From 75aa01513cb7cce411170d204c9dca1278beec56 Mon Sep 17 00:00:00 2001 From: Daniel Barlow Date: Mon, 18 Mar 2024 21:44:54 +0000 Subject: [PATCH] move dnsmasq -> gateway profile --- examples/rotuer.nix | 49 +++--------------- modules/profiles/gateway.nix | 96 +++++++++++++++++++----------------- 2 files changed, 57 insertions(+), 88 deletions(-) diff --git a/examples/rotuer.nix b/examples/rotuer.nix index b9e439a..4b23812 100644 --- a/examples/rotuer.nix +++ b/examples/rotuer.nix @@ -48,9 +48,16 @@ in rec { wlan wlan5 lan0 lan1 lan2 lan3 lan4 ]; + inherit (secrets.lan) prefix; address = { family = "inet"; address ="${secrets.lan.prefix}.1"; prefixLength = 24; }; + dhcp = { + start = 10; + end = 240; + hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix); + localDomain = "lan"; + }; }; wan = { interface = config.hardware.networkInterfaces.wan; @@ -90,48 +97,6 @@ in rec { users.root = secrets.root; - services.dns = - let interface = config.services.int; - in svc.dnsmasq.build { - resolvconf = services.resolvconf; - inherit interface; - ranges = [ - "${secrets.lan.prefix}.10,${secrets.lan.prefix}.240" - # ra-stateless: sends router advertisements with the O and A - # bits set, and provides a stateless DHCP service. The client - # will use a SLAAC address, and use DHCP for other - # configuration information. - "::,constructor:$(output ${interface} ifname),ra-stateless" - ]; - - # You can add static addresses for the DHCP server here. I'm - # not putting my actual MAC addresses in a public git repo ... - hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix); - upstreams = [ "/${secrets.domainName}/" ]; - domain = secrets.domainName; - }; - - services.resolvconf = oneshot rec { - dependencies = [ config.services.wan ]; - name = "resolvconf"; - up = '' - . ${serviceFns} - ( in_outputs ${name} - echo "nameserver $(output ${config.services.wan} ns1)" > resolv.conf - echo "nameserver $(output ${config.services.wan} ns2)" >> resolv.conf - chmod 0444 resolv.conf - ) - ''; - }; - - filesystem = - let inherit (pkgs.pseudofile) dir symlink; - in dir { - etc = dir { - "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf"; - }; - }; - services.defaultroute4 = svc.network.route.build { via = "$(output ${config.services.wan} address)"; target = "default"; diff --git a/modules/profiles/gateway.nix b/modules/profiles/gateway.nix index d5bc2d1..82dc964 100644 --- a/modules/profiles/gateway.nix +++ b/modules/profiles/gateway.nix @@ -3,7 +3,7 @@ let svc = config.system.service; cfg = config.profile.gateway; inherit (lib) mkOption mkEnableOption mkIf mdDoc types optional optionals; - inherit (pkgs) liminix; + inherit (pkgs) liminix serviceFns; inherit (liminix.services) bundle oneshot; hostaps = let @@ -36,10 +36,17 @@ in { address = mkOption { type = types.attrs; }; + prefix = mkOption { type = types.str; }; + dhcp = { + start = mkOption { type = types.int; }; + end = mkOption { type = types.int; }; + hosts = mkOption { type = types.attrs; }; + localDomain = mkOption { type = types.str; }; + }; }; wan = { interface = mkOption { type = liminix.lib.types.interface; }; - username = mkOption { type = types.str; }; + username = mkOption { type = types.str; }; password = mkOption { type = types.str; }; dhcp6.enable = mkOption { type = types.bool; }; }; @@ -103,51 +110,48 @@ in { ]; }; in mkIf cfg.wan.dhcp6.enable bundl; + + services.dns = + let interface = config.services.int; + dcfg = cfg.lan.dhcp; + in svc.dnsmasq.build { + resolvconf = config.services.resolvconf; + inherit interface; + ranges = [ + "${cfg.lan.prefix}.${toString dcfg.start},${cfg.lan.prefix}.${toString dcfg.end}" + # ra-stateless: sends router advertisements with the O and A + # bits set, and provides a stateless DHCP service. The client + # will use a SLAAC address, and use DHCP for other + # configuration information. + "::,constructor:$(output ${interface} ifname),ra-stateless" + ]; + + hosts = dcfg.hosts; + upstreams = [ "/${dcfg.localDomain}/" ]; + domain = dcfg.localDomain; + }; + + services.resolvconf = oneshot rec { + dependencies = [ config.services.wan ]; + name = "resolvconf"; + up = '' + . ${serviceFns} + ( in_outputs ${name} + echo "nameserver $(output ${config.services.wan} ns1)" > resolv.conf + echo "nameserver $(output ${config.services.wan} ns2)" >> resolv.conf + chmod 0444 resolv.conf + ) + ''; + }; + + filesystem = + let inherit (pkgs.pseudofile) dir symlink; + in dir { + etc = dir { + "resolv.conf" = symlink "${config.services.resolvconf}/.outputs/resolv.conf"; + }; + }; }; - -# services.dns = -# let interface = services.int; -# in svc.dnsmasq.build { -# resolvconf = services.resolvconf; -# inherit interface; -# ranges = [ -# "${secrets.lan.prefix}.10,${secrets.lan.prefix}.240" -# # ra-stateless: sends router advertisements with the O and A -# # bits set, and provides a stateless DHCP service. The client -# # will use a SLAAC address, and use DHCP for other -# # configuration information. -# "::,constructor:$(output ${interface} ifname),ra-stateless" -# ]; - -# # You can add static addresses for the DHCP server here. I'm -# # not putting my actual MAC addresses in a public git repo ... -# hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix); -# upstreams = [ "/${secrets.domainName}/" ]; -# domain = secrets.domainName; -# }; - - -# services.resolvconf = oneshot rec { -# dependencies = [ services.wan ]; -# name = "resolvconf"; -# up = '' -# . ${serviceFns} -# ( in_outputs ${name} -# echo "nameserver $(output ${services.wan} ns1)" > resolv.conf -# echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf -# chmod 0444 resolv.conf -# ) -# ''; -# }; - -# filesystem = -# let inherit (pkgs.pseudofile) dir symlink; -# in dir { -# etc = dir { -# "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf"; -# }; -# }; - # services.defaultroute4 = svc.network.route.build { # via = "$(output ${services.wan} address)"; # target = "default";