about summary refs log tree commit diff
path: root/machines/heinrich.nix
diff options
Diffstat (limited to 'machines/heinrich.nix')
1 files changed, 139 insertions, 0 deletions
diff --git a/machines/heinrich.nix b/machines/heinrich.nix
new file mode 100644
index 00000000..48b20c7a
--- /dev/null
+++ b/machines/heinrich.nix
@@ -0,0 +1,139 @@
+{ config, lib, ... }:
+with lib;
+  routes = {
+    moritz = {
+      id = 14;
+      address = "";
+      prefixLength = 24;
+      gateway = "";
+      destination = "";
+    };
+    hotelturm = {
+      id = 8;
+      address = "";
+      prefixLength = 24;
+      gateway = "";
+      destination = "";
+    };
+  };
+  internalIf = config.heinrich.internalInterface;
+  externalIf = config.heinrich.externalInterface;
+  mkRouteConfig = name: cfg: {
+    key = "routes-${name}";
+    networking.vlans.${name} = {
+      inherit (cfg) id;
+      interface = externalIf;
+    };
+    networking.interfaces.${name}.ip4 = singleton {
+      inherit (cfg) address prefixLength;
+    };
+    systemd.network.networks."40-${name}".routes = singleton {
+      routeConfig.Gateway = cfg.gateway;
+      routeConfig.Destination = cfg.destination;
+    };
+  };
+in {
+  imports = mapAttrsToList mkRouteConfig routes;
+  options.heinrich = {
+    internalInterface = mkOption {
+      type = types.str;
+      default = "enp7s0";
+      description = ''
+        The internal network interface where Heinrich is serving DHCP and DNS
+        requests.
+      '';
+    };
+    externalInterface = mkOption {
+      type = types.str;
+      default = "enp5s0";
+      description = ''
+        The external network interface where Heinrich is connected to the
+        internet.
+      '';
+    };
+  };
+  config = {
+    networking.useDHCP = false;
+    networking.interfaces.${externalIf}.ip4 = mkForce [];
+    networking.interfaces.${internalIf}.ip4 = lib.singleton {
+      address = "";
+      prefixLength = 24;
+    };
+    services.dnsmasq.enable = true;
+    services.dnsmasq.resolveLocalQueries = false;
+    services.dnsmasq.extraConfig = ''
+      dhcp-range=,,12h
+      dhcp-option=3, # Gateway
+      dhcp-option=6, # DNS-server
+      local=/openlab.lan/
+      domain=openlab.lan
+      dhcp-leasefile=/var/db/dnsmasq/dhcp.leases
+    '';
+    systemd.services.dnsmasq-pre = {
+      description = "Pre-Init DNSMasq";
+      before = [ "dnsmasq.service" ];
+      wantedBy = [ "multi-user.target" ];
+      script = ''
+        mkdir -p /var/db/dnsmasq
+        chown dnsmasq:nogroup /var/db/dnsmasq
+      '';
+      serviceConfig.Type = "oneshot";
+      serviceConfig.RemainAfterExit = true;
+    };
+    users.motd = ''
+      0. Never touch a running system.
+      1. Dokumentiere alle trotz 0 erfolgten Änderungen im Github-Repo:
+         https://github.com/openlab-aux/labnetz-doku
+      2. Mit großer Macht geht große Verantwortung einher.
+      3. So weit!
+      4. ...
+      5. Reisst dir Hannes den Arsch auf, wenn Du die Punkte 0-2 ignorierst.
+    '';
+    networking.useNetworkd = true;
+    networking.firewall.enable = false;
+    networking.nat.enable = true;
+    networking.nat.externalIP = routes.hotelturm.address;
+    networking.nat.externalInterface = "hotelturm";
+    networking.nat.internalIPs = [ "" ];
+    networking.nat.internalInterfaces = [ internalIf ];
+    /* TODO!
+    services.openvpn.enable = true;
+    services.openvpn.servers.heinrich.config = ''
+      dev tun0
+      remote
+      ifconfig
+      secret /etc/openvpn/priv.key
+      comp-lzo
+      keepalive 10 60
+      ping-timer-rem
+      persist-tun
+      persist-key
+      route
+    '';
+    */
+  };