4 files changed, 33 insertions, 15 deletions

diff --git a/config/networking/default.nix b/config/networking/default.nix
index b6632f3..bcaf989 100644
--- a/config/networking/default.nix
+++ b/config/networking/default.nix
@@ -36,6 +36,7 @@ in {
       subnets = {
         public = "192.168.1";
         private = "192.168.2";
+        iot = "192.168.3";
       };
     };
 
@@ -64,6 +65,13 @@ in {
             prefixLength = 24;
           }];
         };
+        "${cfg.interfaces.wlp2ghz}" = {
+          useDHCP = false;
+          ipv4.addresses = [{
+            address = "${cfg.subnets.iot}.1";
+            prefixLength = 24;
+          }];
+        };
       };
     };
   };
diff --git a/config/networking/nat.nix b/config/networking/nat.nix
index 33e8ca7..5bc0f79 100644
--- a/config/networking/nat.nix
+++ b/config/networking/nat.nix
@@ -8,12 +8,12 @@ in {
 
   networking = {
     nat = {
-        enable = true;
-        externalInterface = cfg.interfaces.eth;
-        internalInterfaces = [
-          # cfg.interfaces.wlp2ghz
-          cfg.interfaces.wlp5ghz
-        ];
+      enable = true;
+      externalInterface = cfg.interfaces.eth;
+      internalInterfaces = [
+        cfg.interfaces.wlp2ghz
+        cfg.interfaces.wlp5ghz
+      ];
     };
 
     firewall.enable = false;
diff --git a/config/networking/services/dhcp.nix b/config/networking/services/dhcp.nix
index f4b1f61..9953389 100644
--- a/config/networking/services/dhcp.nix
+++ b/config/networking/services/dhcp.nix
@@ -4,15 +4,23 @@ let cfg = config.personal.networking;
 in {
   services.dhcpd4 = {
     enable = true;
-    extraConfig = ''
-      option subnet-mask 255.255.255.0;
-      option routers ${cfg.subnets.private}.1;
-      option domain-name-servers ${cfg.subnets.public}.1, 9.9.9.9;
-      subnet ${cfg.subnets.private}.0 netmask 255.255.255.0 {
-          range ${cfg.subnets.private}.10 ${cfg.subnets.private}.99;
+    interfaces = with cfg.interfaces; [ wlp2ghz wlp5ghz ];
+    extraConfig = with cfg.subnets; ''
+      option domain-name-servers ${public}.1, 9.9.9.9;
+      subnet ${private}.0 netmask 255.255.255.0 {
+          option broadcast-address ${private}.255;
+          option routers ${private}.1;
+          option subnet-mask 255.255.255.0;
+          interface ${cfg.interfaces.wlp5ghz};
+          range ${private}.10 ${private}.99;
+      }
+      subnet ${iot}.0 netmask 255.255.255.0 {
+          option broadcast-address ${iot}.255;
+          option routers ${iot}.1;
+          option subnet-mask 255.255.255.0;
+          interface ${cfg.interfaces.wlp2ghz};
+          range ${iot}.10 ${iot}.99
       }
     '';
-    interfaces = [ cfg.interfaces.wlp5ghz ];
   };
-
 }
diff --git a/config/networking/services/dns.nix b/config/networking/services/dns.nix
index beed1e7..9e26b41 100644
--- a/config/networking/services/dns.nix
+++ b/config/networking/services/dns.nix
@@ -6,11 +6,13 @@ in {
     enable = true;
     settings = {
       server = {
-        interface = [ "127.0.0.1" "${cfg.subnets.private}.1" ];
+        interface =
+          [ "127.0.0.1" "${cfg.subnets.private}.1" "${cfg.subnets.iot}.1" ];
         access-control = [
           "0.0.0.0/0 refuse"
           "127.0.0.0/8 allow"
           "${cfg.subnets.private}.0/24 allow"
+          "${cfg.subnets.iot}.0/24 allow"
         ];
       };
     };