depot/ops/nixos/swann/default.nix

98 lines
2.7 KiB
Nix

# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, rebuilder, config, ... }:
let
inherit (depot.ops) secrets;
in {
boot.initrd.availableKernelModules = [
"sd_mod"
"ahci"
"usb_storage"
"usbhid"
];
boot.kernelParams = [ "mitigations=off" ];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/fc964ef6-e3d0-4472-bc0e-f96f977ebf11";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/AB36-5BE4";
fsType = "vfat";
};
};
nix.maxJobs = lib.mkDefault 4;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Networking!
networking = {
hostName = "swann"; # Define your hostname.
domain = "house.as205479.net";
nameservers = ["8.8.8.8" "8.8.4.4"];
useDHCP = false;
interfaces = {
ens-virginmedia = {
useDHCP = true;
};
ens-general = {
ipv4.addresses = [
{ address = "192.168.1.1"; prefixLength = 23; }
];
};
};
};
services.udev.extraRules = ''
ATTR{address}=="e4:3a:6e:16:07:62", NAME="ens-virginmedia"
ATTR{address}=="e4:3a:6e:16:07:67", NAME="ens-general"
'';
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = "1";
"net.ipv6.conf.default.forwarding" = "1";
"net.ipv6.conf.all.forwarding" = "1";
};
networking.nat = {
enable = true;
externalInterface = "ens-virginmedia";
internalInterfaces = ["ens-general"];
};
services.dhcpd4 = {
enable = true;
interfaces = ["ens-general"];
authoritative = true;
extraConfig = ''
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.1.1;
option domain-name-servers 8.8.8.8, 8.8.4.4;
option domain-name "house.as205479.net";
default-lease-time 600;
max-lease-time 3600;
range 192.168.1.100 192.168.1.200;
}
'';
};
networking.localCommands = ''
tc qdisc del dev ens-virginmedia root || true
tc qdisc add dev ens-virginmedia root cake bandwidth 30Mbit docsis nat dual-srchost
ip link add name ifb-virginmedia type ifb || true
tc qdisc del dev ens-virginmedia ingress || true
tc qdisc add dev ens-virginmedia handle ffff: ingress
tc qdisc del dev ifb-virginmedia root || true
tc qdisc add dev ifb-virginmedia root cake bandwidth 500Mbit besteffort docsis nat wash dual-dsthost
ip link set dev ifb-virginmedia up
tc filter add dev ens-virginmedia parent ffff: matchall action mirred egress redirect dev ifb-virginmedia
'';
environment.systemPackages = with pkgs; [];
system.stateVersion = "21.03";
}