summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rwxr-xr-xsystem/nanopi.nix25
1 files changed, 16 insertions, 9 deletions
diff --git a/system/nanopi.nix b/system/nanopi.nix
index 105c0566..6ee61e69 100755
--- a/system/nanopi.nix
+++ b/system/nanopi.nix
@@ -115,9 +115,16 @@ in
     search = [ domain ];
     hosts = {
       "fd7a:115c:a1e0::53" = [ "tailscale" "ts" ];
+      "192.168.100.1" = [ "modem" "pyur" ];
+      "192.168.4.1" = [ "lte" ];
     };
     useDHCP = false;
     useNetworkd = true;
+    nat = {
+      enable = true;
+      internalInterfaces = [ "bridge0" "lan1" "lan2" ];
+      externalInterface = "wan0";
+    };
     firewall = {
       enable = true;
       rejectPackets = true;
@@ -139,8 +146,8 @@ in
         ];
       };
       extraForwardRules = ''
-        iifname { "wan0", "wlan0", "wwan0" } oifname { "lan1", "lan2", "bridge0" } icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
-        iifname { "lan1", "lan2", "bridge0" } oifname { "wan0", "wlan0", "wwan0" } accept
+        iifname { "wlan0", "lte0" } oifname { "lan1", "lan2", "bridge0" } icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
+        iifname { "lan1", "lan2", "bridge0" } oifname { "wlan0", "lte0" } accept
         iifname "tailscale0" oifname "bridge0" accept
         iifname "bridge0" oifname "tailscale0" accept
       '';
@@ -153,7 +160,7 @@ in
           content = ''
             chain postrouting {
               type nat hook postrouting priority srcnat; policy accept;
-              oifname { "wan0", "wlan0", "wwan0" } masquerade
+              oifname { "wlan0", "lte0" } masquerade
             }
             chain prerouting {
               type nat hook prerouting priority dstnat;
@@ -277,10 +284,10 @@ in
           Name = "wlan0";
         };
       };
-      "10-name-wwan0" = {
+      "10-name-lte0" = {
         matchConfig.MACAddress = "34:4b:50:00:00:00";
         linkConfig = {
-          Name = "wwan0";
+          Name = "lte0";
         };
       };
     };
@@ -330,8 +337,8 @@ in
           Token = "::1";
         };
       };
-      "50-wwan0" = {
-        matchConfig.Name = "wwan0";
+      "50-lte0" = {
+        matchConfig.Name = "lte0";
         networkConfig = {
           DHCP = "yes";
           IPv6AcceptRA = true;
@@ -504,7 +511,6 @@ in
         "nanopi.${domain},bridge0"
         "wan.${domain},wan0"
         "wlan.${domain},wlan0"
-        "wwan.${domain},wwan0"
       ];
       interface = [
         "lo"
@@ -520,7 +526,8 @@ in
       bind-interfaces = true;
 
       # if this is false, a remote query for nanopi returns 127.0.0.2, because that's in /etc/hosts
-      no-hosts = true;
+      no-hosts = false;
+      expand-hosts = true;
 
       dnssec = true;
       trust-anchor = ".,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";