diff options
| author | Franck Cuny <franck@fcuny.net> | 2023-03-18 11:58:35 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2023-04-03 17:53:02 -0700 |
| commit | c5a78751f96587bf4a3704143ac81598ee6c3e5b (patch) | |
| tree | daf41e9b05ade02118eaa08aabf9bac771e12c71 /hosts/carmel/services.nix | |
| parent | flake: fix URL for sendsms (diff) | |
| download | infra-c5a78751f96587bf4a3704143ac81598ee6c3e5b.tar.gz | |
hosts/carmel: reconfigure the host as a router
I'm not using it as a desktop, and the current router is getting old and
will likely fail in the near future. It's also a debian machine
configured manually, so let's reconfigure carmel as our new router.
There are three NICs in the host: 2 are 10Gb and one is 1Gb. The 1Gb
will be used as the upstream interface, and one of the 10Gb will be for
the LAN.
There are 2 VLANs to configure: one for IoT devices and one for guest.
Diffstat (limited to 'hosts/carmel/services.nix')
| -rw-r--r-- | hosts/carmel/services.nix | 81 |
1 files changed, 77 insertions, 4 deletions
diff --git a/hosts/carmel/services.nix b/hosts/carmel/services.nix index e1432b2..63d749e 100644 --- a/hosts/carmel/services.nix +++ b/hosts/carmel/services.nix @@ -1,9 +1,82 @@ { config, ... }: { my.services = { - # enable a few services related to the gnome desktop - gnome.enable = true; + metrics-exporter = { enable = true; }; + avahi = { + enable = true; + withReflector = true; + interfaces = [ "mgmt0" "iot" ]; + }; + }; + + services.dnsmasq = { + enable = true; + resolveLocalQueries = true; + extraConfig = '' + log-dhcp + + bind-interfaces + + domain=home + + dhcp-authoritative + + interface=mgmt0 + dhcp-range=set:mgmt0,192.168.0.100,192.168.0.199,30m + dhcp-option=tag:mgmt0,option:router,192.168.0.1 + + interface=iot + dhcp-range=set:iot,192.168.10.100,192.168.10.199,30m + dhcp-option=tag:iot,option:router,192.168.10.1 + + interface=guest + dhcp-range=set:guest,192.168.20.100,192.168.20.199,30m + dhcp-option=tag:guest,option:router,192.168.20.1 + + dhcp-option=option:dns-server,192.168.0.1,8.8.8.8 + + dhcp-host=b4:fb:e4:81:4f:0f,ap-media-room,192.168.0.30,infinite + dhcp-host=74:83:c2:12:67:2d,ap-living-room,192.168.0.31,infinite + dhcp-host=b4:fb:e4:81:52:6c,ap-office,192.168.0.32,infinite + dhcp-host=b4:fb:e4:b2:bd:b8,switch-garage,192.168.0.33,infinite + dhcp-host=fc:ec:da:78:d8:92,switch-media-room,192.168.0.34,infinite + dhcp-host=b4:fb:e4:8f:69:0e,switch-office,192.168.0.35,infinite + dhcp-host=d8:bb:c1:44:1c:d3,tahoe,192.168.0.40,infinite + ''; + }; + + # DNS / DHCPv4 / DHCPv6 + networking.firewall.allowedUDPPorts = [ 53 67 547 ]; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + virtualHosts."localhost" = { + listen = [ + { + addr = "127.0.0.1"; + port = 8080; + } + ]; + locations."/" = { }; + }; + + streamConfig = '' + server { + listen 443; + proxy_timeout 2s; + proxy_pass 192.168.0.40:443; + } - # we need avahi in order to use the printer/scanner - avahi.enable = true; + server { + listen 80 reuseport; + proxy_timeout 2s; + proxy_pass 192.168.0.40:80; + } + ''; }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; } |