diff --git a/modules/cloonar-assistant/networking/dhcp.nix b/modules/cloonar-assistant/networking/dhcp.nix index 85f0d2f..164acd0 100644 --- a/modules/cloonar-assistant/networking/dhcp.nix +++ b/modules/cloonar-assistant/networking/dhcp.nix @@ -25,15 +25,15 @@ id = 96; pools = [ { - pool = "${config.networkPrefix}.96.100 - ${config.networkPrefix}.96.240"; + pool = "${config.cloonar-assistant.networkPrefix}.96.100 - ${config.cloonar-assistant.networkPrefix}.96.240"; } ]; - subnet = "${config.networkPrefix}.96.0/24"; + subnet = "${config.cloonar-assistant.networkPrefix}.96.0/24"; interface = "lan"; option-data = [ { name = "routers"; - data = "${config.networkPrefix}.96.1"; + data = "${config.cloonar-assistant.networkPrefix}.96.1"; } { name = "domain-name"; @@ -45,7 +45,7 @@ } { name = "domain-name-servers"; - data = "${config.networkPrefix}.96.1"; + data = "${config.cloonar-assistant.networkPrefix}.96.1"; } ]; reservations = [ @@ -55,15 +55,15 @@ id = 97; pools = [ { - pool = "${config.networkPrefix}.97.100 - ${config.networkPrefix}.97.240"; + pool = "${config.cloonar-assistant.networkPrefix}.97.100 - ${config.cloonar-assistant.networkPrefix}.97.240"; } ]; - subnet = "${config.networkPrefix}.97.0/24"; + subnet = "${config.cloonar-assistant.networkPrefix}.97.0/24"; interface = "server"; option-data = [ { name = "routers"; - data = "${config.networkPrefix}.97.1"; + data = "${config.cloonar-assistant.networkPrefix}.97.1"; } { name = "domain-name"; @@ -71,7 +71,7 @@ } { name = "domain-name-servers"; - data = "${config.networkPrefix}.97.1"; + data = "${config.cloonar-assistant.networkPrefix}.97.1"; } ]; reservations = [ @@ -81,15 +81,15 @@ id = 101; pools = [ { - pool = "${config.networkPrefix}.101.100 - ${config.networkPrefix}.101.240"; + pool = "${config.cloonar-assistant.networkPrefix}.101.100 - ${config.cloonar-assistant.networkPrefix}.101.240"; } ]; - subnet = "${config.networkPrefix}.101.0/24"; + subnet = "${config.cloonar-assistant.networkPrefix}.101.0/24"; interface = "infrastructure"; option-data = [ { name = "routers"; - data = "${config.networkPrefix}.101.1"; + data = "${config.cloonar-assistant.networkPrefix}.101.1"; } { name = "domain-name"; @@ -97,12 +97,12 @@ } { name = "domain-name-servers"; - data = "${config.networkPrefix}.101.1"; + data = "${config.cloonar-assistant.networkPrefix}.101.1"; } { name = "capwap-ac-v4"; code = 138; - data = "${config.networkPrefix}.97.2"; + data = "${config.cloonar-assistant.networkPrefix}.97.2"; } ]; reservations = [ @@ -112,15 +112,15 @@ id = 99; pools = [ { - pool = "${config.networkPrefix}.99.100 - ${config.networkPrefix}.99.240"; + pool = "${config.cloonar-assistant.networkPrefix}.99.100 - ${config.cloonar-assistant.networkPrefix}.99.240"; } ]; - subnet = "${config.networkPrefix}.99.0/24"; + subnet = "${config.cloonar-assistant.networkPrefix}.99.0/24"; interface = "multimedia"; option-data = [ { name = "routers"; - data = "${config.networkPrefix}.99.1"; + data = "${config.cloonar-assistant.networkPrefix}.99.1"; } { name = "domain-name"; @@ -128,7 +128,7 @@ } { name = "domain-name-servers"; - data = "${config.networkPrefix}.99.1"; + data = "${config.cloonar-assistant.networkPrefix}.99.1"; } ]; reservations = [ @@ -138,15 +138,15 @@ id = 254; pools = [ { - pool = "${config.networkPrefix}.254.10 - ${config.networkPrefix}.254.254"; + pool = "${config.cloonar-assistant.networkPrefix}.254.10 - ${config.cloonar-assistant.networkPrefix}.254.254"; } ]; - subnet = "${config.networkPrefix}.254.0/24"; + subnet = "${config.cloonar-assistant.networkPrefix}.254.0/24"; interface = "guest"; option-data = [ { name = "routers"; - data = "${config.networkPrefix}.254.1"; + data = "${config.cloonar-assistant.networkPrefix}.254.1"; } { name = "domain-name-servers"; @@ -158,15 +158,15 @@ id = 100; pools = [ { - pool = "${config.networkPrefix}.100.100 - ${config.networkPrefix}.100.240"; + pool = "${config.cloonar-assistant.networkPrefix}.100.100 - ${config.cloonar-assistant.networkPrefix}.100.240"; } ]; - subnet = "${config.networkPrefix}.100.0/24"; + subnet = "${config.cloonar-assistant.networkPrefix}.100.0/24"; interface = "smart"; option-data = [ { name = "routers"; - data = "${config.networkPrefix}.100.1"; + data = "${config.cloonar-assistant.networkPrefix}.100.1"; } { name = "domain-name"; @@ -174,7 +174,7 @@ } { name = "domain-name-servers"; - data = "${config.networkPrefix}.100.1"; + data = "${config.cloonar-assistant.networkPrefix}.100.1"; } ]; reservations = [ diff --git a/modules/cloonar-assistant/networking/firewall.nix b/modules/cloonar-assistant/networking/firewall.nix index 959d7c4..09ea055 100644 --- a/modules/cloonar-assistant/networking/firewall.nix +++ b/modules/cloonar-assistant/networking/firewall.nix @@ -52,8 +52,8 @@ in { # Accept mDNS for avahi reflection ${lib.optionalString config.cloonar-assistant.multiroom-audio.enable '' - iifname "server" ip saddr ${config.networkPrefix}.97.20/32 tcp dport { llmnr } counter accept - iifname "server" ip saddr ${config.networkPrefix}.97.20/32 udp dport { mdns, llmnr } counter accept + iifname "server" ip saddr ${config.cloonar-assistant.networkPrefix}.97.20/32 tcp dport { llmnr } counter accept + iifname "server" ip saddr ${config.cloonar-assistant.networkPrefix}.97.20/32 udp dport { mdns, llmnr } counter accept ''} # Allow all returning traffic @@ -91,13 +91,13 @@ in { iifname "multimedia" oifname "server" tcp dport { 1704, 1705 } counter accept iifname "lan" oifname "server" udp dport { 5000, 5353, 6001 - 6011 } counter accept # avahi - iifname "server" ip saddr ${config.networkPrefix}.97.20/32 oifname { "lan" } counter accept + iifname "server" ip saddr ${config.cloonar-assistant.networkPrefix}.97.20/32 oifname { "lan" } counter accept ''} ${lib.optionalString config.cloonar-assistant.firewall.enable '' # smart home coap - iifname "smart" oifname "server" ip daddr ${config.networkPrefix}.97.20/32 udp dport { 5683 } counter accept - iifname "smart" oifname "server" ip daddr ${config.networkPrefix}.97.20/32 tcp dport { 1883 } counter accept + iifname "smart" oifname "server" ip daddr ${config.cloonar-assistant.networkPrefix}.97.20/32 udp dport { 5683 } counter accept + iifname "smart" oifname "server" ip daddr ${config.cloonar-assistant.networkPrefix}.97.20/32 tcp dport { 1883 } counter accept # lan and vpn to any iifname { "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "server", "vserver", "infrastructure", "multimedia", "smart", "wg_cloonar", "guest", "setup" } counter accept @@ -138,7 +138,7 @@ in { content = '' chain prerouting { type nat hook prerouting priority filter; policy accept; - iifname "server" ip daddr ${config.networkPrefix}.96.255 udp dport { 9 } dnat to ${config.networkPrefix}.96.255 + iifname "server" ip daddr ${config.cloonar-assistant.networkPrefix}.96.255 udp dport { 9 } dnat to ${config.cloonar-assistant.networkPrefix}.96.255 ${config.cloonar-assistant.firewall.custom-rules.prerouting} } diff --git a/modules/cloonar-assistant/networking/interfaces.nix b/modules/cloonar-assistant/networking/interfaces.nix index 42bd004..c117d57 100644 --- a/modules/cloonar-assistant/networking/interfaces.nix +++ b/modules/cloonar-assistant/networking/interfaces.nix @@ -34,7 +34,7 @@ networking = if config.cloonar-assistant.firewall.enable then { useDHCP = false; # Define VLANS - nameservers = [ "${config.networkPrefix}.97.1" ]; + nameservers = [ "${config.cloonar-assistant.networkPrefix}.97.1" ]; # resolvconf.enable = false; vlans = { infrastructure = { @@ -71,37 +71,37 @@ wan.useDHCP = true; lan = { ipv4.addresses = [{ - address = "${config.networkPrefix}.96.1"; + address = "${config.cloonar-assistant.networkPrefix}.96.1"; prefixLength = 24; }]; }; server = { ipv4.addresses = [{ - address = "${config.networkPrefix}.97.1"; + address = "${config.cloonar-assistant.networkPrefix}.97.1"; prefixLength = 24; }]; }; infrastructure = { ipv4.addresses = [{ - address = "${config.networkPrefix}.101.1"; + address = "${config.cloonar-assistant.networkPrefix}.101.1"; prefixLength = 24; }]; }; multimedia = { ipv4.addresses = [{ - address = "${config.networkPrefix}.99.1"; + address = "${config.cloonar-assistant.networkPrefix}.99.1"; prefixLength = 24; }]; }; smart = { ipv4.addresses = [{ - address = "${config.networkPrefix}.100.1"; + address = "${config.cloonar-assistant.networkPrefix}.100.1"; prefixLength = 24; }]; }; guest = { ipv4.addresses = [{ - address = "${config.networkPrefix}.254.1"; + address = "${config.cloonar-assistant.networkPrefix}.254.1"; prefixLength = 24; }]; }; diff --git a/modules/cloonar-assistant/networking/unbound.nix b/modules/cloonar-assistant/networking/unbound.nix index f330687..4745b26 100644 --- a/modules/cloonar-assistant/networking/unbound.nix +++ b/modules/cloonar-assistant/networking/unbound.nix @@ -7,11 +7,11 @@ let interface-automatic = "yes"; access-control = [ "127.0.0.0/8 allow" - "${config.networkPrefix}.96.0/24 allow" - "${config.networkPrefix}.97.0/24 allow" - "${config.networkPrefix}.98.0/24 allow" - "${config.networkPrefix}.99.0/24 allow" - "${config.networkPrefix}.101.0/24 allow" + "${config.cloonar-assistant.networkPrefix}.96.0/24 allow" + "${config.cloonar-assistant.networkPrefix}.97.0/24 allow" + "${config.cloonar-assistant.networkPrefix}.98.0/24 allow" + "${config.cloonar-assistant.networkPrefix}.99.0/24 allow" + "${config.cloonar-assistant.networkPrefix}.101.0/24 allow" "0.0.0.0/0 allow" ]; tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt"; @@ -21,19 +21,19 @@ let "\"localhost.${config.cloonar-assistant.domain} A 127.0.0.1\"" "\"localhost AAAA ::1\"" "\"localhost.${config.cloonar-assistant.domain} AAAA ::1\"" - "\"fw.${config.cloonar-assistant.domain} A ${config.networkPrefix}.97.1\"" - "\"fw A ${config.networkPrefix}.97.1\"" + "\"fw.${config.cloonar-assistant.domain} A ${config.cloonar-assistant.networkPrefix}.97.1\"" + "\"fw A ${config.cloonar-assistant.networkPrefix}.97.1\"" - "\"mopidy.${config.cloonar-assistant.domain} IN A ${config.networkPrefix}.97.21\"" - "\"snapcast.${config.cloonar-assistant.domain} IN A ${config.networkPrefix}.97.21\"" - "\"home-assistant.${config.cloonar-assistant.domain} IN A ${config.networkPrefix}.97.20\"" + "\"mopidy.${config.cloonar-assistant.domain} IN A ${config.cloonar-assistant.networkPrefix}.97.21\"" + "\"snapcast.${config.cloonar-assistant.domain} IN A ${config.cloonar-assistant.networkPrefix}.97.21\"" + "\"home-assistant.${config.cloonar-assistant.domain} IN A ${config.cloonar-assistant.networkPrefix}.97.20\"" ]; local-data-ptr = [ "\"127.0.0.1 localhost\"" "\"::1 localhost\"" - "\"${config.networkPrefix}.97.1 fw.${config.cloonar-assistant.domain}\"" - "\"${config.networkPrefix}.97.20 home-assistant.${config.cloonar-assistant.domain}\"" - "\"${config.networkPrefix}.97.21 snapcast.${config.cloonar-assistant.domain}\"" + "\"${config.cloonar-assistant.networkPrefix}.97.1 fw.${config.cloonar-assistant.domain}\"" + "\"${config.cloonar-assistant.networkPrefix}.97.20 home-assistant.${config.cloonar-assistant.domain}\"" + "\"${config.cloonar-assistant.networkPrefix}.97.21 snapcast.${config.cloonar-assistant.domain}\"" ]; # ssl-upstream = "yes"; };