WIP: add router configuration

flake.nix

@@ -29,6 +29,14 @@
           ./hosts/vm
         ];
       };
+      router = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./modules
+          ./hosts/common.nix
+          ./hosts/router
+        ];
+      };
     };
     # https://github.com/nix-community/nixos-generators?tab=readme-ov-file#using-in-a-flake
     packages.x86_64-linux = {

hosts/router/default.nix

@@ -0,0 +1,314 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+let
+  lan_ip6 = "fd97:530d:73ec:f00::";
+in
+{
+  imports =
+    [ # Include the results of the hardware scan.
+     ./hardware-configuration.nix
+    ];
+  mods.kb-input.enable = false;
+  boot.growPartition = true;
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.plymouth.enable = true;
+  boot.plymouth.theme = "breeze";
+  boot.kernelParams = [
+    "sysrq_always_enabled=1"
+  ];
+
+  boot.loader.systemd-boot.configurationLimit = 5;
+  boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_12;
+  boot.extraModulePackages = with config.boot.kernelPackages; [ zfs ];
+
+  environment.etc.hosts.mode = "0644";
+
+  # managed by cloud-init
+  # networking.hostName = "nixos"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable networking
+#   networking.networkmanager.enable = true;
+
+  # It is impossible to do multiple prefix requests with networkd
+  # https://github.com/systemd/systemd/issues/22571
+  networking.dhcpcd.enable = true;
+  # https://github.com/systemd/systemd/issues/22571#issuecomment-2094905496
+  # https://gist.github.com/csamsel/0f8cca3b2e64d7e4cc47819ec5ba9396
+  networking.dhcpcd.extraConfig = ''
+    duid
+    nodelay
+    ipv6only
+    # noarp
+    # nodhcp
+    nodhcp6
+    # noipv4
+    # noipv4ll
+    noipv6rs
+
+    nohook resolv.conf, yp, hostname, ntp
+
+    option rapid_commit
+
+    interface wan
+      ipv6rs
+      # ipv6ra_noautoconf
+      dhcp6
+
+      # iaid 1
+      # ia_na 0
+      ia_na
+      ia_pd 1 lan/0
+      ia_pd 2 lan.10/0
+      ia_pd 3 lan.20/0
+  '';
+
+  networking.useNetworkd = true;
+  systemd.network.enable = true;
+  systemd.network = {
+    # This is applied by udev, not networkd
+    # https://nixos.wiki/wiki/Systemd-networkd
+    # https://nixos.org/manual/nixos/stable/#sec-rename-ifs
+    links = {
+      "10-wan" = {
+        # matchConfig.Name = "enp6s18";
+        matchConfig.PermanentMACAddress = "bc:24:11:4f:c9:c4";
+        linkConfig.Name = "wan";
+      };
+      "10-lan" = {
+        # matchConfig.Name = "enp6s18";
+        matchConfig.PermanentMACAddress = "bc:24:11:83:d8:de";
+        linkConfig.Name = "lan";
+      };
+    };
+
+    netdevs = {
+      "10-vlan10" = {
+        netdevConfig = {
+          Kind = "vlan";
+          Name = "lan.10";
+        };
+        vlanConfig.Id = 10;
+      };
+      "10-vlan20" = {
+        netdevConfig = {
+          Kind = "vlan";
+          Name = "lan.20";
+        };
+        vlanConfig.Id = 20;
+      };
+    };
+
+    networks = {
+      "10-wan" = {
+        matchConfig.Name = "wan";
+        networkConfig = {
+          # start a DHCP Client for IPv4 Addressing/Routing
+          DHCP = "ipv4";
+          # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC)
+          # let dhcpcd manage this
+          IPv6AcceptRA = false;
+        };
+        # make routing on this interface a dependency for network-online.target
+        linkConfig.RequiredForOnline = "routable";
+
+      };
+      "20-lan" = {
+        matchConfig.Name = "lan";
+        vlan = [
+          "lan.10"
+          "lan.20"
+        ];
+        networkConfig = {
+          IPv6SendRA = true;
+          Address = [ "10.19.1.1/24" ];
+          # IPMasquerade = "ipv4";
+          IPMasquerade = "both";
+          # DHCPServer = true;
+          # DHCPPrefixDelegation = true;
+        };
+#         dhcpServerConfig = {
+#           PoolOffset = 100;
+#           PoolSize = 100;
+#         };
+#         dhcpPrefixDelegationConfig = {
+#           UplinkInterface = "enp6s18";
+#           SubnetId = 0;
+#           Token = "static:::1";
+#         };
+      };
+      "30-vlan10"  = {
+        matchConfig.Name = "lan.10";
+        networkConfig = {
+          IPv6SendRA = true;
+        };
+      };
+      "30-vlan20"  = {
+        matchConfig.Name = "lan.20";
+        networkConfig = {
+          IPv6SendRA = true;
+        };
+      };
+    };
+  };
+
+  services.kea.dhcp4.enable = true;
+  services.kea.dhcp4.settings = {
+    interfaces-config = {
+      interfaces = [
+        "lan"
+      ];
+    };
+    lease-database = {
+      type = "memfile";
+      persist = true;
+    };
+    subnet4 = [
+      {
+        id = 1;
+        subnet = "10.19.1.0/24";
+        pools = [ { pool = "10.19.1.100 - 10.19.1.199"; } ];
+        option-data = [
+          {
+            name = "routers";
+            data = "10.19.1.1";
+          }
+          {
+            name = "domain-name-servers";
+            data = "1.1.1.1";
+          }
+        ];
+      }
+    ];
+  };
+
+  services.kea.dhcp6.enable = true;
+  services.kea.dhcp6.settings = {
+    interfaces-config = {
+      interfaces = [
+        "lan"
+      ];
+    };
+    lease-database = {
+      type = "memfile";
+      persist = true;
+    };
+    subnet6 = [
+      {
+        id = 1;
+        subnet = "${lan_ip6}/64";
+        pools = [ { pool = "${lan_ip6}1:1000/116"; } ];
+        option-data = [
+        ];
+      }
+    ];
+  };
+
+  services.netdata.enable = true;
+
+  # Enable the X11 windowing system.
+  # You can disable this if you're only using the Wayland session.
+  services.xserver.enable = false;
+
+  # Enable the KDE Plasma Desktop Environment.
+  services.displayManager.sddm.enable = true;
+  services.displayManager.sddm.wayland.enable = true;
+  services.desktopManager.plasma6.enable = true;
+  services.flatpak.enable = true;
+
+  # VM services
+  services.cloud-init.enable = true;
+#  services.cloud-init.network.enable = false;
+  services.qemuGuest.enable = true;
+  services.spice-vdagentd.enable = true;
+  services.openssh.enable = true;
+  services.openssh.settings.PasswordAuthentication = false;
+  services.openssh.settings.KbdInteractiveAuthentication = false;
+
+  security.sudo.wheelNeedsPassword = false;
+
+  users.groups = {
+    cazzzer = {
+      gid = 1000;
+    };
+  };
+  users.users.cazzzer = {
+    password = "";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWgEzbEjbbu96MVQzkiuCrw+UGYAXN4sRe2zM6FVopq cazzzer@Yura-PC"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIApFeLVi3BOquL0Rt+gQK2CutNHaBDQ0m4PcGWf9Bc43 cazzzer@Yura-TPX13"
+    ];
+    isNormalUser = true;
+    description = "Yura";
+    uid = 1000;
+    group = "cazzzer";
+    extraGroups = [ "wheel" "docker" "wireshark" ];
+  };
+
+  # Install firefox.
+  programs.firefox.enable = true;
+  programs.fish.enable = true;
+  programs.git.enable = true;
+  programs.neovim.enable = true;
+
+  programs.bat.enable = true;
+  programs.htop.enable = true;
+  programs.wireshark.enable = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+
+  # https://github.com/flatpak/flatpak/issues/2861
+  xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+
+#  workarounds.flatpak.enable = true;
+  fonts.packages = with pkgs; [
+    noto-fonts-cjk-sans
+    noto-fonts-cjk-serif
+    fantasque-sans-mono
+    nerd-fonts.fantasque-sans-mono
+    jetbrains-mono
+  ];
+
+  environment.systemPackages = with pkgs; [
+    dust
+    eza
+    fastfetch
+    fd
+    host-spawn # for flatpaks
+    kdePackages.flatpak-kcm
+    kdePackages.filelight
+    kdePackages.kate
+    kdePackages.yakuake
+    ldns
+    micro
+    mpv
+    ripgrep
+    starship
+    tealdeer
+    waypipe
+    whois
+    zfs
+  ];
+
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.11"; # Did you read the comment?
+}

hosts/router/hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/12CE-A600";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}