From c5a78751f96587bf4a3704143ac81598ee6c3e5b Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sat, 18 Mar 2023 11:58:35 -0700
Subject: hosts/carmel: reconfigure the host as a router

I'm not using it as a desktop, and the current router is getting old and
will likely fail in the near future. It's also a debian machine
configured manually, so let's reconfigure carmel as our new router.

There are three NICs in the host: 2 are 10Gb and one is 1Gb. The 1Gb
will be used as the upstream interface, and one of the 10Gb will be for
the LAN.

There are 2 VLANs to configure: one for IoT devices and one for guest.
---
 hosts/carmel/services.nix | 81 ++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 77 insertions(+), 4 deletions(-)

(limited to 'hosts/carmel/services.nix')

diff --git a/hosts/carmel/services.nix b/hosts/carmel/services.nix
index e1432b2..63d749e 100644
--- a/hosts/carmel/services.nix
+++ b/hosts/carmel/services.nix
@@ -1,9 +1,82 @@
 { config, ... }: {
   my.services = {
-    # enable a few services related to the gnome desktop
-    gnome.enable = true;
+    metrics-exporter = { enable = true; };
+    avahi = {
+      enable = true;
+      withReflector = true;
+      interfaces = [ "mgmt0" "iot" ];
+    };
+  };
+
+  services.dnsmasq = {
+    enable = true;
+    resolveLocalQueries = true;
+    extraConfig = ''
+      log-dhcp
+
+      bind-interfaces
+
+      domain=home
+
+      dhcp-authoritative
+
+      interface=mgmt0
+      dhcp-range=set:mgmt0,192.168.0.100,192.168.0.199,30m
+      dhcp-option=tag:mgmt0,option:router,192.168.0.1
+
+      interface=iot
+      dhcp-range=set:iot,192.168.10.100,192.168.10.199,30m
+      dhcp-option=tag:iot,option:router,192.168.10.1
+
+      interface=guest
+      dhcp-range=set:guest,192.168.20.100,192.168.20.199,30m
+      dhcp-option=tag:guest,option:router,192.168.20.1
+
+      dhcp-option=option:dns-server,192.168.0.1,8.8.8.8
+
+      dhcp-host=b4:fb:e4:81:4f:0f,ap-media-room,192.168.0.30,infinite
+      dhcp-host=74:83:c2:12:67:2d,ap-living-room,192.168.0.31,infinite
+      dhcp-host=b4:fb:e4:81:52:6c,ap-office,192.168.0.32,infinite
+      dhcp-host=b4:fb:e4:b2:bd:b8,switch-garage,192.168.0.33,infinite
+      dhcp-host=fc:ec:da:78:d8:92,switch-media-room,192.168.0.34,infinite
+      dhcp-host=b4:fb:e4:8f:69:0e,switch-office,192.168.0.35,infinite
+      dhcp-host=d8:bb:c1:44:1c:d3,tahoe,192.168.0.40,infinite
+    '';
+  };
+
+  # DNS / DHCPv4 / DHCPv6
+  networking.firewall.allowedUDPPorts = [ 53 67 547 ];
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+
+    virtualHosts."localhost" = {
+      listen = [
+        {
+          addr = "127.0.0.1";
+          port = 8080;
+        }
+      ];
+      locations."/" = { };
+    };
+
+    streamConfig = ''
+      server {
+        listen 443;
+        proxy_timeout 2s;
+        proxy_pass 192.168.0.40:443;
+      }
 
-    # we need avahi in order to use the printer/scanner
-    avahi.enable = true;
+      server {
+        listen 80 reuseport;
+        proxy_timeout 2s;
+        proxy_pass 192.168.0.40:80;
+      }
+    '';
   };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
-- 
cgit v1.2.3