# Home network configuration
#            (2.5GbE clients)
#                  | |
#     +----------+ +----------+
#     |          | | | |      | (1GbE clients)
#     |          | | | |     +|-|-|-|-|+
# +---+----+   +-+-+-+-+-+   |5 4 3 2 1|
# |upstream|   | 1 2 3 4 |   |TL-SG105 |
# +--------+   | shinobu |   +---------+
#              +---------+
#
# It consists of shinobu as a router (this configuration),
# connected to a TP-LINK TL-SG105E “smart managed” (i.e., it can do VLANs) 5-port switch.
# The upstream comes (for now) from a PŸUR “WLAN-Kabelbox” (Compal CH7467CE).
# Sadly, I could not enable bridge mode on it, so the packets now go through (at least) four layers of NAT:
# device → NAT on shinobu (→ NAT on plastic router → PŸUR CGNAT) → NAT on VPN
#
# Because the switch only supports GbE,
# the two clients I currently have with support for 2.5GbE are connected
# directly to the two remaining network interfaces on shinobu.
# Once I have more devices with support for 2.5GbE
# or I find a good deal on a matching switch,
# I will change this.
#
# Wireless is configured by providing the whole hostapd configuration file as a secret.
# Once nixpkgs PR 222536 is merged, I will migrate to using the NixOS module.
# Thanks to Intel’s wisdom, it’s not possible to use 5GHz in AP mode.
{ config, lib, pkgs, ... }:
let
  cfg = import ./common.nix;
in
{
  imports = [
    ./dnsmasq.nix
    ./networkd.nix
    ./nft.nix
    ./wlan.nix
  ];

  boot.kernel.sysctl = {
    "net.ipv4.conf.all.forwarding" = true;
    "net.ipv6.conf.all.forwarding" = true;
  };

  environment.systemPackages = with pkgs; [
    ethtool
  ];
}