applePrincess/configuration.nix

## configuration.nix
{config, pkgs, modulesPath, ...}:
{
  imports = [
    ./hardware-configuration.nix

    (modulesPath + "/profiles/minimal.nix")

    (modulesPath + "/profiles/qemu-guest.nix")
  ];

  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/vda";

  boot.kernel.sysctl = {
    "net.ipv4.conf.all.forwarding" = true;
  };

  time.timeZone = "UTC";

  networking = {
    useDHCP = false;

    interfaces = {
      enp1s0.useDHCP = true;
      enp2s0.useDHCP = false;

      wan.useDHCP = false;
      lan = {
        ipv4.addresses = [
          {
            address = "10.1.1.1";
            prefixLength = 24;
          }
        ];
      };
    };
    vlans = {
      wan = {
        id = 10;
        interface = "enp1s0";
      };
      lan = {
        id = 20;
        interface = "enp2s0";
      };
    };
    nat.enable = false;
    firewall.enable = false;
    nftables = {
      enable = true;
      ruleset = ''
        table ip filter {
          chain output {
            type filter hook output priority filter; policy accept;
          }
          chain input {
            type filter hook input priority filter; policy accept;
          }
          chain forward {
            type filter hook forward priority filter; policy accept;
          }
        }
        table ip nat {
          chain prerouting {
            type nat hook output priority filter; policy accept;
          }
          chain postrouting {
            type nat hook postrouting priority filter; policy accept;
            oifname "wan" masquerade
          }
        }
      '';
    };
  };
  environment.systemPackages = with pkgs; [
    vim
    htop
    ethtool
    tcpdump
    conntrack-tools
  ];

  services.dhcpd4 = {
    enable = true;
    interfaces = [ "lan" ];

    extraConfig = ''
      option domain-name-servers 10.5.1.10, 1.1.1.1;
      option subnet-mask 255.255.255.0;
      subnet 10.1.1.0 netmask 255.255.255.0 {
        option broadcast-address 10.1.1.255;
        option routers 10.1.1.1;
        interface lan;
        range 10.1.1.128 10.1.1.254;
      }
    '';
  };
}
	{config, pkgs, modulesPath, ...}:
	{
	imports = [
	./hardware-configuration.nix

	(modulesPath + "/profiles/minimal.nix")

	(modulesPath + "/profiles/qemu-guest.nix")
	];

	boot.loader.grub.enable = true;
	boot.loader.grub.version = 2;
	boot.loader.grub.device = "/dev/vda";

	boot.kernel.sysctl = {
	"net.ipv4.conf.all.forwarding" = true;
	};

	time.timeZone = "UTC";

	networking = {
	useDHCP = false;

	interfaces = {
	enp1s0.useDHCP = true;
	enp2s0.useDHCP = false;

	wan.useDHCP = false;
	lan = {
	ipv4.addresses = [
	{
	address = "10.1.1.1";
	prefixLength = 24;
	}
	];
	};
	};
	vlans = {
	wan = {
	id = 10;
	interface = "enp1s0";
	};
	lan = {
	id = 20;
	interface = "enp2s0";
	};
	};
	nat.enable = false;
	firewall.enable = false;
	nftables = {
	enable = true;
	ruleset = ''
	table ip filter {
	chain output {
	type filter hook output priority filter; policy accept;
	}
	chain input {
	type filter hook input priority filter; policy accept;
	}
	chain forward {
	type filter hook forward priority filter; policy accept;
	}
	}
	table ip nat {
	chain prerouting {
	type nat hook output priority filter; policy accept;
	}
	chain postrouting {
	type nat hook postrouting priority filter; policy accept;
	oifname "wan" masquerade
	}
	}
	'';
	};
	};
	environment.systemPackages = with pkgs; [
	vim
	htop
	ethtool
	tcpdump
	conntrack-tools
	];

	services.dhcpd4 = {
	enable = true;
	interfaces = [ "lan" ];

	extraConfig = ''
	option domain-name-servers 10.5.1.10, 1.1.1.1;
	option subnet-mask 255.255.255.0;
	subnet 10.1.1.0 netmask 255.255.255.0 {
	option broadcast-address 10.1.1.255;
	option routers 10.1.1.1;
	interface lan;
	range 10.1.1.128 10.1.1.254;
	}
	'';
	};
	}