2023-09-24 14:41:22 +02:00
|
|
|
|
# Home network configuration
|
|
|
|
|
# (2.5GbE clients)
|
|
|
|
|
# | |
|
|
|
|
|
# +----------+ +----------+
|
|
|
|
|
# | | | | | | (1GbE clients)
|
|
|
|
|
# | | | | | +|-|-|-|-|+
|
|
|
|
|
# +---+----+ +-+-+-+-+-+ |5 4 3 2 1|
|
|
|
|
|
# |upstream| | 1 2 3 4 | |TL-SG105 |
|
|
|
|
|
# +--------+ | shinobu | +---------+
|
|
|
|
|
# +---------+
|
|
|
|
|
#
|
|
|
|
|
# It consists of shinobu as a router (this configuration),
|
|
|
|
|
# connected to a TP-LINK TL-SG105E “smart managed” (i.e., it can do VLANs) 5-port switch.
|
|
|
|
|
# The upstream comes (for now) from a PŸUR “WLAN-Kabelbox” (Compal CH7467CE).
|
2023-09-26 15:38:02 +02:00
|
|
|
|
# Sadly, I could not enable bridge mode on it, so the packets now go through (at least) three layers of NAT:
|
|
|
|
|
# device → NAT on shinobu → NAT on plastic router → PŸUR CGNAT
|
2023-09-24 14:41:22 +02:00
|
|
|
|
#
|
|
|
|
|
# Because the switch only supports GbE,
|
|
|
|
|
# the two clients I currently have with support for 2.5GbE are connected
|
|
|
|
|
# directly to the two remaining network interfaces on shinobu.
|
|
|
|
|
# Once I have more devices with support for 2.5GbE
|
|
|
|
|
# or I find a good deal on a matching switch,
|
|
|
|
|
# I will change this.
|
|
|
|
|
#
|
|
|
|
|
# Wireless is configured by providing the whole hostapd configuration file as a secret.
|
|
|
|
|
# Once nixpkgs PR 222536 is merged, I will migrate to using the NixOS module.
|
|
|
|
|
# Thanks to Intel’s wisdom, it’s not possible to use 5GHz in AP mode.
|
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
let
|
|
|
|
|
cfg = import ./common.nix;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
imports = [
|
|
|
|
|
./dnsmasq.nix
|
|
|
|
|
./nft.nix
|
|
|
|
|
./wlan.nix
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
boot.kernel.sysctl = {
|
|
|
|
|
"net.ipv4.conf.all.forwarding" = true;
|
|
|
|
|
"net.ipv6.conf.all.forwarding" = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
ethtool
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
networking.useDHCP = false;
|
|
|
|
|
|
|
|
|
|
systemd.network = {
|
|
|
|
|
enable = true;
|
|
|
|
|
# not all interfaces need to be up
|
|
|
|
|
wait-online.extraArgs = [ "--any" ];
|
|
|
|
|
netdevs = {
|
|
|
|
|
br-lan = {
|
|
|
|
|
netdevConfig = {
|
|
|
|
|
Name = "br-lan";
|
|
|
|
|
Kind = "bridge";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
networks = {
|
|
|
|
|
wan = {
|
|
|
|
|
name = "enp1s0";
|
|
|
|
|
DHCP = "ipv4";
|
|
|
|
|
networkConfig = {
|
|
|
|
|
IPv6AcceptRA = "yes";
|
|
|
|
|
};
|
|
|
|
|
dhcpV4Config = {
|
|
|
|
|
UseDNS = "no";
|
|
|
|
|
};
|
|
|
|
|
ipv6AcceptRAConfig = {
|
|
|
|
|
# Only use RA
|
|
|
|
|
DHCPv6Client = false;
|
|
|
|
|
UseDNS = "no";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
lan1 = {
|
|
|
|
|
name = "enp2s0";
|
|
|
|
|
bridge = [ "br-lan" ];
|
|
|
|
|
};
|
|
|
|
|
lan2 = {
|
|
|
|
|
name = "enp3s0";
|
|
|
|
|
bridge = [ "br-lan" ];
|
|
|
|
|
};
|
|
|
|
|
lan3 = {
|
|
|
|
|
name = "enp4s0";
|
|
|
|
|
bridge = [ "br-lan" ];
|
|
|
|
|
};
|
|
|
|
|
br-lan = {
|
|
|
|
|
name = "br-lan";
|
|
|
|
|
domains = [ cfg.domain ];
|
|
|
|
|
address = [ "10.80.1.1/24" "fd00:80:1::1/64" ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
services.resolved.enable = false;
|
|
|
|
|
}
|