{ ... }: { networking.vlans."enp1s0.206" = { id = 206; interface = "enp1s0"; }; networking.bridges."net-printer".interfaces = [ "enp1s0.206" ]; networking.interfaces."net-printer".ipv4.addresses = [ { address = "10.152.206.1"; prefixLength = 24; } ]; services.kea.dhcp4 = { settings = { interfaces-config = { interfaces = [ "net-printer" ]; }; subnet4 = [ { id = 206; subnet = "10.152.206.0/24"; pools = [ { pool = "10.152.206.100 - 10.152.206.240"; } ]; option-data = [ { name = "routers"; data = "10.152.206.1"; } ]; } ]; }; }; # Enable scan-to-gpg networking.firewall.interfaces."net-printer".allowedTCPPorts = [ 2121 ]; networking.firewall.interfaces."net-printer".allowedTCPPortRanges = [ { from = 2130; to = 2134; } ]; clerie.firewall.extraForwardFilterCommands = '' # Allow access from Heimnetz to printer ip46tables -A forward-filter -i net-heimnetz -o net-printer -j ACCEPT ip46tables -A forward-filter -i net-printer -j DROP ip46tables -A forward-filter -o net-printer -j DROP ''; }