about summary refs log tree commit diff
path: root/hosts/carmel/services.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/carmel/services.nix')
-rw-r--r--hosts/carmel/services.nix81
1 files changed, 77 insertions, 4 deletions
diff --git a/hosts/carmel/services.nix b/hosts/carmel/services.nix
index e1432b2..63d749e 100644
--- a/hosts/carmel/services.nix
+++ b/hosts/carmel/services.nix
@@ -1,9 +1,82 @@
 { config, ... }: {
   my.services = {
-    # enable a few services related to the gnome desktop
-    gnome.enable = true;
+    metrics-exporter = { enable = true; };
+    avahi = {
+      enable = true;
+      withReflector = true;
+      interfaces = [ "mgmt0" "iot" ];
+    };
+  };
+
+  services.dnsmasq = {
+    enable = true;
+    resolveLocalQueries = true;
+    extraConfig = ''
+      log-dhcp
+
+      bind-interfaces
+
+      domain=home
+
+      dhcp-authoritative
+
+      interface=mgmt0
+      dhcp-range=set:mgmt0,192.168.0.100,192.168.0.199,30m
+      dhcp-option=tag:mgmt0,option:router,192.168.0.1
+
+      interface=iot
+      dhcp-range=set:iot,192.168.10.100,192.168.10.199,30m
+      dhcp-option=tag:iot,option:router,192.168.10.1
+
+      interface=guest
+      dhcp-range=set:guest,192.168.20.100,192.168.20.199,30m
+      dhcp-option=tag:guest,option:router,192.168.20.1
+
+      dhcp-option=option:dns-server,192.168.0.1,8.8.8.8
+
+      dhcp-host=b4:fb:e4:81:4f:0f,ap-media-room,192.168.0.30,infinite
+      dhcp-host=74:83:c2:12:67:2d,ap-living-room,192.168.0.31,infinite
+      dhcp-host=b4:fb:e4:81:52:6c,ap-office,192.168.0.32,infinite
+      dhcp-host=b4:fb:e4:b2:bd:b8,switch-garage,192.168.0.33,infinite
+      dhcp-host=fc:ec:da:78:d8:92,switch-media-room,192.168.0.34,infinite
+      dhcp-host=b4:fb:e4:8f:69:0e,switch-office,192.168.0.35,infinite
+      dhcp-host=d8:bb:c1:44:1c:d3,tahoe,192.168.0.40,infinite
+    '';
+  };
+
+  # DNS / DHCPv4 / DHCPv6
+  networking.firewall.allowedUDPPorts = [ 53 67 547 ];
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+
+    virtualHosts."localhost" = {
+      listen = [
+        {
+          addr = "127.0.0.1";
+          port = 8080;
+        }
+      ];
+      locations."/" = { };
+    };
+
+    streamConfig = ''
+      server {
+        listen 443;
+        proxy_timeout 2s;
+        proxy_pass 192.168.0.40:443;
+      }
 
-    # we need avahi in order to use the printer/scanner
-    avahi.enable = true;
+      server {
+        listen 80 reuseport;
+        proxy_timeout 2s;
+        proxy_pass 192.168.0.40:80;
+      }
+    '';
   };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }