From fb16bea95c00d4aabaf34aeb68f6d22b06207c31 Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <hg@lukegb.com>
Date: Thu, 30 Sep 2021 16:07:12 +0000
Subject: [PATCH] swann: give PS5 a static IP

---
 ops/nixos/swann/default.nix | 32 ++++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/ops/nixos/swann/default.nix b/ops/nixos/swann/default.nix
index 31cb490ec0..42f340f188 100644
--- a/ops/nixos/swann/default.nix
+++ b/ops/nixos/swann/default.nix
@@ -74,6 +74,7 @@ in {
       en-general = {
         ipv4.addresses = [
           { address = "192.168.1.1"; prefixLength = 23; }
+          { address = "92.118.30.17"; prefixLength = 28; }
         ];
         ipv6.addresses = [
           { address = "2a09:a443::1"; prefixLength = 64; }
@@ -214,16 +215,26 @@ in {
     interfaces = ["en-general" "vl-eduroam"];
     authoritative = true;
     extraConfig = ''
-      subnet 192.168.1.0 netmask 255.255.255.0 {
-        option subnet-mask 255.255.255.0;
-        option routers 192.168.1.1;
-        option domain-name-servers 192.168.1.1;
-        option domain-name "house.as205479.net";
+      shared-network int {
         default-lease-time 600;
         max-lease-time 3600;
         option interface-mtu 1420;  # Wireguard
 
-        range 192.168.1.100 192.168.1.200;
+        subnet 192.168.1.0 netmask 255.255.255.0 {
+          option subnet-mask 255.255.255.0;
+          option routers 192.168.1.1;
+          option domain-name-servers 192.168.1.1;
+          option domain-name "house.as205479.net";
+
+          range 192.168.1.100 192.168.1.200;
+        }
+
+        subnet 92.118.30.16 netmask 255.255.255.240 {
+          option subnet-mask 255.255.255.240;
+          option routers 92.118.30.17;
+          option domain-name-servers 92.118.30.17;
+          option domain-name "house-ext.as205479.net";
+        }
       }
 
       subnet 192.168.10.0 netmask 255.255.255.0 {
@@ -259,6 +270,11 @@ in {
         ethernetAddress = "9c:93:4e:ad:1f:7b";
         ipAddress = "192.168.1.51";
       }
+      {
+        hostName = "ps5";
+        ethernetAddress = "bc:33:29:26:01:5c";
+        ipAddress = "92.118.30.18";
+      }
     ];
   };
   networking.wireguard = let
@@ -412,9 +428,9 @@ in {
     enable = true;
     config = ''
       .:53 {
-        bind 192.168.1.1 192.168.10.1 127.0.0.53 2a09:a443::1 2a09:a443:1::1 2a09:a443:2::1 2a09:a443:3::1
+        bind 192.168.1.1 92.118.30.17 192.168.10.1 127.0.0.53 2a09:a443::1 2a09:a443:1::1 2a09:a443:2::1 2a09:a443:3::1
         acl {
-          allow net 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.0/8 100.64.0.0/10 2a09:a443::/32
+          allow net 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.0/8 100.64.0.0/10 2a09:a443::/32 92.118.30.0/24
           block
         }
         hosts /dev/null {