default.nix 1.9 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. { config, pkgs, ... }:
  2. {
  3. imports = [
  4. ./dnsmasq.nix
  5. ./smartdns.nix
  6. ./upnp.nix
  7. ];
  8. networking = {
  9. useDHCP = false;
  10. firewall.enable = false;
  11. nftables = {
  12. enable = true;
  13. rulesetFile = ./firewall.nft;
  14. # https://discourse.nixos.org/t/nftables-could-not-process-rule-no-such-file-or-directory/33031
  15. checkRuleset = false;
  16. };
  17. interfaces = {
  18. ppp0.useDHCP = true;
  19. wan.useDHCP = true;
  20. lan = {
  21. ipv4.addresses = [{
  22. address = "192.168.5.1";
  23. prefixLength = 24;
  24. }];
  25. };
  26. };
  27. dhcpcd = {
  28. enable = true;
  29. allowInterfaces = [ "ppp0" ];
  30. extraConfig = ''
  31. # don't touch our DNS settings
  32. nohook resolv.conf
  33. # generate a RFC 4361 complient DHCP ID
  34. duid
  35. # We don't want to expose our hw addr from the router to the internet,
  36. # so we generate a RFC7217 address.
  37. slaac private
  38. option rapid_commit
  39. option domain_name_servers, domain_name, domain_search, host_name
  40. option classless_static_routes
  41. option interface_mtu
  42. require dhcp_server_identifier
  43. # we only want to handle IPv6 with dhcpcd, the IPv4 is still done
  44. # through pppd daemon
  45. noipv6rs
  46. ipv6only
  47. # settings for the interface
  48. interface ppp0
  49. ipv6rs # router advertisement solicitaion
  50. iaid 1 # interface association ID
  51. ia_pd 2 lan/0 # request a PD and assign to interface
  52. '';
  53. };
  54. };
  55. services.vnstat.enable = true;
  56. }