diff options
-rwxr-xr-x | system/nanopi.nix | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/system/nanopi.nix b/system/nanopi.nix index 105c0566..6ee61e69 100755 --- a/system/nanopi.nix +++ b/system/nanopi.nix @@ -115,9 +115,16 @@ in search = [ domain ]; hosts = { "fd7a:115c:a1e0::53" = [ "tailscale" "ts" ]; + "192.168.100.1" = [ "modem" "pyur" ]; + "192.168.4.1" = [ "lte" ]; }; useDHCP = false; useNetworkd = true; + nat = { + enable = true; + internalInterfaces = [ "bridge0" "lan1" "lan2" ]; + externalInterface = "wan0"; + }; firewall = { enable = true; rejectPackets = true; @@ -139,8 +146,8 @@ in ]; }; extraForwardRules = '' - iifname { "wan0", "wlan0", "wwan0" } oifname { "lan1", "lan2", "bridge0" } icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept - iifname { "lan1", "lan2", "bridge0" } oifname { "wan0", "wlan0", "wwan0" } accept + iifname { "wlan0", "lte0" } oifname { "lan1", "lan2", "bridge0" } icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept + iifname { "lan1", "lan2", "bridge0" } oifname { "wlan0", "lte0" } accept iifname "tailscale0" oifname "bridge0" accept iifname "bridge0" oifname "tailscale0" accept ''; @@ -153,7 +160,7 @@ in content = '' chain postrouting { type nat hook postrouting priority srcnat; policy accept; - oifname { "wan0", "wlan0", "wwan0" } masquerade + oifname { "wlan0", "lte0" } masquerade } chain prerouting { type nat hook prerouting priority dstnat; @@ -277,10 +284,10 @@ in Name = "wlan0"; }; }; - "10-name-wwan0" = { + "10-name-lte0" = { matchConfig.MACAddress = "34:4b:50:00:00:00"; linkConfig = { - Name = "wwan0"; + Name = "lte0"; }; }; }; @@ -330,8 +337,8 @@ in Token = "::1"; }; }; - "50-wwan0" = { - matchConfig.Name = "wwan0"; + "50-lte0" = { + matchConfig.Name = "lte0"; networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; @@ -504,7 +511,6 @@ in "nanopi.${domain},bridge0" "wan.${domain},wan0" "wlan.${domain},wlan0" - "wwan.${domain},wwan0" ]; interface = [ "lo" @@ -520,7 +526,8 @@ in bind-interfaces = true; # if this is false, a remote query for nanopi returns 127.0.0.2, because that's in /etc/hosts - no-hosts = true; + no-hosts = false; + expand-hosts = true; dnssec = true; trust-anchor = ".,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D"; |