-{ config, pkgs, lib, hostName, ... }:
+{ lib, ... }:
with (import ./names-and-numbers.nix);
+with (import ./names-and-numbers.nix.clear);
{
-services.dnscrypt-proxy2.settings.listen_addresses = [
- "${eth1IPv4}.1:53"
- "${eth2IPv4}.1:53"
- "${eth3IPv4}.1:53"
-];
-networking.interfaces = {
- ${eth1Iface} = {
- useDHCP = false;
- ipv4.addresses = [ { address = "${eth1IPv4}.1"; prefixLength = 24; } ];
+ networking.interfaces = {
+ ${eth1Iface} = {
+ useDHCP = false;
+ ipv4.addresses = [{ address = "${eth1IPv4}.1"; prefixLength = 24; }];
+ };
+ ${eth2Iface} = {
+ useDHCP = false;
+ ipv4.addresses = [{ address = "${eth2IPv4}.1"; prefixLength = 24; }];
+ };
+ ${eth3Iface} = {
+ useDHCP = false;
+ ipv4.addresses = [{ address = "${eth3IPv4}.1"; prefixLength = 24; }];
+ };
};
- ${eth2Iface} = {
- useDHCP = false;
- ipv4.addresses = [ { address = "${eth2IPv4}.1"; prefixLength = 24; } ];
+ networking.networkmanager = {
+ unmanaged = [
+ eth1Iface
+ eth2Iface
+ eth3Iface
+ ];
};
- ${eth3Iface} = {
- useDHCP = false;
- ipv4.addresses = [ { address = "${eth3IPv4}.1"; prefixLength = 24; } ];
- };
-};
-networking.networkmanager = {
- #enable = true;
- unmanaged = [
- eth1Iface
- eth2Iface
- eth3Iface
- ];
-};
-networking.nftables.ruleset = lib.mkAfter ''
- table inet filter {
- chain input {
- iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
- iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
- }
- chain output {
- oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
- oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
+ networking.nftables.ruleset = lib.mkAfter ''
+ table inet filter {
+ chain input {
+ iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
+ iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
+ }
+ chain output {
+ oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
+ oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
+ }
+ chain forward-to-lan { }
+ chain forward {
+ iifname { "enp2s0", "enp3s0", "enp4s0", "wlp5s0" } oifname { "enp2s0", "enp3s0", "enp4s0", "wlp5s0" } goto forward-to-lan
+ }
}
- }
-'';
+ '';
-systemd.services.dhcpd4.onFailure = [
- "network-addresses-${eth1Iface}.service"
- "network-addresses-${eth2Iface}.service"
- "network-addresses-${eth3Iface}.service"
-];
-services.dhcpd4 = {
- enable = true;
- interfaces = [
- eth1Iface
- eth2Iface
- eth3Iface
+ systemd.services.dhcpd4.onFailure = [
+ "network-addresses-${eth1Iface}.service"
+ "network-addresses-${eth2Iface}.service"
+ "network-addresses-${eth3Iface}.service"
];
- extraConfig = ''
- subnet ${eth1IPv4}.0 netmask 255.255.255.0 {
- range ${eth1IPv4}.100 ${eth1IPv4}.200;
- option broadcast-address ${eth1IPv4}.255;
- option domain-name-servers ${eth1IPv4}.1;
- option routers ${eth1IPv4}.1;
- option subnet-mask 255.255.255.0;
- }
+ services.dhcpd4 = {
+ enable = true;
+ interfaces = [
+ eth1Iface
+ eth2Iface
+ eth3Iface
+ ];
+ extraConfig = ''
+ subnet ${eth1IPv4}.0 netmask 255.255.255.0 {
+ range ${eth1IPv4}.100 ${eth1IPv4}.200;
+ option broadcast-address ${eth1IPv4}.255;
+ option domain-name-servers ${eth1IPv4}.1;
+ option routers ${eth1IPv4}.1;
+ option subnet-mask 255.255.255.0;
+ group {
+ host patate1 {
+ hardware ethernet ${patateMAC};
+ fixed-address ${eth1IPv4}.3;
+ }
+ }
+ }
- subnet ${eth2IPv4}.0 netmask 255.255.255.0 {
- range ${eth2IPv4}.100 ${eth2IPv4}.200;
- option broadcast-address ${eth2IPv4}.255;
- option domain-name-servers ${eth2IPv4}.1;
- option routers ${eth2IPv4}.1;
- option subnet-mask 255.255.255.0;
- }
+ subnet ${eth2IPv4}.0 netmask 255.255.255.0 {
+ range ${eth2IPv4}.100 ${eth2IPv4}.200;
+ option broadcast-address ${eth2IPv4}.255;
+ option domain-name-servers ${eth2IPv4}.1;
+ option routers ${eth2IPv4}.1;
+ option subnet-mask 255.255.255.0;
+ group {
+ host patate2 {
+ hardware ethernet ${patateMAC};
+ fixed-address ${eth2IPv4}.3;
+ }
+ }
+ }
- subnet ${eth3IPv4}.0 netmask 255.255.255.0 {
- range ${eth3IPv4}.100 ${eth3IPv4}.200;
- option broadcast-address ${eth3IPv4}.255;
- option domain-name-servers ${eth3IPv4}.1;
- option routers ${eth3IPv4}.1;
- option subnet-mask 255.255.255.0;
- }
- '';
-};
+ subnet ${eth3IPv4}.0 netmask 255.255.255.0 {
+ range ${eth3IPv4}.100 ${eth3IPv4}.200;
+ option broadcast-address ${eth3IPv4}.255;
+ option domain-name-servers ${eth3IPv4}.1;
+ option routers ${eth3IPv4}.1;
+ option subnet-mask 255.255.255.0;
+ group {
+ host patate3 {
+ hardware ethernet ${patateMAC};
+ fixed-address ${eth3IPv4}.3;
+ }
+ }
+ }
+ '';
+ };
-services.openssh.listenAddresses = [
- { addr = "${eth1IPv4}.1"; port = 22; }
- { addr = "${eth2IPv4}.1"; port = 22; }
- { addr = "${eth3IPv4}.1"; port = 22; }
-];
}
sourcephile / git / julm / julm-nix.git / blobdiff