fix: right path to networkPrefix
This commit is contained in:
@@ -25,15 +25,15 @@
|
||||
id = 96;
|
||||
pools = [
|
||||
{
|
||||
pool = "${config.networkPrefix}.96.100 - ${config.networkPrefix}.96.240";
|
||||
pool = "${config.cloonar-assistant.networkPrefix}.96.100 - ${config.cloonar-assistant.networkPrefix}.96.240";
|
||||
}
|
||||
];
|
||||
subnet = "${config.networkPrefix}.96.0/24";
|
||||
subnet = "${config.cloonar-assistant.networkPrefix}.96.0/24";
|
||||
interface = "lan";
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = "${config.networkPrefix}.96.1";
|
||||
data = "${config.cloonar-assistant.networkPrefix}.96.1";
|
||||
}
|
||||
{
|
||||
name = "domain-name";
|
||||
@@ -45,7 +45,7 @@
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "${config.networkPrefix}.96.1";
|
||||
data = "${config.cloonar-assistant.networkPrefix}.96.1";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
@@ -55,15 +55,15 @@
|
||||
id = 97;
|
||||
pools = [
|
||||
{
|
||||
pool = "${config.networkPrefix}.97.100 - ${config.networkPrefix}.97.240";
|
||||
pool = "${config.cloonar-assistant.networkPrefix}.97.100 - ${config.cloonar-assistant.networkPrefix}.97.240";
|
||||
}
|
||||
];
|
||||
subnet = "${config.networkPrefix}.97.0/24";
|
||||
subnet = "${config.cloonar-assistant.networkPrefix}.97.0/24";
|
||||
interface = "server";
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = "${config.networkPrefix}.97.1";
|
||||
data = "${config.cloonar-assistant.networkPrefix}.97.1";
|
||||
}
|
||||
{
|
||||
name = "domain-name";
|
||||
@@ -71,7 +71,7 @@
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "${config.networkPrefix}.97.1";
|
||||
data = "${config.cloonar-assistant.networkPrefix}.97.1";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
@@ -81,15 +81,15 @@
|
||||
id = 101;
|
||||
pools = [
|
||||
{
|
||||
pool = "${config.networkPrefix}.101.100 - ${config.networkPrefix}.101.240";
|
||||
pool = "${config.cloonar-assistant.networkPrefix}.101.100 - ${config.cloonar-assistant.networkPrefix}.101.240";
|
||||
}
|
||||
];
|
||||
subnet = "${config.networkPrefix}.101.0/24";
|
||||
subnet = "${config.cloonar-assistant.networkPrefix}.101.0/24";
|
||||
interface = "infrastructure";
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = "${config.networkPrefix}.101.1";
|
||||
data = "${config.cloonar-assistant.networkPrefix}.101.1";
|
||||
}
|
||||
{
|
||||
name = "domain-name";
|
||||
@@ -97,12 +97,12 @@
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "${config.networkPrefix}.101.1";
|
||||
data = "${config.cloonar-assistant.networkPrefix}.101.1";
|
||||
}
|
||||
{
|
||||
name = "capwap-ac-v4";
|
||||
code = 138;
|
||||
data = "${config.networkPrefix}.97.2";
|
||||
data = "${config.cloonar-assistant.networkPrefix}.97.2";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
@@ -112,15 +112,15 @@
|
||||
id = 99;
|
||||
pools = [
|
||||
{
|
||||
pool = "${config.networkPrefix}.99.100 - ${config.networkPrefix}.99.240";
|
||||
pool = "${config.cloonar-assistant.networkPrefix}.99.100 - ${config.cloonar-assistant.networkPrefix}.99.240";
|
||||
}
|
||||
];
|
||||
subnet = "${config.networkPrefix}.99.0/24";
|
||||
subnet = "${config.cloonar-assistant.networkPrefix}.99.0/24";
|
||||
interface = "multimedia";
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = "${config.networkPrefix}.99.1";
|
||||
data = "${config.cloonar-assistant.networkPrefix}.99.1";
|
||||
}
|
||||
{
|
||||
name = "domain-name";
|
||||
@@ -128,7 +128,7 @@
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "${config.networkPrefix}.99.1";
|
||||
data = "${config.cloonar-assistant.networkPrefix}.99.1";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
@@ -138,15 +138,15 @@
|
||||
id = 254;
|
||||
pools = [
|
||||
{
|
||||
pool = "${config.networkPrefix}.254.10 - ${config.networkPrefix}.254.254";
|
||||
pool = "${config.cloonar-assistant.networkPrefix}.254.10 - ${config.cloonar-assistant.networkPrefix}.254.254";
|
||||
}
|
||||
];
|
||||
subnet = "${config.networkPrefix}.254.0/24";
|
||||
subnet = "${config.cloonar-assistant.networkPrefix}.254.0/24";
|
||||
interface = "guest";
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = "${config.networkPrefix}.254.1";
|
||||
data = "${config.cloonar-assistant.networkPrefix}.254.1";
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
@@ -158,15 +158,15 @@
|
||||
id = 100;
|
||||
pools = [
|
||||
{
|
||||
pool = "${config.networkPrefix}.100.100 - ${config.networkPrefix}.100.240";
|
||||
pool = "${config.cloonar-assistant.networkPrefix}.100.100 - ${config.cloonar-assistant.networkPrefix}.100.240";
|
||||
}
|
||||
];
|
||||
subnet = "${config.networkPrefix}.100.0/24";
|
||||
subnet = "${config.cloonar-assistant.networkPrefix}.100.0/24";
|
||||
interface = "smart";
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = "${config.networkPrefix}.100.1";
|
||||
data = "${config.cloonar-assistant.networkPrefix}.100.1";
|
||||
}
|
||||
{
|
||||
name = "domain-name";
|
||||
@@ -174,7 +174,7 @@
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "${config.networkPrefix}.100.1";
|
||||
data = "${config.cloonar-assistant.networkPrefix}.100.1";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
|
||||
@@ -52,8 +52,8 @@ in {
|
||||
|
||||
# Accept mDNS for avahi reflection
|
||||
${lib.optionalString config.cloonar-assistant.multiroom-audio.enable ''
|
||||
iifname "server" ip saddr ${config.networkPrefix}.97.20/32 tcp dport { llmnr } counter accept
|
||||
iifname "server" ip saddr ${config.networkPrefix}.97.20/32 udp dport { mdns, llmnr } counter accept
|
||||
iifname "server" ip saddr ${config.cloonar-assistant.networkPrefix}.97.20/32 tcp dport { llmnr } counter accept
|
||||
iifname "server" ip saddr ${config.cloonar-assistant.networkPrefix}.97.20/32 udp dport { mdns, llmnr } counter accept
|
||||
''}
|
||||
|
||||
# Allow all returning traffic
|
||||
@@ -91,13 +91,13 @@ in {
|
||||
iifname "multimedia" oifname "server" tcp dport { 1704, 1705 } counter accept
|
||||
iifname "lan" oifname "server" udp dport { 5000, 5353, 6001 - 6011 } counter accept
|
||||
# avahi
|
||||
iifname "server" ip saddr ${config.networkPrefix}.97.20/32 oifname { "lan" } counter accept
|
||||
iifname "server" ip saddr ${config.cloonar-assistant.networkPrefix}.97.20/32 oifname { "lan" } counter accept
|
||||
''}
|
||||
|
||||
${lib.optionalString config.cloonar-assistant.firewall.enable ''
|
||||
# smart home coap
|
||||
iifname "smart" oifname "server" ip daddr ${config.networkPrefix}.97.20/32 udp dport { 5683 } counter accept
|
||||
iifname "smart" oifname "server" ip daddr ${config.networkPrefix}.97.20/32 tcp dport { 1883 } counter accept
|
||||
iifname "smart" oifname "server" ip daddr ${config.cloonar-assistant.networkPrefix}.97.20/32 udp dport { 5683 } counter accept
|
||||
iifname "smart" oifname "server" ip daddr ${config.cloonar-assistant.networkPrefix}.97.20/32 tcp dport { 1883 } counter accept
|
||||
|
||||
# lan and vpn to any
|
||||
iifname { "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "server", "vserver", "infrastructure", "multimedia", "smart", "wg_cloonar", "guest", "setup" } counter accept
|
||||
@@ -138,7 +138,7 @@ in {
|
||||
content = ''
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority filter; policy accept;
|
||||
iifname "server" ip daddr ${config.networkPrefix}.96.255 udp dport { 9 } dnat to ${config.networkPrefix}.96.255
|
||||
iifname "server" ip daddr ${config.cloonar-assistant.networkPrefix}.96.255 udp dport { 9 } dnat to ${config.cloonar-assistant.networkPrefix}.96.255
|
||||
${config.cloonar-assistant.firewall.custom-rules.prerouting}
|
||||
}
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@
|
||||
networking = if config.cloonar-assistant.firewall.enable then {
|
||||
useDHCP = false;
|
||||
# Define VLANS
|
||||
nameservers = [ "${config.networkPrefix}.97.1" ];
|
||||
nameservers = [ "${config.cloonar-assistant.networkPrefix}.97.1" ];
|
||||
# resolvconf.enable = false;
|
||||
vlans = {
|
||||
infrastructure = {
|
||||
@@ -71,37 +71,37 @@
|
||||
wan.useDHCP = true;
|
||||
lan = {
|
||||
ipv4.addresses = [{
|
||||
address = "${config.networkPrefix}.96.1";
|
||||
address = "${config.cloonar-assistant.networkPrefix}.96.1";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
server = {
|
||||
ipv4.addresses = [{
|
||||
address = "${config.networkPrefix}.97.1";
|
||||
address = "${config.cloonar-assistant.networkPrefix}.97.1";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
infrastructure = {
|
||||
ipv4.addresses = [{
|
||||
address = "${config.networkPrefix}.101.1";
|
||||
address = "${config.cloonar-assistant.networkPrefix}.101.1";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
multimedia = {
|
||||
ipv4.addresses = [{
|
||||
address = "${config.networkPrefix}.99.1";
|
||||
address = "${config.cloonar-assistant.networkPrefix}.99.1";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
smart = {
|
||||
ipv4.addresses = [{
|
||||
address = "${config.networkPrefix}.100.1";
|
||||
address = "${config.cloonar-assistant.networkPrefix}.100.1";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
guest = {
|
||||
ipv4.addresses = [{
|
||||
address = "${config.networkPrefix}.254.1";
|
||||
address = "${config.cloonar-assistant.networkPrefix}.254.1";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
|
||||
@@ -7,11 +7,11 @@ let
|
||||
interface-automatic = "yes";
|
||||
access-control = [
|
||||
"127.0.0.0/8 allow"
|
||||
"${config.networkPrefix}.96.0/24 allow"
|
||||
"${config.networkPrefix}.97.0/24 allow"
|
||||
"${config.networkPrefix}.98.0/24 allow"
|
||||
"${config.networkPrefix}.99.0/24 allow"
|
||||
"${config.networkPrefix}.101.0/24 allow"
|
||||
"${config.cloonar-assistant.networkPrefix}.96.0/24 allow"
|
||||
"${config.cloonar-assistant.networkPrefix}.97.0/24 allow"
|
||||
"${config.cloonar-assistant.networkPrefix}.98.0/24 allow"
|
||||
"${config.cloonar-assistant.networkPrefix}.99.0/24 allow"
|
||||
"${config.cloonar-assistant.networkPrefix}.101.0/24 allow"
|
||||
"0.0.0.0/0 allow"
|
||||
];
|
||||
tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
|
||||
@@ -21,19 +21,19 @@ let
|
||||
"\"localhost.${config.cloonar-assistant.domain} A 127.0.0.1\""
|
||||
"\"localhost AAAA ::1\""
|
||||
"\"localhost.${config.cloonar-assistant.domain} AAAA ::1\""
|
||||
"\"fw.${config.cloonar-assistant.domain} A ${config.networkPrefix}.97.1\""
|
||||
"\"fw A ${config.networkPrefix}.97.1\""
|
||||
"\"fw.${config.cloonar-assistant.domain} A ${config.cloonar-assistant.networkPrefix}.97.1\""
|
||||
"\"fw A ${config.cloonar-assistant.networkPrefix}.97.1\""
|
||||
|
||||
"\"mopidy.${config.cloonar-assistant.domain} IN A ${config.networkPrefix}.97.21\""
|
||||
"\"snapcast.${config.cloonar-assistant.domain} IN A ${config.networkPrefix}.97.21\""
|
||||
"\"home-assistant.${config.cloonar-assistant.domain} IN A ${config.networkPrefix}.97.20\""
|
||||
"\"mopidy.${config.cloonar-assistant.domain} IN A ${config.cloonar-assistant.networkPrefix}.97.21\""
|
||||
"\"snapcast.${config.cloonar-assistant.domain} IN A ${config.cloonar-assistant.networkPrefix}.97.21\""
|
||||
"\"home-assistant.${config.cloonar-assistant.domain} IN A ${config.cloonar-assistant.networkPrefix}.97.20\""
|
||||
];
|
||||
local-data-ptr = [
|
||||
"\"127.0.0.1 localhost\""
|
||||
"\"::1 localhost\""
|
||||
"\"${config.networkPrefix}.97.1 fw.${config.cloonar-assistant.domain}\""
|
||||
"\"${config.networkPrefix}.97.20 home-assistant.${config.cloonar-assistant.domain}\""
|
||||
"\"${config.networkPrefix}.97.21 snapcast.${config.cloonar-assistant.domain}\""
|
||||
"\"${config.cloonar-assistant.networkPrefix}.97.1 fw.${config.cloonar-assistant.domain}\""
|
||||
"\"${config.cloonar-assistant.networkPrefix}.97.20 home-assistant.${config.cloonar-assistant.domain}\""
|
||||
"\"${config.cloonar-assistant.networkPrefix}.97.21 snapcast.${config.cloonar-assistant.domain}\""
|
||||
];
|
||||
# ssl-upstream = "yes";
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user