diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix index 2b69c5d..d864bbc 100644 --- a/hosts/fw.cloonar.com/modules/firewall.nix +++ b/hosts/fw.cloonar.com/modules/firewall.nix @@ -23,9 +23,7 @@ iptables -A FORWARD -i wg_cloonar -d 10.42.0.0/16 -j ACCEPT iptables -A FORWARD -i lan -o wan -j ACCEPT - iptables -A FORWARD -i server -o wan -j ACCEPT iptables -A FORWARD -i podman0 -o wan -j ACCEPT - iptables -A FORWARD -i server-shim -o wan -j ACCEPT iptables -A FORWARD -i multimedia -o wan -j ACCEPT iptables -A FORWARD -i smart -o wan -j ACCEPT iptables -A FORWARD -i wg_cloonar -o wan -j ACCEPT diff --git a/hosts/fw.cloonar.com/modules/networking.nix b/hosts/fw.cloonar.com/modules/networking.nix index 69be8bd..6555b5e 100644 --- a/hosts/fw.cloonar.com/modules/networking.nix +++ b/hosts/fw.cloonar.com/modules/networking.nix @@ -17,9 +17,9 @@ matchConfig.PermanentMACAddress = "a8:b8:e0:00:43:c2"; linkConfig.Name = "lan"; }; - "30-server" = { + "30-multimedia" = { matchConfig.PermanentMACAddress = "a8:b8:e0:00:43:c3"; - linkConfig.Name = "server"; + linkConfig.Name = "multimedia"; }; }; }; @@ -30,10 +30,10 @@ nameservers = [ "9.9.9.9" "149.112.112.112" ]; # Define VLANS vlans = { - multimedia = { - id = 3; - interface = "enp5s0"; - }; + # multimedia = { + # id = 3; + # interface = "enp5s0"; + # }; smart = { id = 4094; interface = "enp5s0"; @@ -58,12 +58,12 @@ prefixLength = 24; }]; }; - server = { - ipv4.addresses = [{ - address = "10.42.97.1"; - prefixLength = 24; - }]; - }; + # server = { + # ipv4.addresses = [{ + # address = "10.42.97.1"; + # prefixLength = 24; + # }]; + # }; multimedia = { ipv4.addresses = [{ address = "10.42.99.1"; diff --git a/hosts/fw.cloonar.com/modules/podman.nix b/hosts/fw.cloonar.com/modules/podman.nix index 1468077..7154097 100644 --- a/hosts/fw.cloonar.com/modules/podman.nix +++ b/hosts/fw.cloonar.com/modules/podman.nix @@ -6,7 +6,10 @@ in { podman = { enable = true; dockerCompat = true; - defaultNetwork.settings.dns_enabled = true; + defaultNetwork.settings = { + # dns_enabled = true; + subnets = [{ gateway = "10.42.97.1"; subnet = "10.42.97.0/24"; }]; + }; # defaultNetwork.settings = { # driver = "macvlan"; # network_interface = "server"; @@ -25,47 +28,47 @@ in { }; }; - networking = { - macvlans = { - "server-shim" = { - interface = "server"; - mode = "bridge"; - }; - }; - interfaces = { - "server-shim" = { - ipv4.addresses = [{ - address = "10.42.97.223"; - prefixLength = 24; - }]; - ipv4.routes = [{ - address = "10.42.97.192"; - prefixLength = 27; - }]; - }; - }; - }; + # networking = { + # macvlans = { + # "server-shim" = { + # interface = "server"; + # mode = "bridge"; + # }; + # }; + # interfaces = { + # "server-shim" = { + # ipv4.addresses = [{ + # address = "10.42.97.223"; + # prefixLength = 24; + # }]; + # ipv4.routes = [{ + # address = "10.42.97.192"; + # prefixLength = 27; + # }]; + # }; + # }; + # }; - systemd.sockets."netavark-dhcp-proxy" = { - description = "Netavark DHCP proxy socket"; - socketConfig = { - ListenStream = "%t/podman/nv-proxy.sock"; - SocketMode = 0660; - }; - wantedBy = [ "sockets.target" ]; - }; - - systemd.services."netavark-dhcp-proxy" = { - description = "Netavark DHCP proxy service"; - after = [ "netavark-dhcp-proxy.socket" ]; - requires = [ "netavark-dhcp-proxy.socket" ]; - wantedBy = [ "multi-user.target" "netavark-dhcp-proxy.socket" ]; - path = [ pkgs.netavark ]; - startLimitIntervalSec = 0; - - serviceConfig = { - Type = "exec"; - ExecStart= "${pkgs.netavark}/bin/netavark dhcp-proxy -a 30"; - }; - }; + # systemd.sockets."netavark-dhcp-proxy" = { + # description = "Netavark DHCP proxy socket"; + # socketConfig = { + # ListenStream = "%t/podman/nv-proxy.sock"; + # SocketMode = 0660; + # }; + # wantedBy = [ "sockets.target" ]; + # }; + # + # systemd.services."netavark-dhcp-proxy" = { + # description = "Netavark DHCP proxy service"; + # after = [ "netavark-dhcp-proxy.socket" ]; + # requires = [ "netavark-dhcp-proxy.socket" ]; + # wantedBy = [ "multi-user.target" "netavark-dhcp-proxy.socket" ]; + # path = [ pkgs.netavark ]; + # startLimitIntervalSec = 0; + # + # serviceConfig = { + # Type = "exec"; + # ExecStart= "${pkgs.netavark}/bin/netavark dhcp-proxy -a 30"; + # }; + # }; }