lytedev/nix
1
0
Fork 1
Code Issues Pull requests 1 Actions Packages Projects Releases Wiki Activity

Disable everything

Browse source
This commit is contained in:
Daniel Flanagan 2024-07-16 16:27:15 -05:00
parent cde4925ec1
commit cbe4b8619a
1 changed files with 57 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

122
nixos/router.nix
View file

@ -31,6 +31,7 @@
in {
imports = [
{
# hardware
boot = {
loader = {
efi.canTouchEfiVariables = true;
@ -65,7 +66,7 @@ in {
};
};
services.fail2ban.enable = true;
# services.fail2ban.enable = true;
services.radvd = {
enable = false;
# NOTE: this config is just the default arch linux config I think and may
@ -123,62 +124,62 @@ in {
# '';
# };
# services.dnsmasq = {
# enable = true;
# settings = {
# # server endpoints
# listen-address = "::1,127.0.0.1,${ip}";
# port = "53";
services.dnsmasq = {
enable = false;
settings = {
# server endpoints
listen-address = "::1,127.0.0.1,${ip}";
port = "53";
# # DNS cache entries
# cache-size = "10000";
# DNS cache entries
cache-size = "10000";
# # local domain entries
# local = "/lan/";
# domain = "lan";
# expand-hosts = true;
# local domain entries
local = "/lan/";
domain = "lan";
expand-hosts = true;
# dhcp-authoritative = true;
dhcp-authoritative = true;
# conf-file = "/usr/share/dnsmasq/trust-anchors.conf";
# dnssec = true;
conf-file = "/usr/share/dnsmasq/trust-anchors.conf";
dnssec = true;
# except-interface = "${wan_if}";
# interface = "${lan_if}";
except-interface = "${wan_if}";
interface = "${lan_if}";
# enable-ra = true;
enable-ra = true;
# # dhcp-option = "121,${cidr},${ip}";
# dhcp-option = "121,${cidr},${ip}";
# dhcp-range = [
# "lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m"
# "tag:${lan_if},::1,constructor:${lan_if},ra-names,12h"
# ];
dhcp-range = [
"lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m"
"tag:${lan_if},::1,constructor:${lan_if},ra-names,12h"
];
# dhcp-host = [
# "${hosts.dragon.host},${hosts.dragon.ip},12h"
# "${hosts.beefcake.host},${hosts.beefcake.ip},12h"
# ];
dhcp-host = [
"${hosts.dragon.host},${hosts.dragon.ip},12h"
"${hosts.beefcake.host},${hosts.beefcake.ip},12h"
];
# # may need to go in /etc/hosts (networking.extraHosts), too?
# address = [
# "/video.lyte.dev/192.168.0.9"
# "/git.lyte.dev/192.168.0.9"
# "/bw.lyte.dev/192.168.0.9"
# "/files.lyte.dev/192.168.0.9"
# "/vpn.h.lyte.dev/192.168.0.9"
# "/.h.lyte.dev/192.168.0.9"
# ];
# may need to go in /etc/hosts (networking.extraHosts), too?
address = [
"/video.lyte.dev/192.168.0.9"
"/git.lyte.dev/192.168.0.9"
"/bw.lyte.dev/192.168.0.9"
"/files.lyte.dev/192.168.0.9"
"/vpn.h.lyte.dev/192.168.0.9"
"/.h.lyte.dev/192.168.0.9"
];
# server = [
# "${ip}"
# "8.8.8.8"
# "8.8.4.4"
# "1.1.1.1"
# "1.0.0.1"
# ];
# };
# };
server = [
"${ip}"
"8.8.8.8"
"8.8.4.4"
"1.1.1.1"
"1.0.0.1"
];
};
};
networking = {
hostName = "router";
@ -188,23 +189,6 @@ in {
# useDHCP = true;
# nat.enable = true; # TODO: maybe replace some of the nftables stuff with this module?
# interfaces = {
# enp2s0 = {
# # should be wan0
# useDHCP = true;
# };
# enp3s0 = {
# # should be lan0
# useDHCP = false;
# };
# wan0 = {
# useDHCP = true;
# };
# lan0 = {
# useDHCP = false;
# };
# };
extraHosts = ''
127.0.0.1 localhost
${ip} router.h.lyte.dev router
@ -215,9 +199,13 @@ in {
'';
firewall.enable = false;
firewall.allowedTCPPorts = [
2201
22
];
nftables = {
enable = true;
enable = false;
flushRuleset = true;
tables = {
@ -313,7 +301,7 @@ in {
};
dhcpcd = {
enable = true;
enable = false;
extraConfig = ''
duid
@ -360,6 +348,10 @@ in {
addr = "0.0.0.0";
port = 2201;
}
{
addr = "[::]";
port = 2201;
}
];
systemd.network = {