' ip46tables -A forward-filter -i enp1s0.202 -o ppp-ntvdsl -j ACCEPT ip46tables -A forward-filter -i enp1s0.202 -j DROP ip46tables -A forward-filter -o enp1s0.202 -j DROP ''; clerie.firewall.extraForwardMangleCommands = '' ip46tables -t mangle -A forward-mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1416 ''; services.pppd = { enable = true; peers.ntvdsl = { config = '' plugin pppoe.so net-dsl user "dsl-31997-001#regio@bsa-vdsl" ifname ppp-ntvdsl persist maxfail 0 holdoff 5 noipdefault lcp-echo-interval 20 lcp-echo-failure 3 mtu 1456 hide-password defaultroute +ipv6 debug ''; }; }; clerie.monitoring = { enable = true; id = "104"; pubkey = "sro9DUSMtVr5xV2o3GTgg+0vmLj+bRc8fN+3pIr6+HY="; blackbox = true; }; services.unbound = { enable = true; resolveLocalQueries = false; settings = { server = { interface = [ "fd00:152:152::1" "10.152.0.1" ]; access-control = [ "::/0 allow" "0.0.0.0/0 allow" ]; prefer-ip6 = true; prefetch = true; serve-expired = true; serve-expired-ttl-reset = true; }; }; }; system.stateVersion = "21.03"; }