diff --git a/hosts/router.home.ts.hillion.co.uk/default.nix b/hosts/router.home.ts.hillion.co.uk/default.nix index 5479e3d..479bb56 100644 --- a/hosts/router.home.ts.hillion.co.uk/default.nix +++ b/hosts/router.home.ts.hillion.co.uk/default.nix @@ -32,6 +32,14 @@ nat.enable = lib.mkForce false; useDHCP = false; + + vlans = { + cameras = { + id = 3; + interface = "eth2"; + }; + }; + interfaces = { enp1s0 = { name = "eth0"; @@ -47,6 +55,14 @@ } ]; }; + cameras /* cameras@eth1 */ = { + ipv4.addresses = [ + { + address = "10.133.145.1"; + prefixLength = 24; + } + ]; + }; enp3s0 = { name = "eth2"; ipv4.addresses = [ @@ -82,8 +98,8 @@ ip protocol icmp counter accept comment "accept all ICMP types" - iifname "eth0" ct state { established, related } counter accept - iifname "eth0" drop + iifname { "eth0", "cameras" } ct state { established, related } counter accept + iifname { "eth0", "cameras" } drop } chain forward { @@ -243,6 +259,29 @@ } ]; } + { + subnet = "10.133.145.0/24"; + interface = "cameras"; + pools = [{ + pool = "10.133.145.64 - 10.133.145.254"; + }]; + option-data = [ + { + name = "routers"; + data = "10.133.145.1"; + } + { + name = "broadcast-address"; + data = "10.133.145.255"; + } + { + name = "domain-name-servers"; + data = "1.1.1.1, 8.8.8.8"; + } + ]; + reservations = [ + ]; + } ]; }; };