fuuko/router: Use bridge for lan
This commit is contained in:
parent
67dabb0de5
commit
7c0ccbbd6a
GPG key ID:
8D3C82F9F309F8EC
|
|
@ -15,7 +15,7 @@
|
||||||
supportedFilesystems = [ "btrfs" ];
|
supportedFilesystems = [ "btrfs" ];
|
||||||
# FIXME this doesn’t work because (AFAIK) there is no VLAN support in the ip= parameter
|
# FIXME this doesn’t work because (AFAIK) there is no VLAN support in the ip= parameter
|
||||||
kernelParams = [
|
kernelParams = [
|
||||||
(with config.systemd.network.networks; "ip=${lib.elemAt lan.address 0}::::${config.networking.hostName}:${physical.name}")
|
(with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${physical.name}")
|
||||||
];
|
];
|
||||||
initrd = {
|
initrd = {
|
||||||
availableKernelModules = [
|
availableKernelModules = [
|
||||||
|
|
|
||||||
|
|
@ -43,7 +43,7 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
enableIPv6 = true;
|
enableIPv6 = true;
|
||||||
externalInterface = "wg-mullvad";
|
externalInterface = "wg-mullvad";
|
||||||
internalInterfaces = [ "lan" ];
|
internalInterfaces = [ "br-lan" ];
|
||||||
internalIPv6s = [ "fd00:80:1::/64" ];
|
internalIPv6s = [ "fd00:80:1::/64" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -69,6 +69,12 @@ in
|
||||||
Id = 3;
|
Id = 3;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
br-lan = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "br-lan";
|
||||||
|
Kind = "bridge";
|
||||||
|
};
|
||||||
|
};
|
||||||
wg-mullvad = {
|
wg-mullvad = {
|
||||||
netdevConfig = {
|
netdevConfig = {
|
||||||
Kind = "wireguard";
|
Kind = "wireguard";
|
||||||
|
|
@ -122,6 +128,10 @@ in
|
||||||
matchConfig = {
|
matchConfig = {
|
||||||
Type = "vlan";
|
Type = "vlan";
|
||||||
};
|
};
|
||||||
|
bridge = [ "br-lan" ];
|
||||||
|
};
|
||||||
|
br-lan = {
|
||||||
|
name = "br-lan";
|
||||||
domains = [ domain ];
|
domains = [ domain ];
|
||||||
address = [ "10.80.1.1/24" "fd00:80:1::1/64" ];
|
address = [ "10.80.1.1/24" "fd00:80:1::1/64" ];
|
||||||
};
|
};
|
||||||
|
|
@ -178,7 +188,7 @@ in
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
bogus-priv # do not forward revese lookups of internal addresses
|
bogus-priv # do not forward revese lookups of internal addresses
|
||||||
domain-needed # do not forward names without domain
|
domain-needed # do not forward names without domain
|
||||||
interface=lan # only respond to queries from lan
|
interface=br-lan # only respond to queries from lan
|
||||||
no-hosts # do not resolve hosts from /etc/hosts
|
no-hosts # do not resolve hosts from /etc/hosts
|
||||||
no-resolv # only use explicitly configured resolvers
|
no-resolv # only use explicitly configured resolvers
|
||||||
|
|
||||||
|
|
@ -186,8 +196,8 @@ in
|
||||||
|
|
||||||
domain=${domain}
|
domain=${domain}
|
||||||
# Allow resolving the router
|
# Allow resolving the router
|
||||||
interface-name=${config.networking.hostName}.${domain},lan
|
interface-name=${config.networking.hostName}.${domain},br-lan
|
||||||
interface-name=${config.networking.hostName},lan
|
interface-name=${config.networking.hostName},br-lan
|
||||||
|
|
||||||
# DHCPv4
|
# DHCPv4
|
||||||
dhcp-range=10.80.1.20,10.80.1.150,12h
|
dhcp-range=10.80.1.20,10.80.1.150,12h
|
||||||
|
|
@ -209,6 +219,7 @@ in
|
||||||
#"2620:fe::fe"
|
#"2620:fe::fe"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
systemd.services.dnsmasq.after = [ "systemd-networkd.service" ];
|
||||||
|
|
||||||
services.prometheus.exporters.dnsmasq = {
|
services.prometheus.exporters.dnsmasq = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue