about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--hosts/carmel/boot.nix12
-rw-r--r--hosts/carmel/default.nix4
-rw-r--r--hosts/carmel/services.nix74
-rw-r--r--profiles/router.nix87
4 files changed, 90 insertions, 87 deletions
diff --git a/hosts/carmel/boot.nix b/hosts/carmel/boot.nix
deleted file mode 100644
index b3b63da..0000000
--- a/hosts/carmel/boot.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ ... }:
-
-{
-  boot.loader.efi.efiSysMountPoint = "/boot/efi";
-
-  boot.kernel.sysctl = {
-    "net.ipv4.conf.all.forwarding" = true;
-    "net.ipv4.conf.default.forwarding" = true;
-    "net.core.default_qdisc" = "fq";
-    "net.ipv4.tcp_congestion_control" = "bbr";
-  };
-}
diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix
index 8c68e20..4f86d90 100644
--- a/hosts/carmel/default.nix
+++ b/hosts/carmel/default.nix
@@ -3,14 +3,16 @@
 {
   imports = [
     ./hardware.nix
-    ./boot.nix
     ./networking.nix
     ./services.nix
     "${self}/profiles/server.nix"
     "${self}/profiles/hardware/amd.nix"
     "${self}/profiles/nginx.nix"
+    "${self}/profiles/router.nix"
   ];
 
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+
   services.avahi = {
     enable = true;
     # Important to resolve .local domains of printers, otherwise you get an error
diff --git a/hosts/carmel/services.nix b/hosts/carmel/services.nix
index bde7523..3c9662f 100644
--- a/hosts/carmel/services.nix
+++ b/hosts/carmel/services.nix
@@ -6,81 +6,7 @@
     };
   };
 
-  services.dnsmasq = {
-    enable = true;
-    resolveLocalQueries = true;
-    extraConfig = ''
-      log-dhcp
-
-      bind-interfaces
-
-      server=8.8.8.8
-      server=4.4.4.4
-      cache-size=1000
-
-      domain-needed
-      domain=home
-      local=/home/
-      no-resolv
-
-      dhcp-script=${pkgs.tools.dnsmasq-to-html}/bin/dnsmasq-leases-html
-      script-on-renewal
-
-      dhcp-authoritative
-
-      interface=mgmt0
-      dhcp-range=set:mgmt0,192.168.0.100,192.168.0.199,30m
-      dhcp-option=tag:mgmt0,option:router,192.168.0.1
-
-      interface=iot
-      dhcp-range=set:iot,192.168.10.100,192.168.10.199,30m
-      dhcp-option=tag:iot,option:router,192.168.10.1
-
-      interface=guest
-      dhcp-range=set:guest,192.168.20.100,192.168.20.199,30m
-      dhcp-option=tag:guest,option:router,192.168.20.1
-
-      dhcp-option=option:dns-server,192.168.0.1,8.8.8.8
-
-      dhcp-host=b4:fb:e4:81:4f:0f,ap-media-room,192.168.0.30,infinite
-      dhcp-host=74:83:c2:12:67:2d,ap-living-room,192.168.0.31,infinite
-      dhcp-host=b4:fb:e4:81:52:6c,ap-office,192.168.0.32,infinite
-      dhcp-host=b4:fb:e4:b2:bd:b8,switch-garage,192.168.0.33,infinite
-      dhcp-host=fc:ec:da:78:d8:92,switch-media-room,192.168.0.34,infinite
-      dhcp-host=b4:fb:e4:8f:69:0e,switch-office,192.168.0.35,infinite
-      dhcp-host=d8:bb:c1:44:1c:d3,tahoe,192.168.0.40,infinite
-    '';
-  };
-
-  # dnsmasq needs the interfaces to be online
-  # https://serverfault.com/a/907603
-  systemd.services.dnsmasq = {
-    after = [ "network-online.target" "network.target" ];
-    wants = [ "network-online.target" ];
-  };
-
-  # DNS / DHCPv4 / DHCPv6
-  networking.firewall.allowedUDPPorts = [ 53 67 547 ];
-
-  services.prometheus.exporters.dnsmasq = {
-    enable = true;
-    leasesPath = "/var/lib/dnsmasq/dnsmasq.leases";
-  };
-
   services.nginx = {
-    virtualHosts."dnsmasq" = {
-      listen = [
-        {
-          addr = "192.168.6.1";
-          port = 8067;
-        }
-      ];
-      locations."/" = {
-        root = "/var/lib/dnsmasq";
-        index = "leases.html";
-      };
-    };
-
     streamConfig = ''
       server {
         listen 443;
diff --git a/profiles/router.nix b/profiles/router.nix
new file mode 100644
index 0000000..2ed88bb
--- /dev/null
+++ b/profiles/router.nix
@@ -0,0 +1,87 @@
+{ lib, config, pkgs, ... }:
+{
+  boot.kernel.sysctl = {
+    "net.ipv4.conf.all.forwarding" = true;
+    "net.ipv4.conf.default.forwarding" = true;
+    "net.core.default_qdisc" = "fq";
+    "net.ipv4.tcp_congestion_control" = "bbr";
+  };
+
+  services.dnsmasq = {
+    enable = true;
+    resolveLocalQueries = true;
+    extraConfig = ''
+      log-dhcp
+
+      bind-interfaces
+
+      server=8.8.8.8
+      server=4.4.4.4
+      cache-size=1000
+
+      domain-needed
+      domain=home
+      local=/home/
+      no-resolv
+
+      dhcp-script=${pkgs.tools.dnsmasq-to-html}/bin/dnsmasq-leases-html
+      script-on-renewal
+
+      dhcp-authoritative
+
+      interface=mgmt0
+      dhcp-range=set:mgmt0,192.168.0.100,192.168.0.199,30m
+      dhcp-option=tag:mgmt0,option:router,192.168.0.1
+
+      interface=iot
+      dhcp-range=set:iot,192.168.10.100,192.168.10.199,30m
+      dhcp-option=tag:iot,option:router,192.168.10.1
+
+      interface=guest
+      dhcp-range=set:guest,192.168.20.100,192.168.20.199,30m
+      dhcp-option=tag:guest,option:router,192.168.20.1
+
+      dhcp-option=option:dns-server,192.168.0.1,8.8.8.8
+
+      dhcp-host=b4:fb:e4:81:4f:0f,ap-media-room,192.168.0.30,infinite
+      dhcp-host=74:83:c2:12:67:2d,ap-living-room,192.168.0.31,infinite
+      dhcp-host=b4:fb:e4:81:52:6c,ap-office,192.168.0.32,infinite
+      dhcp-host=b4:fb:e4:b2:bd:b8,switch-garage,192.168.0.33,infinite
+      dhcp-host=fc:ec:da:78:d8:92,switch-media-room,192.168.0.34,infinite
+      dhcp-host=b4:fb:e4:8f:69:0e,switch-office,192.168.0.35,infinite
+      dhcp-host=d8:bb:c1:44:1c:d3,tahoe,192.168.0.40,infinite
+
+      # hosted names
+      cname=loki.fcuny.xyz,tahoe.home
+    '';
+  };
+
+  # dnsmasq needs the interfaces to be online
+  # https://serverfault.com/a/907603
+  systemd.services.dnsmasq = {
+    after = [ "network-online.target" "network.target" ];
+    wants = [ "network-online.target" ];
+  };
+
+  # DNS / DHCPv4 / DHCPv6
+  networking.firewall.allowedUDPPorts = [ 53 67 547 ];
+
+  services.nginx.virtualHosts."dnsmasq" = {
+    listen = [
+      {
+        addr = "192.168.6.1";
+        port = 8067;
+      }
+    ];
+    locations."/" = {
+      root = "/var/lib/dnsmasq";
+      index = "leases.html";
+    };
+  };
+
+  services.prometheus.exporters.dnsmasq = {
+    enable = true;
+    leasesPath = "/var/lib/dnsmasq/dnsmasq.leases";
+  };
+
+}