nixos-config/machines/shinobu/services/router/common.nix

{ lib, ... }:
let
  mkSubnet = v4: v6:
    let
      splitCidr = lib.splitString "/";
      fst = lib.flip lib.elemAt 0;
      snd = lib.flip lib.elemAt 1;

      v4Split = splitCidr v4;
      v6Split = splitCidr v6;
    in
    {
      v4 = rec {
        cidr = v4;
        net = fst v4Split;
        suffix = snd v4Split;
        withoutLastComponent = lib.substring 0 ((lib.stringLength net) - 1) net;
        gateway = "${withoutLastComponent}1";
        gatewayCidr = "${gateway}/${suffix}";
      };
      v6 = rec {
        cidr = v6;
        net = fst v6Split;
        suffix = snd v6Split;
        gateway = "${net}1";
        gatewayCidr = "${gateway}/${suffix}";
      };
    };
in
{
  vlan = {
    lan = {
      id = 10;
      subnet = mkSubnet "10.80.1.0/24" "fd00:80:1::/64";
      domain = "home.sbruder.de";
    };
    management = {
      id = 20;
      subnet = mkSubnet "10.80.2.0/24" "fd00:80:2::/64";
      domain = "management.sbruder.de";
    };
    guest = {
      id = 30;
      subnet = mkSubnet "10.80.3.0/24" "fd00:80:3::/64";
      domain = "guest.sbruder.de";
    };
    iot = {
      id = 40;
      subnet = mkSubnet "10.80.4.0/24" "fd00:80:4::/64";
      domain = "iot.sbruder.de";
    };
  };
  tc = {
    interface = "enp1s0";
    # 4160 kbit is slightly smaller than the average upload
    rate = "4160kbit";
    major = 1;
    default = 2;
    classes = [
      # default
      {
        minor = 2;
        rate = "800kbit";
        prio = 50;
      }
      # DNS, small packets (e.g., TCP ACK)
      {
        minor = 3;
        rate = "250kbit";
        prio = 0;
        qdiscArgs = [ "pfifo_fast" ];
      }
      # interactive SSH
      {
        minor = 4;
        rate = "128kbit";
        prio = 2;
      }
      # torrent
      {
        minor = 5;
        rate = "250kbit";
        ceil = "3000kbit";
        prio = 100;
      }
      # HTTP
      {
        minor = 6;
        rate = "1500kbit";
        prio = 25;
      }
      # wg-home
      {
        minor = 7;
        rate = "250kbit";
        prio = 10;
      }
      # VoIP
      {
        minor = 8;
        rate = "256kbit";
        ceil = "384kbit";
        prio = 3;
        qdiscArgs = [ "pfifo_fast" ];
      }
      # Backup
      {
        minor = 9;
        rate = "350kbit";
        ceil = "3000kbit";
        prio = 90;
      }
      # guest
      {
        minor = 10;
        rate = "200kbit";
        ceil = "2000kbit";
        prio = 99;
      }
    ];
  };
}