From c5a78751f96587bf4a3704143ac81598ee6c3e5b Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sat, 18 Mar 2023 11:58:35 -0700
Subject: hosts/carmel: reconfigure the host as a router

I'm not using it as a desktop, and the current router is getting old and
will likely fail in the near future. It's also a debian machine
configured manually, so let's reconfigure carmel as our new router.

There are three NICs in the host: 2 are 10Gb and one is 1Gb. The 1Gb
will be used as the upstream interface, and one of the 10Gb will be for
the LAN.

There are 2 VLANs to configure: one for IoT devices and one for guest.
---
 hosts/carmel/boot.nix | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

(limited to 'hosts/carmel/boot.nix')

diff --git a/hosts/carmel/boot.nix b/hosts/carmel/boot.nix
index 606215e..5beb31b 100644
--- a/hosts/carmel/boot.nix
+++ b/hosts/carmel/boot.nix
@@ -2,13 +2,21 @@
 
 {
   boot = {
-    # get an IP address on boot, so we can unlock the root disk remotely
-    kernelParams = [ "ip=dhcp" ];
-    initrd = {
-      # driver for the NIC, required in order to get an IP address
-      kernelModules = [ "igb" ];
+    loader = {
+      systemd-boot = {
+        enable = true;
+        # see https://www.man7.org/linux/man-pages/man5/loader.conf.5.html
+        consoleMode = "max";
+      };
+      efi.canTouchEfiVariables = true;
+      efi.efiSysMountPoint = "/boot/efi";
     };
-  };
 
-  my.system.boot = { initrd = { network.enable = true; }; };
+    kernel.sysctl = {
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv4.conf.default.forwarding" = true;
+      "net.core.default_qdisc" = "fq";
+      "net.ipv4.tcp_congestion_control" = "bbr";
+    };
+  };
 }
-- 
cgit v1.2.3