Compare commits
3 Commits
a5ae1bf7cd
...
ef2c667bfe
Author | SHA1 | Date |
---|---|---|
Simon Bruder | ef2c667bfe | |
Simon Bruder | 7f8859f85b | |
Simon Bruder | c4a9d39a15 |
50
flake.lock
50
flake.lock
|
@ -85,11 +85,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705659542,
|
||||
"narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=",
|
||||
"lastModified": 1706981411,
|
||||
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9",
|
||||
"rev": "652fda4ca6dafeb090943422c34ae9145787af37",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -106,11 +106,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706080884,
|
||||
"narHash": "sha256-qhxisCrSraN5YWVb0lNCFH8ovqnCw5W9ldac4Dzr0Nw=",
|
||||
"lastModified": 1707919853,
|
||||
"narHash": "sha256-qxmBGDzutuJ/tsX4gp+Mr7fjxOZBbeT9ixhS5o4iFOw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "6b28ab2d798c1c84e24053d95f4ee1dd9d81e2fb",
|
||||
"rev": "043ba285c6dc20f36441d48525402bcb9743c498",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -215,11 +215,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705757126,
|
||||
"narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=",
|
||||
"lastModified": 1707297608,
|
||||
"narHash": "sha256-ADjo/5VySGlvtCW3qR+vdFF4xM9kJFlRDqcC9ZGI8EA=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc",
|
||||
"rev": "0db2e67ee49910adfa13010e7f012149660af7f0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -231,11 +231,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1706085157,
|
||||
"narHash": "sha256-0pTbYwn9qubaZLtuN0Ouj0neEfrir1wSNyH8gL1BzB0=",
|
||||
"lastModified": 1707842204,
|
||||
"narHash": "sha256-M+HAq1qWQBi/gywaMZwX0odU+Qb/XeqVeANGKRBDOwU=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "e756ff62c2e9db4f7c197bc1849a02024a7bfb2e",
|
||||
"rev": "f1b2f71c86a5b1941d20608db0b1e88a07d31303",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -247,11 +247,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1705916986,
|
||||
"narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=",
|
||||
"lastModified": 1707786466,
|
||||
"narHash": "sha256-yLPfrmW87M2qt+8bAmwopJawa+MJLh3M9rUbXtpUc1o=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d7f206b723e42edb09d9d753020a84b3061a79d8",
|
||||
"rev": "01885a071465e223f8f68971f864b15829988504",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -306,27 +306,27 @@
|
|||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1705033721,
|
||||
"narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
|
||||
"lastModified": 1707603439,
|
||||
"narHash": "sha256-LodBVZ3+ehJP2azM5oj+JrhfNAAzmTJ/OwAIOn0RfZ0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
|
||||
"rev": "d8cd80616c8800feec0cab64331d7c3d5a1a6d98",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-23.05",
|
||||
"ref": "release-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1705856552,
|
||||
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
|
||||
"lastModified": 1707863367,
|
||||
"narHash": "sha256-LdBbCSSP7VHaHA4KXcPGKqkvsowT2+7W4jlEHJj6rPg=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
|
||||
"rev": "35ff7e87ee05199a8003f438ec11a174bcbd98ea",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -453,11 +453,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705805983,
|
||||
"narHash": "sha256-HluB9w7l75I4kK25uO4y6baY4fcDm2Rho0WI1DN2Hmc=",
|
||||
"lastModified": 1707842202,
|
||||
"narHash": "sha256-3dTBbCzHJBinwhsisGJHW1HLBsLbj91+a5ZDXt7ttW0=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "ae171b54e76ced88d506245249609f8c87305752",
|
||||
"rev": "48afd3264ec52bee85231a7122612e2c5202fa74",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
@ -9,6 +9,7 @@
|
|||
../../modules
|
||||
|
||||
./services/co2_exporter.nix
|
||||
./services/ntp.nix
|
||||
./services/router
|
||||
./services/snmp-exporter.nix
|
||||
./services/wordclock-dimmer.nix
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
{
|
||||
services.ntp = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 123 ];
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
@ -41,16 +41,16 @@ in
|
|||
cfg.vlan);
|
||||
dhcp-option = lib.flatten (lib.mapAttrsToList
|
||||
(name: { subnet, ... }: [
|
||||
# Gateway
|
||||
"tag:br-${name},option:router,${subnet.v4.gateway}"
|
||||
"tag:br-${name},option6:dns-server,${subnet.v6.gateway}"
|
||||
|
||||
# NTP server (runs on gateway)
|
||||
"tag:br-${name},option:ntp-server,${subnet.v4.gateway}"
|
||||
"tag:br-${name},option6:ntp-server,${subnet.v6.gateway}"
|
||||
])
|
||||
cfg.vlan);
|
||||
|
||||
nftset = [
|
||||
"/pool.ntp.org/4#inet#filter#iot_ntp4"
|
||||
"/pool.ntp.org/6#inet#filter#iot_ntp6" # does not work
|
||||
];
|
||||
|
||||
server = [
|
||||
"127.0.0.1#5053"
|
||||
];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
@ -7,16 +7,6 @@ define PHYSICAL_WAN = "enp1s0"
|
|||
define NAT_WAN_IFACES = { $PHYSICAL_WAN }
|
||||
|
||||
table inet filter {
|
||||
# These two sets are dynamically managed by dnsmasq
|
||||
set iot_ntp4 {
|
||||
type ipv4_addr
|
||||
comment "IPv4 addresses of resolved NTP servers"
|
||||
}
|
||||
set iot_ntp6 {
|
||||
type ipv6_addr
|
||||
comment "IPv6 addresses of resolved NTP servers"
|
||||
}
|
||||
|
||||
chain forward {
|
||||
type filter hook forward priority filter; policy drop
|
||||
|
||||
|
@ -31,8 +21,6 @@ table inet filter {
|
|||
iifname "br-lan" oifname $VLAN_BRIDGES counter accept;
|
||||
iifname $VLAN_BRIDGES oifname "br-lan" ct state established,related counter accept
|
||||
|
||||
iifname "br-iot" ip daddr @iot_ntp4 udp dport 123 counter accept
|
||||
iifname "br-iot" ip6 daddr @iot_ntp6 udp dport 123 counter accept
|
||||
iifname $NAT_WAN_IFACES oifname "br-iot" ct state established,related counter accept
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
|
||||
# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
|
|
Loading…
Reference in New Issue