nixos-config/config/services/router.nix

47 lines
1.5 KiB
Nix
Raw Normal View History

2022-06-12 15:42:42 +00:00
_: {
2022-06-12 15:39:15 +00:00
networking.dhcpcd.allowInterfaces = ["enp1s0f0u4"]; # yes a usb network card dont judge
2022-05-05 19:58:29 +00:00
services.dhcpd4 = {
enable = true;
extraConfig = ''
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
2022-05-05 20:24:55 +00:00
option domain-name-servers 1.1.1.1;
2022-05-05 19:58:29 +00:00
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.100 192.168.2.200;
}
2022-06-20 20:11:25 +00:00
option client-arch code 93 = unsigned integer 16;
if exists user-class and option user-class = "iPXE" {
2022-06-21 12:35:44 +00:00
option root-path "iscsi:192.168.2.1:::1:iqn.2022-06.rs.chir:rs.chir.int.nas.windows";
filename "http://192.168.2.1/boot.ipxe";
2022-06-20 20:11:25 +00:00
} elsif option client-arch != 00:00 {
filename "ipxe.efi";
} else {
filename "undionly.kpxe";
}
next-server 192.168.2.1;
2022-05-05 19:58:29 +00:00
'';
2022-06-12 15:39:15 +00:00
interfaces = ["br0"];
2022-05-05 19:58:29 +00:00
};
2022-06-20 20:11:25 +00:00
services.tftpd = {
enable = true;
path = ../../extra/tftp;
};
2022-06-21 12:48:31 +00:00
networking.firewall.interfaces."br0".allowedUDPPorts = [69 4011];
2022-06-21 12:35:44 +00:00
services.nginx.virtualHosts."192.168.2.1" = {
2022-06-21 09:54:06 +00:00
root = "/var/lib/netboot";
forceSSL = false;
2022-06-21 12:35:44 +00:00
rejectSSL = true;
2022-06-21 09:54:06 +00:00
};
2022-05-05 19:58:29 +00:00
# No i dont have ipv6 :(
networking.firewall.extraCommands = ''
iptables -A FORWARD -i br0 -j ACCEPT
iptables -t nat -A POSTROUTING -o enp1s0f0u4 -s 192.168.2.0/24 -j MASQUERADE
'';
networking.interfaces.enp1s0f0u4.macAddress = "00:d8:61:d0:de:1e"; # fucking ISP
2022-05-05 20:24:55 +00:00
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
};
2022-05-05 19:58:29 +00:00
}