Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
jerrita
/
nix-router
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Tree: c3263e373e
Branches Tags
nix-router
/
networking
/
default.nix

default.nix 2.0 KB
Lịch sử Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. { config, pkgs, ... }:
    2. 

  2. {
    3. 

  3.     imports = [
    4. 

  4.         ./dnsmasq.nix
    5. 

  5.         ./smartdns.nix
    6. 

  6.         ./upnp.nix
    7. 

  7.     ];
    8. 

  8. 

  9.     networking = {
    10. 

  10.         useDHCP = false;
    11. 

  11.         firewall.enable = false;
    12. 

  12.         nftables = {
    13. 

  13.             enable = true;
    14. 

  14.             rulesetFile = ./firewall.nft;
    15. 

  15.             # https://discourse.nixos.org/t/nftables-could-not-process-rule-no-such-file-or-directory/33031
    16. 

  16.             checkRuleset = false;
    17. 

  17.         };
    18. 

  18. 

  19.         interfaces = {
    20. 

  20.             ppp0.useDHCP = true;
    21. 

  21.             wan.useDHCP = true;
    22. 

  22.             lan = {
    23. 

  23.                 ipv4.addresses = [{
    24. 

  24.                     address = "192.168.5.1";
    25. 

  25.                     prefixLength = 24;
    26. 

  26.                 }];
    27. 

  27.             };
    28. 

  28.         };
    29. 

  29. 

  30.         dhcpcd = {
    31. 

  31.             enable = true;
    32. 

  32.             # Do not remove interface configuration on shutdown.
    33. 

  33.             persistent = true;
    34. 

  34.             allowInterfaces = [ "ppp0" ];
    35. 

  35.             extraConfig = ''
    36. 

  36.                 # don't touch our DNS settings
    37. 

  37.                 nohook resolv.conf
    38. 

  38. 

  39.                 # generate a RFC 4361 complient DHCP ID
    40. 

  40.                 duid
    41. 

  41. 

  42.                 # We don't want to expose our hw addr from the router to the internet,
    43. 

  43.                 # so we generate a RFC7217 address.
    44. 

  44.                 slaac private
    45. 

  45. 

  46.                 persistent
    47. 

  47.                 option rapid_commit
    48. 

  48.                 option domain_name_servers, domain_name, domain_search, host_name
    49. 

  49.                 option classless_static_routes
    50. 

  50.                 option interface_mtu
    51. 

  51.                 require dhcp_server_identifier
    52. 

  52. 

  53.                 # we only want to handle IPv6 with dhcpcd, the IPv4 is still done
    54. 

  54.                 # through pppd daemon
    55. 

  55.                 noipv6rs
    56. 

  56.                 ipv6only
    57. 

  57. 

  58.                 # settings for the interface
    59. 

  59.                 interface ppp0
    60. 

  60.                     ipv6rs               # router advertisement solicitaion
    61. 

  61.                     iaid 1               # interface association ID
    62. 

  62.                     ia_pd 2 lan/0        # request a PD and assign to interface
    63. 

  63.             '';
    64. 

  64.         };
    65. 

  65.     };
    66. 

  66. 

  67.     services.vnstat.enable = true;
    68. 

  68. }
    69.