diff options
| author | Franck Cuny <franck@fcuny.net> | 2023-05-12 14:34:40 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2023-05-12 14:34:40 -0700 |
| commit | 32f9e187049a5b27a9a3359692a04f2ec8924472 (patch) | |
| tree | c0277f9f4b4011b50876159f51ec8a6f5d74a74b /profiles | |
| parent | profiles/default: list installed packages in /etc/installed-packages (diff) | |
| download | infra-32f9e187049a5b27a9a3359692a04f2ec8924472.tar.gz | |
home/carmel: move router's configuration to a profile
Diffstat (limited to 'profiles')
| -rw-r--r-- | profiles/router.nix | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/profiles/router.nix b/profiles/router.nix new file mode 100644 index 0000000..2ed88bb --- /dev/null +++ b/profiles/router.nix @@ -0,0 +1,87 @@ +{ lib, config, pkgs, ... }: +{ + boot.kernel.sysctl = { + "net.ipv4.conf.all.forwarding" = true; + "net.ipv4.conf.default.forwarding" = true; + "net.core.default_qdisc" = "fq"; + "net.ipv4.tcp_congestion_control" = "bbr"; + }; + + services.dnsmasq = { + enable = true; + resolveLocalQueries = true; + extraConfig = '' + log-dhcp + + bind-interfaces + + server=8.8.8.8 + server=4.4.4.4 + cache-size=1000 + + domain-needed + domain=home + local=/home/ + no-resolv + + dhcp-script=${pkgs.tools.dnsmasq-to-html}/bin/dnsmasq-leases-html + script-on-renewal + + dhcp-authoritative + + interface=mgmt0 + dhcp-range=set:mgmt0,192.168.0.100,192.168.0.199,30m + dhcp-option=tag:mgmt0,option:router,192.168.0.1 + + interface=iot + dhcp-range=set:iot,192.168.10.100,192.168.10.199,30m + dhcp-option=tag:iot,option:router,192.168.10.1 + + interface=guest + dhcp-range=set:guest,192.168.20.100,192.168.20.199,30m + dhcp-option=tag:guest,option:router,192.168.20.1 + + dhcp-option=option:dns-server,192.168.0.1,8.8.8.8 + + dhcp-host=b4:fb:e4:81:4f:0f,ap-media-room,192.168.0.30,infinite + dhcp-host=74:83:c2:12:67:2d,ap-living-room,192.168.0.31,infinite + dhcp-host=b4:fb:e4:81:52:6c,ap-office,192.168.0.32,infinite + dhcp-host=b4:fb:e4:b2:bd:b8,switch-garage,192.168.0.33,infinite + dhcp-host=fc:ec:da:78:d8:92,switch-media-room,192.168.0.34,infinite + dhcp-host=b4:fb:e4:8f:69:0e,switch-office,192.168.0.35,infinite + dhcp-host=d8:bb:c1:44:1c:d3,tahoe,192.168.0.40,infinite + + # hosted names + cname=loki.fcuny.xyz,tahoe.home + ''; + }; + + # dnsmasq needs the interfaces to be online + # https://serverfault.com/a/907603 + systemd.services.dnsmasq = { + after = [ "network-online.target" "network.target" ]; + wants = [ "network-online.target" ]; + }; + + # DNS / DHCPv4 / DHCPv6 + networking.firewall.allowedUDPPorts = [ 53 67 547 ]; + + services.nginx.virtualHosts."dnsmasq" = { + listen = [ + { + addr = "192.168.6.1"; + port = 8067; + } + ]; + locations."/" = { + root = "/var/lib/dnsmasq"; + index = "leases.html"; + }; + }; + + services.prometheus.exporters.dnsmasq = { + enable = true; + leasesPath = "/var/lib/dnsmasq/dnsmasq.leases"; + }; + +} |