-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrouterconfig.nix.example
124 lines (94 loc) · 3.16 KB
/
routerconfig.nix.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
rec {
system = {
hostname = "router";
username = "user";
timezone = "";
initialStateVersion = "24.11";
};
# The net IDs of the subnets; the host part should
# NOT be included.
# Example: 192.168.1
externalInterfaceSubnetId = "192.168.1";
internalInterfaceSubnetId = "192.168.1";
network = {
# The subnet address followed by the CIDR.
# Example: 192.168.1.0/24
internalInterfaceSubnet = "${internalInterfaceSubnetId}.0/24";
externalInterfaceSubnet = "${externalInterfaceSubnetId}.0/24";
# The range of IP addresses that can be used in DHCP
# leases. Make sure that any IP address reservations
# for computer hosts stay outside of this range.
# Example: 192.168.1.100 - 192.168.1.200
dhcpAddressRange = "${internalInterfaceSubnetId}.100 - ${internalInterfaceSubnetId}.200";
# The static IP address of the internal interface
# used by this router.
# Example: 192.168.1.2
routerInternalInterfaceAddress = "${internalInterfaceSubnetId}.2";
# The static IP address of the external interface
# used by this router.
# Example: 192.168.1.2
routerExternalInterfaceAddress = "${externalInterfaceSubnetId}.2";
# If your home network has another router to which
# this router will be connected to, set it to
# the address of that router.
# Example: 192.168.1.1
gatewayAddress = "${internalInterfaceSubnetId}.1";
# The interface used that forwards data to WAN.
externalInterface = "enp4s0";
# The interface used by hosts connected to the router for
# transceiving data. If using an Ethernet to USB adapter,
# set it to the interface of that adapter. If all your
# connections are managed via a switch, the internalInterface
# should probably be the same as the externalInterface.
internalInterface = "enp4s0";
# Port forwarding configuration. Specify the LAN IP
# address of the host you want to open the port for.
openPorts = [
# { host = "192.168.1.105" port = 80 }
];
};
security = {
macWhitelist = [
# "ff:ff:ff:ff:ff:ff"
];
macBlacklist = [
# "ff:ff:ff:ff:ff:ff"
];
hostBlocklist = [
# "example.com"
];
hostRedirectList = [
# { host = "example.com"; redirect = "127.0.0.1"; }
];
useMacWhitelist = true;
useMacBlacklist = true;
useAutoHostBlocklist = true;
useHostBlocklist = true;
useHostRedirectList = true;
useFirewall = true;
# Whether to use Sirucata Introsion Detection System
useIds = true; #
# Whether to use fail2ban service
preventBruteforceAttack = true;
useDoasOverSudo = true;
# Whether to replace `rm` command with `trash-cli`
useTrashOverRm = true;
monitor = true;
autoUpdate = true;
# Whether to keep all the security features
# force-enabled regardless of the
# chosen settings.
# NOTE: will disable port forwarding
strictMode = true;
};
dns = {
# Nameservers for DNS. Consider using NextDNS
# alongside encrypted DNS queries:
# https://nextdns.io
upstream_recursive_servers = [
];
};
laptop = {
suspendAfterClosingLid = false;
};
}