networking: enable iot subnet

author: quentin@aristote.fr <quentin@aristote.fr> 2023-04-13 10:45:00 +0200
committer: quentin@aristote.fr <quentin@aristote.fr> 2023-04-13 10:58:33 +0200
commit: 389940b3ab47d6d2fedb3a6acbb767b37d635557 (patch)
tree: b5c0255b23e2d4a977ff57c1d993adaf6b29888f /config/networking/services
parent: 7f7cb4d5e58f650f9513fbd5a0c989646466d24d (diff)
2 files changed, 19 insertions, 9 deletions
diff --git a/config/networking/services/dhcp.nix b/config/networking/services/dhcp.nix
index f4b1f61..9953389 100644
--- a/config/networking/services/dhcp.nix
+++ b/config/networking/services/dhcp.nix
@@ -4,15 +4,23 @@ let cfg = config.personal.networking;
 in {
   services.dhcpd4 = {
     enable = true;
-    extraConfig = ''
-      option subnet-mask 255.255.255.0;
-      option routers ${cfg.subnets.private}.1;
-      option domain-name-servers ${cfg.subnets.public}.1, 9.9.9.9;
-      subnet ${cfg.subnets.private}.0 netmask 255.255.255.0 {
-          range ${cfg.subnets.private}.10 ${cfg.subnets.private}.99;
+    interfaces = with cfg.interfaces; [ wlp2ghz wlp5ghz ];
+    extraConfig = with cfg.subnets; ''
+      option domain-name-servers ${public}.1, 9.9.9.9;
+      subnet ${private}.0 netmask 255.255.255.0 {
+          option broadcast-address ${private}.255;
+          option routers ${private}.1;
+          option subnet-mask 255.255.255.0;
+          interface ${cfg.interfaces.wlp5ghz};
+          range ${private}.10 ${private}.99;
+      }
+      subnet ${iot}.0 netmask 255.255.255.0 {
+          option broadcast-address ${iot}.255;
+          option routers ${iot}.1;
+          option subnet-mask 255.255.255.0;
+          interface ${cfg.interfaces.wlp2ghz};
+          range ${iot}.10 ${iot}.99
       }
     '';
-    interfaces = [ cfg.interfaces.wlp5ghz ];
   };
-
 }
diff --git a/config/networking/services/dns.nix b/config/networking/services/dns.nix
index beed1e7..9e26b41 100644
--- a/config/networking/services/dns.nix
+++ b/config/networking/services/dns.nix
@@ -6,11 +6,13 @@ in {
     enable = true;
     settings = {
       server = {
-        interface = [ "127.0.0.1" "${cfg.subnets.private}.1" ];
+        interface =
+          [ "127.0.0.1" "${cfg.subnets.private}.1" "${cfg.subnets.iot}.1" ];
         access-control = [
           "0.0.0.0/0 refuse"
           "127.0.0.0/8 allow"
           "${cfg.subnets.private}.0/24 allow"
+          "${cfg.subnets.iot}.0/24 allow"
         ];
       };
     };
author	quentin@aristote.fr <quentin@aristote.fr>	2023-04-13 10:45:00 +0200
committer	quentin@aristote.fr <quentin@aristote.fr>	2023-04-13 10:58:33 +0200
commit	389940b3ab47d6d2fedb3a6acbb767b37d635557 (patch)
tree	b5c0255b23e2d4a977ff57c1d993adaf6b29888f /config/networking/services
parent	7f7cb4d5e58f650f9513fbd5a0c989646466d24d (diff)