Disable everything
This commit is contained in:
parent
cde4925ec1
commit
cbe4b8619a
1 changed files with 57 additions and 65 deletions
122
nixos/router.nix
122
nixos/router.nix
|
@ -31,6 +31,7 @@
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
{
|
{
|
||||||
|
# hardware
|
||||||
boot = {
|
boot = {
|
||||||
loader = {
|
loader = {
|
||||||
efi.canTouchEfiVariables = true;
|
efi.canTouchEfiVariables = true;
|
||||||
|
@ -65,7 +66,7 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.fail2ban.enable = true;
|
# services.fail2ban.enable = true;
|
||||||
services.radvd = {
|
services.radvd = {
|
||||||
enable = false;
|
enable = false;
|
||||||
# NOTE: this config is just the default arch linux config I think and may
|
# NOTE: this config is just the default arch linux config I think and may
|
||||||
|
@ -123,62 +124,62 @@ in {
|
||||||
# '';
|
# '';
|
||||||
# };
|
# };
|
||||||
|
|
||||||
# services.dnsmasq = {
|
services.dnsmasq = {
|
||||||
# enable = true;
|
enable = false;
|
||||||
# settings = {
|
settings = {
|
||||||
# # server endpoints
|
# server endpoints
|
||||||
# listen-address = "::1,127.0.0.1,${ip}";
|
listen-address = "::1,127.0.0.1,${ip}";
|
||||||
# port = "53";
|
port = "53";
|
||||||
|
|
||||||
# # DNS cache entries
|
# DNS cache entries
|
||||||
# cache-size = "10000";
|
cache-size = "10000";
|
||||||
|
|
||||||
# # local domain entries
|
# local domain entries
|
||||||
# local = "/lan/";
|
local = "/lan/";
|
||||||
# domain = "lan";
|
domain = "lan";
|
||||||
# expand-hosts = true;
|
expand-hosts = true;
|
||||||
|
|
||||||
# dhcp-authoritative = true;
|
dhcp-authoritative = true;
|
||||||
|
|
||||||
# conf-file = "/usr/share/dnsmasq/trust-anchors.conf";
|
conf-file = "/usr/share/dnsmasq/trust-anchors.conf";
|
||||||
# dnssec = true;
|
dnssec = true;
|
||||||
|
|
||||||
# except-interface = "${wan_if}";
|
except-interface = "${wan_if}";
|
||||||
# interface = "${lan_if}";
|
interface = "${lan_if}";
|
||||||
|
|
||||||
# enable-ra = true;
|
enable-ra = true;
|
||||||
|
|
||||||
# # dhcp-option = "121,${cidr},${ip}";
|
# dhcp-option = "121,${cidr},${ip}";
|
||||||
|
|
||||||
# dhcp-range = [
|
dhcp-range = [
|
||||||
# "lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m"
|
"lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m"
|
||||||
# "tag:${lan_if},::1,constructor:${lan_if},ra-names,12h"
|
"tag:${lan_if},::1,constructor:${lan_if},ra-names,12h"
|
||||||
# ];
|
];
|
||||||
|
|
||||||
# dhcp-host = [
|
dhcp-host = [
|
||||||
# "${hosts.dragon.host},${hosts.dragon.ip},12h"
|
"${hosts.dragon.host},${hosts.dragon.ip},12h"
|
||||||
# "${hosts.beefcake.host},${hosts.beefcake.ip},12h"
|
"${hosts.beefcake.host},${hosts.beefcake.ip},12h"
|
||||||
# ];
|
];
|
||||||
|
|
||||||
# # may need to go in /etc/hosts (networking.extraHosts), too?
|
# may need to go in /etc/hosts (networking.extraHosts), too?
|
||||||
# address = [
|
address = [
|
||||||
# "/video.lyte.dev/192.168.0.9"
|
"/video.lyte.dev/192.168.0.9"
|
||||||
# "/git.lyte.dev/192.168.0.9"
|
"/git.lyte.dev/192.168.0.9"
|
||||||
# "/bw.lyte.dev/192.168.0.9"
|
"/bw.lyte.dev/192.168.0.9"
|
||||||
# "/files.lyte.dev/192.168.0.9"
|
"/files.lyte.dev/192.168.0.9"
|
||||||
# "/vpn.h.lyte.dev/192.168.0.9"
|
"/vpn.h.lyte.dev/192.168.0.9"
|
||||||
# "/.h.lyte.dev/192.168.0.9"
|
"/.h.lyte.dev/192.168.0.9"
|
||||||
# ];
|
];
|
||||||
|
|
||||||
# server = [
|
server = [
|
||||||
# "${ip}"
|
"${ip}"
|
||||||
# "8.8.8.8"
|
"8.8.8.8"
|
||||||
# "8.8.4.4"
|
"8.8.4.4"
|
||||||
# "1.1.1.1"
|
"1.1.1.1"
|
||||||
# "1.0.0.1"
|
"1.0.0.1"
|
||||||
# ];
|
];
|
||||||
# };
|
};
|
||||||
# };
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "router";
|
hostName = "router";
|
||||||
|
@ -188,23 +189,6 @@ in {
|
||||||
# useDHCP = true;
|
# useDHCP = true;
|
||||||
# nat.enable = true; # TODO: maybe replace some of the nftables stuff with this module?
|
# nat.enable = true; # TODO: maybe replace some of the nftables stuff with this module?
|
||||||
|
|
||||||
# interfaces = {
|
|
||||||
# enp2s0 = {
|
|
||||||
# # should be wan0
|
|
||||||
# useDHCP = true;
|
|
||||||
# };
|
|
||||||
# enp3s0 = {
|
|
||||||
# # should be lan0
|
|
||||||
# useDHCP = false;
|
|
||||||
# };
|
|
||||||
# wan0 = {
|
|
||||||
# useDHCP = true;
|
|
||||||
# };
|
|
||||||
# lan0 = {
|
|
||||||
# useDHCP = false;
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
extraHosts = ''
|
extraHosts = ''
|
||||||
127.0.0.1 localhost
|
127.0.0.1 localhost
|
||||||
${ip} router.h.lyte.dev router
|
${ip} router.h.lyte.dev router
|
||||||
|
@ -215,9 +199,13 @@ in {
|
||||||
'';
|
'';
|
||||||
|
|
||||||
firewall.enable = false;
|
firewall.enable = false;
|
||||||
|
firewall.allowedTCPPorts = [
|
||||||
|
2201
|
||||||
|
22
|
||||||
|
];
|
||||||
|
|
||||||
nftables = {
|
nftables = {
|
||||||
enable = true;
|
enable = false;
|
||||||
flushRuleset = true;
|
flushRuleset = true;
|
||||||
|
|
||||||
tables = {
|
tables = {
|
||||||
|
@ -313,7 +301,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
dhcpcd = {
|
dhcpcd = {
|
||||||
enable = true;
|
enable = false;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
duid
|
duid
|
||||||
|
|
||||||
|
@ -360,6 +348,10 @@ in {
|
||||||
addr = "0.0.0.0";
|
addr = "0.0.0.0";
|
||||||
port = 2201;
|
port = 2201;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
addr = "[::]";
|
||||||
|
port = 2201;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
|
|
Loading…
Reference in a new issue