diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2023-04-13 10:45:00 +0200 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2023-04-13 10:58:33 +0200 |
| commit | 389940b3ab47d6d2fedb3a6acbb767b37d635557 (patch) | |
| tree | b5c0255b23e2d4a977ff57c1d993adaf6b29888f /config/networking | |
| parent | 7f7cb4d5e58f650f9513fbd5a0c989646466d24d (diff) | |
networking: enable iot subnet
Diffstat (limited to 'config/networking')
| -rw-r--r-- | config/networking/default.nix | 8 | ||||
| -rw-r--r-- | config/networking/nat.nix | 12 | ||||
| -rw-r--r-- | config/networking/services/dhcp.nix | 24 | ||||
| -rw-r--r-- | config/networking/services/dns.nix | 4 |
4 files changed, 33 insertions, 15 deletions
diff --git a/config/networking/default.nix b/config/networking/default.nix index b6632f3..bcaf989 100644 --- a/config/networking/default.nix +++ b/config/networking/default.nix @@ -36,6 +36,7 @@ in { subnets = { public = "192.168.1"; private = "192.168.2"; + iot = "192.168.3"; }; }; @@ -64,6 +65,13 @@ in { prefixLength = 24; }]; }; + "${cfg.interfaces.wlp2ghz}" = { + useDHCP = false; + ipv4.addresses = [{ + address = "${cfg.subnets.iot}.1"; + prefixLength = 24; + }]; + }; }; }; }; diff --git a/config/networking/nat.nix b/config/networking/nat.nix index 33e8ca7..5bc0f79 100644 --- a/config/networking/nat.nix +++ b/config/networking/nat.nix @@ -8,12 +8,12 @@ in { networking = { nat = { - enable = true; - externalInterface = cfg.interfaces.eth; - internalInterfaces = [ - # cfg.interfaces.wlp2ghz - cfg.interfaces.wlp5ghz - ]; + enable = true; + externalInterface = cfg.interfaces.eth; + internalInterfaces = [ + cfg.interfaces.wlp2ghz + cfg.interfaces.wlp5ghz + ]; }; firewall.enable = false; diff --git a/config/networking/services/dhcp.nix b/config/networking/services/dhcp.nix index f4b1f61..9953389 100644 --- a/config/networking/services/dhcp.nix +++ b/config/networking/services/dhcp.nix @@ -4,15 +4,23 @@ let cfg = config.personal.networking; in { services.dhcpd4 = { enable = true; - extraConfig = '' - option subnet-mask 255.255.255.0; - option routers ${cfg.subnets.private}.1; - option domain-name-servers ${cfg.subnets.public}.1, 9.9.9.9; - subnet ${cfg.subnets.private}.0 netmask 255.255.255.0 { - range ${cfg.subnets.private}.10 ${cfg.subnets.private}.99; + interfaces = with cfg.interfaces; [ wlp2ghz wlp5ghz ]; + extraConfig = with cfg.subnets; '' + option domain-name-servers ${public}.1, 9.9.9.9; + subnet ${private}.0 netmask 255.255.255.0 { + option broadcast-address ${private}.255; + option routers ${private}.1; + option subnet-mask 255.255.255.0; + interface ${cfg.interfaces.wlp5ghz}; + range ${private}.10 ${private}.99; + } + subnet ${iot}.0 netmask 255.255.255.0 { + option broadcast-address ${iot}.255; + option routers ${iot}.1; + option subnet-mask 255.255.255.0; + interface ${cfg.interfaces.wlp2ghz}; + range ${iot}.10 ${iot}.99 } ''; - interfaces = [ cfg.interfaces.wlp5ghz ]; }; - } diff --git a/config/networking/services/dns.nix b/config/networking/services/dns.nix index beed1e7..9e26b41 100644 --- a/config/networking/services/dns.nix +++ b/config/networking/services/dns.nix @@ -6,11 +6,13 @@ in { enable = true; settings = { server = { - interface = [ "127.0.0.1" "${cfg.subnets.private}.1" ]; + interface = + [ "127.0.0.1" "${cfg.subnets.private}.1" "${cfg.subnets.iot}.1" ]; access-control = [ "0.0.0.0/0 refuse" "127.0.0.0/8 allow" "${cfg.subnets.private}.0/24 allow" + "${cfg.subnets.iot}.0/24 allow" ]; }; }; |