{ lib, ... }: let mkSubnet = v4: v6: let splitCidr = lib.splitString "/"; fst = lib.flip lib.elemAt 0; snd = lib.flip lib.elemAt 1; v4Split = splitCidr v4; v6Split = splitCidr v6; in { v4 = rec { cidr = v4; net = fst v4Split; suffix = snd v4Split; withoutLastComponent = lib.substring 0 ((lib.stringLength net) - 1) net; gateway = "${withoutLastComponent}1"; gatewayCidr = "${gateway}/${suffix}"; }; v6 = rec { cidr = v6; net = fst v6Split; suffix = snd v6Split; gateway = "${net}1"; gatewayCidr = "${gateway}/${suffix}"; }; }; in { vlan = { lan = { id = 10; subnet = mkSubnet "10.80.1.0/24" "fd00:80:1::/64"; domain = "home.sbruder.de"; }; management = { id = 20; subnet = mkSubnet "10.80.2.0/24" "fd00:80:2::/64"; domain = "management.sbruder.de"; }; guest = { id = 30; subnet = mkSubnet "10.80.3.0/24" "fd00:80:3::/64"; domain = "guest.sbruder.de"; }; iot = { id = 40; subnet = mkSubnet "10.80.4.0/24" "fd00:80:4::/64"; domain = "iot.sbruder.de"; }; }; tc = { interface = "enp1s0"; # 4160 kbit is slightly smaller than the average upload rate = "4160kbit"; major = 1; default = 2; classes = [ # default { minor = 2; rate = "800kbit"; prio = 50; } # DNS, small packets (e.g., TCP ACK) { minor = 3; rate = "250kbit"; prio = 0; qdiscArgs = [ "pfifo_fast" ]; } # interactive SSH { minor = 4; rate = "128kbit"; prio = 2; } # torrent { minor = 5; rate = "250kbit"; ceil = "3000kbit"; prio = 100; } # HTTP { minor = 6; rate = "1500kbit"; prio = 25; } # wg-home { minor = 7; rate = "250kbit"; prio = 10; } # VoIP { minor = 8; rate = "256kbit"; ceil = "384kbit"; prio = 3; qdiscArgs = [ "pfifo_fast" ]; } # Backup { minor = 9; rate = "350kbit"; ceil = "3000kbit"; prio = 90; } # guest { minor = 10; rate = "200kbit"; ceil = "2000kbit"; prio = 99; } ]; }; }