Last active
January 1, 2022 14:31
-
-
Save applePrincess/150ec5ab343a293976a926769f73b86d to your computer and use it in GitHub Desktop.
Test router
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{config, pkgs, modulesPath, ...}: | |
{ | |
imports = [ | |
./hardware-configuration.nix | |
(modulesPath + "/profiles/minimal.nix") | |
(modulesPath + "/profiles/qemu-guest.nix") | |
]; | |
boot.loader.grub.enable = true; | |
boot.loader.grub.version = 2; | |
boot.loader.grub.device = "/dev/vda"; | |
boot.kernel.sysctl = { | |
"net.ipv4.conf.all.forwarding" = true; | |
}; | |
time.timeZone = "UTC"; | |
networking = { | |
useDHCP = false; | |
interfaces = { | |
enp1s0.useDHCP = true; | |
enp2s0.useDHCP = false; | |
wan.useDHCP = false; | |
lan = { | |
ipv4.addresses = [ | |
{ | |
address = "10.1.1.1"; | |
prefixLength = 24; | |
} | |
]; | |
}; | |
}; | |
vlans = { | |
wan = { | |
id = 10; | |
interface = "enp1s0"; | |
}; | |
lan = { | |
id = 20; | |
interface = "enp2s0"; | |
}; | |
}; | |
nat.enable = false; | |
firewall.enable = false; | |
nftables = { | |
enable = true; | |
ruleset = '' | |
table ip filter { | |
chain output { | |
type filter hook output priority filter; policy accept; | |
} | |
chain input { | |
type filter hook input priority filter; policy accept; | |
} | |
chain forward { | |
type filter hook forward priority filter; policy accept; | |
} | |
} | |
table ip nat { | |
chain prerouting { | |
type nat hook output priority filter; policy accept; | |
} | |
chain postrouting { | |
type nat hook postrouting priority filter; policy accept; | |
oifname "wan" masquerade | |
} | |
} | |
''; | |
}; | |
}; | |
environment.systemPackages = with pkgs; [ | |
vim | |
htop | |
ethtool | |
tcpdump | |
conntrack-tools | |
]; | |
services.dhcpd4 = { | |
enable = true; | |
interfaces = [ "lan" ]; | |
extraConfig = '' | |
option domain-name-servers 10.5.1.10, 1.1.1.1; | |
option subnet-mask 255.255.255.0; | |
subnet 10.1.1.0 netmask 255.255.255.0 { | |
option broadcast-address 10.1.1.255; | |
option routers 10.1.1.1; | |
interface lan; | |
range 10.1.1.128 10.1.1.254; | |
} | |
''; | |
}; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment