summaryrefslogtreecommitdiff
path: root/os/kay/modules/router.nix
diff options
context:
space:
mode:
Diffstat (limited to 'os/kay/modules/router.nix')
-rw-r--r--os/kay/modules/router.nix92
1 files changed, 82 insertions, 10 deletions
diff --git a/os/kay/modules/router.nix b/os/kay/modules/router.nix
index 0d01465..7cd3763 100644
--- a/os/kay/modules/router.nix
+++ b/os/kay/modules/router.nix
@@ -1,12 +1,20 @@
-{ ... }: let
+{ lib, pkgs, ... }: let
wanInterface = "ppp0";
+ wanMTU = 1492;
+
+ gponInterface = "enp3s0";
+ gponHost = "192.168.38.1";
+ gponPrefix = 24;
lanInterface = "enp8s0f3u1";
- subnet = "10.0.0.0";
+ subnet = "192.168.43.0";
prefix = 24;
- host = "10.0.0.1";
- leaseRangeStart = "10.0.0.100";
- leaseRangeEnd = "10.0.0.254";
+ host = "192.168.43.1";
+ leaseRangeStart = "192.168.43.100";
+ leaseRangeEnd = "192.168.43.254";
+
+ wapMac = "40:86:cb:d7:40:49";
+ wapIp = "192.168.43.2";
in {
imports = [
./wireguard.nix
@@ -19,11 +27,20 @@ in {
externalInterface = wanInterface;
internalInterfaces = [ lanInterface ];
};
- interfaces."${lanInterface}" = {
- ipv4.addresses = [{
- address = host;
- prefixLength = prefix;
+ interfaces = {
+ ${lanInterface}.ipv4.addresses = [{
+ address = host;
+ prefixLength = prefix;
+ }];
+ ${gponInterface}.ipv4.addresses = [{
+ address = gponHost;
+ prefixLength = gponPrefix;
}];
+ # TODO: fix it upstream
+ # https://github.com/NixOS/nixpkgs/blob/e8c38b73aeb218e27163376a2d617e61a2ad9b59/nixos/modules/services/networking/dhcpcd.nix#L13
+ # without this dhcpcd will not run, and if we set it to wanInterface,
+ # when pppd(ppp0 iface) exit it'll take out wan vlan iface as well
+ ${wanInterface}.useDHCP = true;
};
firewall = {
allowedUDPPorts = [ 53 67 ];
@@ -39,9 +56,64 @@ in {
'';
};
};
-
services.dnsmasq.settings = {
dhcp-range = [ "${leaseRangeStart},${leaseRangeEnd}" ];
+ dhcp-host = "${wapMac},${wapIp}";
interface = [ lanInterface ];
};
+
+ boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 2;
+ networking.dhcpcd = {
+ allowInterfaces = [ wanInterface ];
+ IPv6rs = false;
+ wait = "ipv6";
+ extraConfig = ''
+ ipv6only
+ interface ${wanInterface}
+ ipv6rs
+ ia_pd 1 ${lanInterface}/0
+ '';
+ };
+
+ # we start the services using pppd script
+ systemd.services = {
+ dhcpcd = {
+ before = lib.mkForce [];
+ wants = lib.mkForce [];
+ wantedBy = lib.mkForce [];
+ };
+ radvd = {
+ after = lib.mkForce [];
+ requires = lib.mkForce[];
+ wantedBy = lib.mkForce [];
+ };
+ };
+ services = {
+ pppd.script."ipv6" = {
+ runtimeInputs = [ pkgs.systemd pkgs.gnugrep pkgs.iproute2 ];
+ text = ''
+ systemctl restart dhcpcd.service
+ systemctl restart radvd.service
+ '';
+ };
+ radvd = {
+ enable = lib.mkForce true;
+ config = ''
+ interface ${lanInterface} {
+ AdvSendAdvert on;
+ AdvDefaultPreference high;
+ AdvLinkMTU ${toString wanMTU};
+
+ MinRtrAdvInterval 3;
+ MaxRtrAdvInterval 6;
+ AdvDefaultLifetime 60;
+
+ prefix ::/64 {
+ AdvPreferredLifetime 30;
+ AdvValidLifetime 60;
+ };
+ };
+ '';
+ };
+ };
}