cleverca22
6/9/2016 - 5:07 PM

router setup

router setup

{ lib, config, pkgs, ... }:

let
  passwords = import ./passwords.nix;
  builders = import ./builders.nix;
  keys = import ./keys.nix;
in
{
  imports = [ ./core.nix ./router.nat.nix /root/hydra/hydra-module.nix ./snmpd.nix ];
  networking = {
    hostId = "136e6c46";
    firewall = {
      enable = true;
      allowPing = true;
      allowedUDPPorts = [ ];
      allowedTCPPorts = [ ];
      trustedInterfaces = [ "tox_master0" ]; # a VPN
    };
    search = [ "localnet" ];
  };
  services = {
    radvd = {
      enable = true;
      config = ''
        interface enp4s2f1 {
          AdvSendAdvert on;
          AdvHomeAgentFlag off;
          MinRtrAdvInterval 30;
          MaxRtrAdvInterval 100;
          AdvDefaultPreference high;
          prefix 2001:470:1d:19a::/64 {
            AdvOnLink on;
            AdvAutonomous on;
            AdvRouterAddr on;
          };
        };
      '';
    };
  };
}
{ lib, config, pkgs, ... }:

let
  WANMASTER = "enp4s2f0";
  WAN = "wan";
  LAN = "enp4s2f1";
in
{
  networking = {
    defaultMailServer.directDelivery = true;
    defaultMailServer.hostName = "c2d.localnet";
    vlans = {
      wan = {
        interface = "${WANMASTER}";
        id = 35;
      };
    };
    firewall = {
      enable = true;
      extraCommands = lib.mkMerge [ (lib.mkAfter ''
        iptables -w -t filter -A nixos-fw -s 192.168.2.0/24 -p udp --dport 53 -i ${LAN} -j nixos-fw-accept
      '') ];
    };
    interfaces = {
      ${WANMASTER} = {
        useDHCP = false;
      };
      ${WAN} = {
        useDHCP = true;
      };
      ${LAN} = {
        ipAddress = "192.168.2.1";
        prefixLength = 24;
      };
    };
    nat = {
      enable = true;
      externalInterface = "${WAN}";
      internalIPs = [ "192.168.2.0/24" "10.67.15.0/24" ];
      internalInterfaces = [ "${LAN}" ];
      forwardPorts = [
        { destination = "192.168.2.61"; sourcePort = 25; }      # email
        { destination = "192.168.2.62"; sourcePort = 80; }      # http
      ];
    };
  };
  services = {
    bind = {
      enable = true;
      cacheNetworks = [ "192.168.2.0/24" "127.0.0.0/8" ];
      zones = [
        {
          name = "localnet";
          slaves = [ ];
          file = ./localnet;
        }
        {
          name = "2.168.192.in-addr.arpa";
          slaves = [ ];
          file = ./lan.reverse;
        }
      ];
    };
    dhcpd = {
      interfaces = [ "${LAN}" ]; 
      enable = true;
      machines = [
        { hostName = "ramboot"; ethernetAddress = "00:1c:23:16:4b:b3"; ipAddress = "192.168.2.10"; }
        { hostName = "nas";     ethernetAddress = "d0:50:99:7a:80:21"; ipAddress = "192.168.2.11"; }
        { hostName = "amd";     ethernetAddress = "40:16:7e:b3:32:48"; ipAddress = "192.168.2.15"; }
        { hostName = "nix1";    ethernetAddress = "92:C5:E2:BB:12:A9"; ipAddress = "192.168.2.30"; }
        { hostName = "nix2";    ethernetAddress = "5E:88:5B:D7:6E:BC"; ipAddress = "192.168.2.31"; }
      ];
      extraConfig = ''
        subnet 192.168.2.0 netmask 255.255.255.0 {
          option domain-search "localnet";
          option subnet-mask 255.255.255.0;
          option broadcast-address 192.168.2.255;
          option routers 192.168.2.1;
          option domain-name-servers 192.168.2.1;
          range 192.168.2.100 192.168.2.200;
          next-server 192.168.2.61;
          if exists user-class and option user-class = "iPXE" {
            filename "http://c2d.localnet/boot.php?mac=''${net0/mac}&asset=''${asset:uristring}";
            #option root-path "iscsi:192.168.2.61:::1:iqn.2015-10.com.laptop-root";
          } else {
            filename = "undionly.kpxe";
          }
        }
      '';
    };
  };
}