router: setup cameras vlan

2024-09-16 20:48:10 +01:00 · 2024-09-16 20:48:10 +01:00 · d5c2f8d543
commit d5c2f8d543
parent 1189a41df9
1 changed files with 42 additions and 3 deletions
--- a/hosts/router.home.ts.hillion.co.uk/default.nix
+++ b/hosts/router.home.ts.hillion.co.uk/default.nix
@ -32,6 +32,14 @@
      nat.enable = lib.mkForce false;
      useDHCP = false;
      vlans = {
        cameras = {
          id = 3;
          interface = "eth2";
        };
      };
      interfaces = {
        enp1s0 = {
          name = "eth0";
@ -56,6 +64,14 @@
            }
          ];
        };
        cameras /* cameras@eth2 */ = {
          ipv4.addresses = [
            {
              address = "10.133.145.1";
              prefixLength = 24;
            }
          ];
        };
        enp4s0 = { name = "eth3"; };
        enp5s0 = { name = "eth4"; };
        enp6s0 = { name = "eth5"; };
@ -82,8 +98,8 @@
              ip protocol icmp counter accept comment "accept all ICMP types"
-              iifname "eth0" ct state { established, related } counter accept
+              iifname { "eth0", "cameras" } ct state { established, related } counter accept
-              iifname "eth0" drop
+              iifname { "eth0", "cameras" } drop
            }
            chain forward {
@ -138,7 +154,7 @@
          settings = {
            interfaces-config = {
-              interfaces = [ "eth1" "eth2" ];
+              interfaces = [ "eth1" "eth2" "cameras" ];
            };
            lease-database = {
              type = "memfile";
@ -243,6 +259,29 @@
                  }
                ];
              }
              {
                subnet = "10.133.145.0/24";
                interface = "cameras";
                pools = [{
                  pool = "10.133.145.64 - 10.133.145.254";
                }];
                option-data = [
                  {
                    name = "routers";
                    data = "10.133.145.1";
                  }
                  {
                    name = "broadcast-address";
                    data = "10.133.145.255";
                  }
                  {
                    name = "domain-name-servers";
                    data = "1.1.1.1, 8.8.8.8";
                  }
                ];
                reservations = [
                ];
              }
            ];
          };
        };