From 45f6b8e44a92e3632a88680d52d2985bcd31d8f3 Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Mon, 16 Sep 2024 20:48:10 +0100 Subject: [PATCH] router: setup cameras vlan --- .../router.home.ts.hillion.co.uk/default.nix | 45 +++++++++++++++++-- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/hosts/router.home.ts.hillion.co.uk/default.nix b/hosts/router.home.ts.hillion.co.uk/default.nix index 5479e3d..11cf9b4 100644 --- a/hosts/router.home.ts.hillion.co.uk/default.nix +++ b/hosts/router.home.ts.hillion.co.uk/default.nix @@ -32,6 +32,14 @@ nat.enable = lib.mkForce false; useDHCP = false; + + vlans = { + cameras = { + id = 3; + interface = "eth2"; + }; + }; + interfaces = { enp1s0 = { name = "eth0"; @@ -47,6 +55,14 @@ } ]; }; + cameras /* cameras@eth1 */ = { + ipv4.addresses = [ + { + address = "10.133.145.1"; + prefixLength = 24; + } + ]; + }; enp3s0 = { name = "eth2"; ipv4.addresses = [ @@ -82,8 +98,8 @@ ip protocol icmp counter accept comment "accept all ICMP types" - iifname "eth0" ct state { established, related } counter accept - iifname "eth0" drop + iifname { "eth0", "cameras" } ct state { established, related } counter accept + iifname { "eth0", "cameras" } accept } chain forward { @@ -138,7 +154,7 @@ settings = { interfaces-config = { - interfaces = [ "eth1" "eth2" ]; + interfaces = [ "eth1" "eth2" "cameras" ]; }; lease-database = { type = "memfile"; @@ -243,6 +259,29 @@ } ]; } + { + subnet = "10.133.145.0/24"; + interface = "cameras"; + pools = [{ + pool = "10.133.145.64 - 10.133.145.254"; + }]; + option-data = [ + { + name = "routers"; + data = "10.133.145.1"; + } + { + name = "broadcast-address"; + data = "10.133.145.255"; + } + { + name = "domain-name-servers"; + data = "1.1.1.1, 8.8.8.8"; + } + ]; + reservations = [ + ]; + } ]; }; };