From 389940b3ab47d6d2fedb3a6acbb767b37d635557 Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Thu, 13 Apr 2023 10:45:00 +0200
Subject: networking: enable iot subnet

---
 config/networking/services/dhcp.nix | 24 ++++++++++++++++--------
 config/networking/services/dns.nix  |  4 +++-
 2 files changed, 19 insertions(+), 9 deletions(-)

(limited to 'config/networking/services')

diff --git a/config/networking/services/dhcp.nix b/config/networking/services/dhcp.nix
index f4b1f61..9953389 100644
--- a/config/networking/services/dhcp.nix
+++ b/config/networking/services/dhcp.nix
@@ -4,15 +4,23 @@ let cfg = config.personal.networking;
 in {
   services.dhcpd4 = {
     enable = true;
-    extraConfig = ''
-      option subnet-mask 255.255.255.0;
-      option routers ${cfg.subnets.private}.1;
-      option domain-name-servers ${cfg.subnets.public}.1, 9.9.9.9;
-      subnet ${cfg.subnets.private}.0 netmask 255.255.255.0 {
-          range ${cfg.subnets.private}.10 ${cfg.subnets.private}.99;
+    interfaces = with cfg.interfaces; [ wlp2ghz wlp5ghz ];
+    extraConfig = with cfg.subnets; ''
+      option domain-name-servers ${public}.1, 9.9.9.9;
+      subnet ${private}.0 netmask 255.255.255.0 {
+          option broadcast-address ${private}.255;
+          option routers ${private}.1;
+          option subnet-mask 255.255.255.0;
+          interface ${cfg.interfaces.wlp5ghz};
+          range ${private}.10 ${private}.99;
+      }
+      subnet ${iot}.0 netmask 255.255.255.0 {
+          option broadcast-address ${iot}.255;
+          option routers ${iot}.1;
+          option subnet-mask 255.255.255.0;
+          interface ${cfg.interfaces.wlp2ghz};
+          range ${iot}.10 ${iot}.99
       }
     '';
-    interfaces = [ cfg.interfaces.wlp5ghz ];
   };
-
 }
diff --git a/config/networking/services/dns.nix b/config/networking/services/dns.nix
index beed1e7..9e26b41 100644
--- a/config/networking/services/dns.nix
+++ b/config/networking/services/dns.nix
@@ -6,11 +6,13 @@ in {
     enable = true;
     settings = {
       server = {
-        interface = [ "127.0.0.1" "${cfg.subnets.private}.1" ];
+        interface =
+          [ "127.0.0.1" "${cfg.subnets.private}.1" "${cfg.subnets.iot}.1" ];
         access-control = [
           "0.0.0.0/0 refuse"
           "127.0.0.0/8 allow"
           "${cfg.subnets.private}.0/24 allow"
+          "${cfg.subnets.iot}.0/24 allow"
         ];
       };
     };
-- 
cgit v1.2.3