]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/networking/ethernet.nix
openssh: clean config
[julm/julm-nix.git] / hosts / aubergine / networking / ethernet.nix
1 { lib, ... }:
2 with (import ./names-and-numbers.nix);
3 with (import ./names-and-numbers.nix.clear);
4 {
5 networking.interfaces = {
6 ${eth1Iface} = {
7 useDHCP = false;
8 ipv4.addresses = [{ address = "${eth1IPv4}.1"; prefixLength = 24; }];
9 };
10 ${eth2Iface} = {
11 useDHCP = false;
12 ipv4.addresses = [{ address = "${eth2IPv4}.1"; prefixLength = 24; }];
13 };
14 ${eth3Iface} = {
15 useDHCP = false;
16 ipv4.addresses = [{ address = "${eth3IPv4}.1"; prefixLength = 24; }];
17 };
18 };
19 networking.networkmanager = {
20 #enable = true;
21 unmanaged = [
22 eth1Iface
23 eth2Iface
24 eth3Iface
25 ];
26 };
27 networking.nftables.ruleset = lib.mkAfter ''
28 table inet filter {
29 chain input {
30 iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
31 iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
32 }
33 chain output {
34 oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
35 oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
36 }
37 chain forward-to-lan { }
38 chain forward {
39 iifname { "enp2s0", "enp3s0", "enp4s0", "wlp5s0" } oifname { "enp2s0", "enp3s0", "enp4s0", "wlp5s0" } goto forward-to-lan
40 }
41 }
42 '';
43
44 systemd.services.dhcpd4.onFailure = [
45 "network-addresses-${eth1Iface}.service"
46 "network-addresses-${eth2Iface}.service"
47 "network-addresses-${eth3Iface}.service"
48 ];
49 services.dhcpd4 = {
50 enable = true;
51 interfaces = [
52 eth1Iface
53 eth2Iface
54 eth3Iface
55 ];
56 extraConfig = ''
57 subnet ${eth1IPv4}.0 netmask 255.255.255.0 {
58 range ${eth1IPv4}.100 ${eth1IPv4}.200;
59 option broadcast-address ${eth1IPv4}.255;
60 option domain-name-servers ${eth1IPv4}.1;
61 option routers ${eth1IPv4}.1;
62 option subnet-mask 255.255.255.0;
63 group {
64 host patate1 {
65 hardware ethernet ${patateMAC};
66 fixed-address ${eth1IPv4}.3;
67 }
68 }
69 }
70
71 subnet ${eth2IPv4}.0 netmask 255.255.255.0 {
72 range ${eth2IPv4}.100 ${eth2IPv4}.200;
73 option broadcast-address ${eth2IPv4}.255;
74 option domain-name-servers ${eth2IPv4}.1;
75 option routers ${eth2IPv4}.1;
76 option subnet-mask 255.255.255.0;
77 group {
78 host patate2 {
79 hardware ethernet ${patateMAC};
80 fixed-address ${eth2IPv4}.3;
81 }
82 }
83 }
84
85 subnet ${eth3IPv4}.0 netmask 255.255.255.0 {
86 range ${eth3IPv4}.100 ${eth3IPv4}.200;
87 option broadcast-address ${eth3IPv4}.255;
88 option domain-name-servers ${eth3IPv4}.1;
89 option routers ${eth3IPv4}.1;
90 option subnet-mask 255.255.255.0;
91 group {
92 host patate3 {
93 hardware ethernet ${patateMAC};
94 fixed-address ${eth3IPv4}.3;
95 }
96 }
97 }
98 '';
99 };
100
101 }