asonix/sbc-deploys
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add computer vlan

Browse source
This commit is contained in:
asonix 2024-07-09 19:07:21 -05:00
parent b5a418308e
commit cc4321ec81
1 changed files with 49 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
modules/router/default.nix
View file

@ -8,6 +8,7 @@ let
bridge = "br-lan"; bridge = "br-lan";
devices = "devices-vlan"; devices = "devices-vlan";
wifi = "wifi-vlan"; wifi = "wifi-vlan";
computer = "comptuer-vlan";
wg0 = "wg0"; wg0 = "wg0";
in in
{ {
@ -27,6 +28,7 @@ in
"net.ipv6.conf.${bridge}.accept_ra" = 2; "net.ipv6.conf.${bridge}.accept_ra" = 2;
"net.ipv6.conf.${devices}.accept_ra" = 2; "net.ipv6.conf.${devices}.accept_ra" = 2;
"net.ipv6.conf.${wifi}.accept_ra" = 2; "net.ipv6.conf.${wifi}.accept_ra" = 2;
"net.ipv6.conf.${computer}.accept_ra" = 2;
"net.ipv4.conf.all.forwarding" = true; "net.ipv4.conf.all.forwarding" = true;
"net.ipv4.conf.default.rp_filter" = 1; "net.ipv4.conf.default.rp_filter" = 1;
@ -34,6 +36,7 @@ in
"net.ipv4.conf.${bridge}.rp_filter" = 0; "net.ipv4.conf.${bridge}.rp_filter" = 0;
"net.ipv4.conf.${devices}.rp_filter" = 0; "net.ipv4.conf.${devices}.rp_filter" = 0;
"net.ipv4.conf.${wifi}.rp_filter" = 0; "net.ipv4.conf.${wifi}.rp_filter" = 0;
"net.ipv4.conf.${computer}.rp_filter" = 0;
}; };
}; };
@ -59,6 +62,13 @@ in
}; };
vlanConfig.Id = 40; vlanConfig.Id = 40;
}; };
"10-${computer}" = {
netdevConfig = {
Name = computer;
Kind = "vlan";
};
vlanConfig.Id = 50;
};
"20-${bridge}" = { "20-${bridge}" = {
netdevConfig = { netdevConfig = {
Kind = "bridge"; Kind = "bridge";
@ -114,7 +124,7 @@ in
networkConfig = { networkConfig = {
Bridge = bridge; Bridge = bridge;
ConfigureWithoutCarrier = true; ConfigureWithoutCarrier = true;
VLAN = [ devices wifi ]; VLAN = [ devices wifi computer ];
}; };
}; };
"40-${bridge}" = { "40-${bridge}" = {
@ -179,6 +189,27 @@ in
}; };
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
}; };
"50-${computer}" = {
matchConfig = {
Name = computer;
Type = "vlan";
};
address = [
"192.168.50.1/24"
"2001:db8:50::1/64"
];
networkConfig = {
IPv6SendRA = true;
};
ipv6Prefixes = [{
Prefix = "2001:db8:50::/64";
}];
ipv6SendRAConfig = {
EmitDNS = true;
DNS = "2001:db8:50::1";
};
linkConfig.RequiredForOnline = "routable";
};
"60-${wg0}" = { "60-${wg0}" = {
matchConfig.Name = wg0; matchConfig.Name = wg0;
address = [ "192.168.5.1/24" "2001:db8:5::1/64" ]; address = [ "192.168.5.1/24" "2001:db8:5::1/64" ];
@ -207,6 +238,7 @@ in
define DEVICES=${devices} define DEVICES=${devices}
define WIFI=${wifi} define WIFI=${wifi}
define COMPUTER=${computer}
define WG0=${wg0} define WG0=${wg0}
define HTTP_HOST=192.168.20.200 define HTTP_HOST=192.168.20.200
@ -277,6 +309,11 @@ in
accept accept
} }
chain computer_in {}
chain computer_out {
accept
}
chain wg_in {} chain wg_in {}
chain wg_out { chain wg_out {
accept accept
@ -295,6 +332,7 @@ in
$BRIDGE : jump bridge_in, $BRIDGE : jump bridge_in,
$DEVICES : jump devices_in, $DEVICES : jump devices_in,
$WIFI : jump wifi_in, $WIFI : jump wifi_in,
$COMPUTER : jump computer_in,
$WG0 : jump wg_in $WG0 : jump wg_in
} }
@ -302,6 +340,7 @@ in
$BRIDGE : jump bridge_out, $BRIDGE : jump bridge_out,
$DEVICES : jump devices_out, $DEVICES : jump devices_out,
$WIFI : jump wifi_out, $WIFI : jump wifi_out,
$COMPUTER : jump computer_out,
$WG0 : jump wg_out $WG0 : jump wg_out
} }
@ -321,6 +360,7 @@ in
tcp dport @internal_access_tcp ct state new iifname vmap { tcp dport @internal_access_tcp ct state new iifname vmap {
$BRIDGE : accept, $BRIDGE : accept,
$WG0 : accept, $WG0 : accept,
$COMPUTER : accept,
$DEVICES : jump reject_politely, $DEVICES : jump reject_politely,
$WIFI : jump rate_limit, $WIFI : jump rate_limit,
$WAN : jump rate_limit $WAN : jump rate_limit
@ -429,8 +469,11 @@ in
"${wifi},192.168.40.10,192.168.40.240,24h" "${wifi},192.168.40.10,192.168.40.240,24h"
"${wifi},::10,constructor:${wifi},ra-names,64,24h" "${wifi},::10,constructor:${wifi},ra-names,64,24h"
"${computer},192.168.50.10,192.168.50.240,24h"
"${computer},::10,constructor:${computer},ra-names,64,24h"
]; ];
interface = [ bridge devices wifi wg0 ]; interface = [ bridge devices wifi computer wg0 ];
dhcp-option = [ dhcp-option = [
"${bridge},option:router,192.168.20.1" "${bridge},option:router,192.168.20.1"
"${bridge},option:dns-server,192.168.20.1" "${bridge},option:dns-server,192.168.20.1"
@ -443,6 +486,10 @@ in
"${wifi},option:router,192.168.40.1" "${wifi},option:router,192.168.40.1"
"${wifi},option:dns-server,192.168.40.1" "${wifi},option:dns-server,192.168.40.1"
"${wifi},option6:dns-server,2001:db8:40::1" "${wifi},option6:dns-server,2001:db8:40::1"
"${computer},option:router,192.168.50.1"
"${computer},option:dns-server,192.168.50.1"
"${computer},option6:dns-server,2001:db8:50::1"
]; ];
local = "/lan/"; local = "/lan/";