dotfiles/system/hosts/router/options.nix

240 lines
7.4 KiB
Nix
Raw Permalink Normal View History

2023-06-20 15:11:01 +07:00
{ lib
2023-06-24 07:12:11 +07:00
, notnft
, router-lib
2023-06-20 15:11:01 +07:00
, ... }:
{
options.router-settings = {
2024-06-05 19:35:01 +07:00
vpn = {
tunnel = {
2024-07-03 22:49:28 +07:00
mode = lib.mkOption {
description = "tunnel mode";
type = with lib.types; nullOr (enum [ "ssh" "sit" ]);
};
ifaceAddr = lib.mkOption {
description = "interface cidr";
type = router-lib.types.cidr;
};
localIp = lib.mkOption {
description = "local ip";
type = router-lib.types.ip;
};
2024-06-05 19:35:01 +07:00
localPort = lib.mkOption {
description = "local port";
type = lib.types.port;
};
remotePort = lib.mkOption {
description = "remote port";
type = lib.types.port;
};
ip = lib.mkOption {
description = "remote ip";
2024-07-03 22:49:28 +07:00
type = router-lib.types.ip;
2024-06-05 19:35:01 +07:00
};
port = lib.mkOption {
description = "SSH port";
type = lib.types.port;
default = 22;
};
2024-06-14 01:25:15 +07:00
user = lib.mkOption {
description = "SSH user";
type = lib.types.str;
default = "sshtunnel";
};
2024-06-05 19:35:01 +07:00
};
openvpn.enable = lib.mkEnableOption "OpenVPN";
openvpn.config = lib.mkOption {
description = "OpenVPN config";
type = lib.types.lines;
};
wireguard.enable = lib.mkEnableOption "Wireguard";
wireguard.config = lib.mkOption {
description = "wireguard config";
type = lib.types.attrs;
};
};
routerMac = lib.mkOption {
description = "router's mac address";
type = lib.types.str;
};
2023-06-24 07:12:11 +07:00
serverMac = lib.mkOption {
description = "server's mac address";
type = lib.types.str;
};
2023-10-24 00:16:14 +07:00
serverDuid = lib.mkOption {
description = "server's duid";
type = with lib.types; nullOr str;
default = null;
};
2023-09-13 17:20:18 +07:00
serverInitrdMac = lib.mkOption {
description = "server's mac address in initrd";
type = lib.types.str;
};
2024-07-12 03:37:03 +07:00
serverInitrdDuid = lib.mkOption {
description = "server's duid in initrd";
type = with lib.types; nullOr str;
default = null;
};
2023-06-24 07:12:11 +07:00
vacuumMac = lib.mkOption {
description = "robot vacuum's mac address";
2023-06-20 15:11:01 +07:00
type = lib.types.str;
};
2023-09-13 17:20:18 +07:00
lightBulbMac = lib.mkOption {
description = "light bulb's mac address";
type = lib.types.str;
};
2023-08-13 22:36:38 +07:00
naughtyMacs = lib.mkOption {
description = "misbehaving (using wrong DNS server) clients' macs";
type = with lib.types; listOf str;
};
2023-06-20 15:11:01 +07:00
network = lib.mkOption {
2023-06-24 07:12:11 +07:00
description = "network gateway+cidr (ex: 192.168.1.1/24)";
type = router-lib.types.cidr4;
};
network6 = lib.mkOption {
description = "network gateway+cidr6 (ex: fd00:1234:5678:90ab::1/64)";
type = router-lib.types.cidr6;
};
netnsNet = lib.mkOption {
description = "private inter-netns communication network cidr+main netns addr (ex: 192.168.2.1/24)";
type = router-lib.types.cidr4;
};
netnsNet6 = lib.mkOption {
description = "private inter-netns communication network cidr6+main netns addr6 (ex: fd01:ba09:8765:4321::1/64)";
type = router-lib.types.cidr6;
};
wanNetnsAddr = lib.mkOption {
description = "ip to assign to wan netns";
type = router-lib.types.ipv4;
};
wanNetnsAddr6 = lib.mkOption {
description = "ipv6 to assign to wan netns";
type = router-lib.types.ipv6;
};
2024-01-30 19:41:06 +07:00
wgNetwork = lib.mkOption {
description = "wg network gateway+cidr (ex: 192.168.2.1/24)";
type = router-lib.types.cidr4;
};
wgNetwork6 = lib.mkOption {
description = "wg network gateway+cidr6 (ex: fd00:abab:8989:3434::1/64)";
type = router-lib.types.cidr6;
};
wgPubkeys = lib.mkOption {
description = "wg pubkeys";
type = lib.types.listOf lib.types.str;
};
2023-06-24 07:12:11 +07:00
country_code = lib.mkOption {
description = "wlan country_code (ex: US)";
2023-06-20 15:11:01 +07:00
type = lib.types.str;
};
ssid = lib.mkOption {
2023-06-24 07:12:11 +07:00
description = "wlan ssid";
2023-06-20 15:11:01 +07:00
type = lib.types.str;
};
wpa_passphrase = lib.mkOption {
2023-06-24 07:12:11 +07:00
description = "wlan passphrase";
2023-06-20 15:11:01 +07:00
type = lib.types.str;
};
2023-06-24 07:12:11 +07:00
dhcpReservations = lib.mkOption {
description = "dhcp reservations (ipv4)";
default = [ ];
type = lib.types.listOf (lib.types.submodule {
options.ipAddress = lib.mkOption {
type = router-lib.types.ipv4;
description = "device's ip address";
};
options.macAddress = lib.mkOption {
type = lib.types.str;
description = "device's mac address";
};
});
};
dhcp6Reservations = lib.mkOption {
description = "dhcp reservations (ipv6)";
default = [ ];
type = lib.types.listOf (lib.types.submodule {
options.ipAddress = lib.mkOption {
type = router-lib.types.ipv6;
description = "device's ip address";
};
options.macAddress = lib.mkOption {
2023-10-24 00:16:14 +07:00
type = with lib.types; nullOr str;
default = null;
2023-06-24 07:12:11 +07:00
description = "device's mac address";
};
2023-10-24 00:16:14 +07:00
options.duid = lib.mkOption {
type = with lib.types; nullOr str;
default = null;
description = "device's duid";
};
2023-06-24 07:12:11 +07:00
});
};
dnatRules = lib.mkOption {
description = "dnat (port forwarding) rules";
default = [ ];
type = lib.types.listOf (lib.types.submodule {
options.inVpn = lib.mkOption {
type = lib.types.bool;
default = false;
description = "whether this is a vpn port forward";
};
options.mode = lib.mkOption {
type = lib.types.str;
default = "";
description = ''
forward mode.
snat = snat to router ip so routing is always correct; this mangles source ip and may not be desirable
mark = change ct mark if the sport/saddr match the target
rule = add an ip rule that does the above
none = do nothing
default = snat for target=router, mark otherwise
'';
};
# at least one of target4/target6 must be set
options.port = lib.mkOption {
type = notnft.types.expression;
description = "source port (nft expr)";
};
options.target4 = lib.mkOption {
default = null;
type = with lib.types; nullOr (submodule {
options.address = lib.mkOption {
type = router-lib.types.ipv4;
description = "ipv4 address";
};
options.port = lib.mkOption {
type = nullOr port;
2023-06-24 07:12:11 +07:00
description = "target port";
default = null;
};
});
description = "port forwarding target (ipv4)";
};
options.target6 = lib.mkOption {
default = null;
type = with lib.types; nullOr (submodule {
options.address = lib.mkOption {
type = router-lib.types.ipv6;
description = "ipv6 address";
};
options.port = lib.mkOption {
type = nullOr port;
2023-06-24 07:12:11 +07:00
description = "target port";
default = null;
};
});
description = "port forwarding target (ipv6)";
};
options.tcp = lib.mkOption {
type = lib.types.bool;
description = "whether to forward tcp";
};
options.udp = lib.mkOption {
type = lib.types.bool;
description = "whether to forward udp";
};
});
};
2023-06-20 15:11:01 +07:00
};
}