Skip to content

Commit

Permalink
bebop: proxmox
Browse files Browse the repository at this point in the history
  • Loading branch information
@ocfox
ocfox committed Nov 21, 2024
1 parent 7ddfff8 commit 5c2f538
Show file tree
Hide file tree
Showing 7 changed files with 158 additions and 172 deletions.
162 changes: 149 additions & 13 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@
niri.url = "github:sodiboo/niri-flake";
nixos-facter.url = "github:numtide/nixos-facter-modules";
chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
proxmox-nixos.url = "github:SaumonNet/proxmox-nixos";
jovian-nixos = {
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs";
Expand Down
6 changes: 5 additions & 1 deletion hosts/bebop/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ pkgs, ... }:
{ inputs, pkgs, ... }:
{

facter.reportPath = ./facter.json;
Expand All @@ -13,6 +13,10 @@

hardware.enableRedistributableFirmware = true;

nixpkgs.overlays = [
inputs.proxmox-nixos.overlays.x86_64-linux
];

environment.systemPackages = with pkgs; [
tmux
htop
Expand Down
40 changes: 1 addition & 39 deletions hosts/bebop/networking.nix
View file
Original file line number Diff line number Diff line change
@@ -1,46 +1,8 @@
{
hostName = "bebop";

useDHCP = false;
useDHCP = true;
useNetworkd = true;

firewall.enable = false;

nameservers = [
"223.5.5.5"
"1.1.1.1"
];

nat.enable = false;

nftables = {
enable = true;

ruleset = ''
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
iifname { "br-lan" } accept comment "Allow local network to access the router"
iifname "ppp-wan" ct state { established, related } accept comment "Allow established traffic"
iifname "ppp-wan" icmp type { echo-request, destination-unreachable, time-exceeded } counter accept comment "Allow select ICMP"
iifname "ppp-wan" counter drop comment "Drop all other unsolicited traffic from wan"
iifname "lo" accept comment "Accept everything from loopback interface"
}
chain forward {
type filter hook forward priority filter; policy drop;
iifname { "br-lan" } oifname { "ppp-wan" } accept comment "Allow trusted LAN to WAN"
iifname { "ppp-wan" } oifname { "br-lan" } ct state { established, related } accept comment "Allow established back to LANs"
}
}
table ip nat {
chain postrouting {
type nat hook postrouting priority 100; policy accept;
oifname "ppp-wan" masquerade
}
}
'';
};
}
73 changes: 1 addition & 72 deletions hosts/bebop/services.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,76 +3,5 @@
openssh.enable = true;
tailscale.enable = true;

pppd = {
enable = true;
peers.edpnet = {
enable = true;
config = ''
plugin pppoe.so eth0
name "2-29-507"
password "229507"
ifname ppp-wan
usepeerdns
defaultroute
'';
};
};

resolved.enable = false;

kresd = {
enable = true;
listenPlain = [
"127.0.0.1:53"
"[::1]:53"
"10.0.0.1:53"
"[fd23:3333:3333::1]:53"
];
};

kea.dhcp4 = {
enable = true;
settings = {
interfaces-config = {
interfaces = [ "br-lan" ];
};
subnet4 = [
{
id = 1;
subnet = "10.0.0.0/24";
pools = [ { pool = "10.0.0.2 - 10.0.0.100"; } ];
option-data = [
{
name = "routers";
data = "10.0.0.1";
}
{
name = "domain-name-servers";
data = "10.0.0.1";
}
];
}
];
};
};

radvd = {
enable = true;
config = ''
interface br-lan {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix ::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
RDNSS fd23:3333:3333::1 { };
};
'';
};
proxmox-ve.enable = true;
}
Loading

0 comments on commit 5c2f538

Please sign in to comment.