{ config, pkgs, ...}: { networking.vlans."net-technik-iot" = { id = 151; interface = "ens18"; }; networking.interfaces.net-technik-iot.ipv6.addresses = [ { address = "fe80::1"; prefixLength = 64; } { address = "fd00:10:42:151::1"; prefixLength = 64; } ]; networking.interfaces.net-technik-iot.ipv4.addresses = [ { address = "10.42.151.1"; prefixLength = 24; } ]; services.radvd.config = '' interface net-technik-iot { AdvSendAdvert on; MaxRtrAdvInterval 30; prefix ::/64 { AdvValidLifetime 60; AdvPreferredLifetime 30; }; RDNSS 2a01:4f8:1c0c:8221::8 {}; DNSSL bula22.de {}; }; ''; services.kea.dhcp4 = { settings = { interfaces-config = { interfaces = [ "net-technik-iot" ]; }; subnet4 = [ { id = 151; subnet = "10.42.151.1/24"; pools = [ { pool = "10.42.151.100 - 10.42.151.240"; } ]; option-data = [ { name = "routers"; data = "10.42.151.1"; } ]; reservations = [ { # webcam.bula22.de hw-address = "00:03:c5:01:13:2b"; ip-address = "10.42.151.2"; } { # siemens logo stechuhr hw-address = "bc:f3:19:30:d2:1b"; ip-address = "10.42.151.3"; } ]; } ]; }; }; clerie.forward-filter.interfaces.net-technik-iot.rules = [ { incomingInterface = "net-ikt"; } # Give technik access to their toys { incomingInterface = "net-technik"; } # Allow monitoring { incomingInterface = "net-services"; sourceAddress = "10.42.10.7"; } { incomingInterface = "net-services"; sourceAddress6 = "2a01:4f8:1c0c:8221::7"; } ]; clerie.uplink-selector.interfaces.net-technik-iot.uplink = "uplink-b"; }