DGNum/liminix
14
0
Fork 2
Code Issues 15 Pull requests 7 Projects Releases Packages Wiki Activity Actions

rotuer: get lan rfc1918 prefix from secrets

Browse source
This commit is contained in:
Daniel Barlow 2024-02-07 23:46:16 +00:00
parent 6f1f9d6f20
commit 29e61be26c
2 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
examples/rotuer-secrets.example.nix
View file

@ -11,4 +11,8 @@ rec {
]; ];
}; };
root_password = root.passwd; root_password = root.passwd;
lan = {
prefix = "10.8.0"; # "192.168.8";
};
} }

8
examples/rotuer.nix
View file

@ -76,7 +76,7 @@ in rec {
services.int = svc.network.address.build { services.int = svc.network.address.build {
interface = svc.bridge.primary.build { ifname = "int"; }; interface = svc.bridge.primary.build { ifname = "int"; };
family = "inet"; address ="10.8.0.1"; prefixLength = 16; family = "inet"; address ="${secrets.lan.prefix}.1"; prefixLength = 24;
}; };
services.bridge = svc.bridge.members.build { services.bridge = svc.bridge.members.build {
@ -102,7 +102,7 @@ in rec {
resolvconf = services.resolvconf; resolvconf = services.resolvconf;
inherit interface; inherit interface;
ranges = [ ranges = [
"10.8.0.10,10.8.0.240" "${secrets.lan.prefix}.10,${secrets.lan.prefix}.240"
# ra-stateless: sends router advertisements with the O and A # ra-stateless: sends router advertisements with the O and A
# bits set, and provides a stateless DHCP service. The client # bits set, and provides a stateless DHCP service. The client
# will use a SLAAC address, and use DHCP for other # will use a SLAAC address, and use DHCP for other
@ -160,7 +160,9 @@ in rec {
}; };
services.firewall = svc.firewall.build { services.firewall = svc.firewall.build {
ruleset = import ./demo-firewall.nix; ruleset =
let defaults = import ./demo-firewall.nix;
in lib.recursiveUpdate defaults secrets.firewallRules;
}; };
services.packet_forwarding = svc.network.forward.build { }; services.packet_forwarding = svc.network.forward.build { };