2023-06-20 15:11:01 +07:00
|
|
|
{ lib
|
2023-06-24 07:12:11 +07:00
|
|
|
, notnft
|
|
|
|
, router-lib
|
2023-06-20 15:11:01 +07:00
|
|
|
, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
options.router-settings = {
|
2023-06-24 09:49:57 +07:00
|
|
|
routerMac = lib.mkOption {
|
|
|
|
description = "router's mac address";
|
|
|
|
type = lib.types.str;
|
|
|
|
};
|
2023-06-24 07:12:11 +07:00
|
|
|
serverMac = lib.mkOption {
|
|
|
|
description = "server's mac address";
|
|
|
|
type = lib.types.str;
|
|
|
|
};
|
2023-08-13 22:36:38 +07:00
|
|
|
naughtyMacs = lib.mkOption {
|
|
|
|
description = "misbehaving (using wrong DNS server) clients' macs";
|
|
|
|
type = with lib.types; listOf str;
|
2023-06-24 07:12:11 +07:00
|
|
|
};
|
|
|
|
vacuumMac = lib.mkOption {
|
|
|
|
description = "robot vacuum's mac address";
|
2023-06-20 15:11:01 +07:00
|
|
|
type = lib.types.str;
|
|
|
|
};
|
|
|
|
network = lib.mkOption {
|
2023-06-24 07:12:11 +07:00
|
|
|
description = "network gateway+cidr (ex: 192.168.1.1/24)";
|
|
|
|
type = router-lib.types.cidr4;
|
|
|
|
};
|
|
|
|
network6 = lib.mkOption {
|
|
|
|
description = "network gateway+cidr6 (ex: fd00:1234:5678:90ab::1/64)";
|
|
|
|
type = router-lib.types.cidr6;
|
|
|
|
};
|
|
|
|
netnsNet = lib.mkOption {
|
|
|
|
description = "private inter-netns communication network cidr+main netns addr (ex: 192.168.2.1/24)";
|
|
|
|
type = router-lib.types.cidr4;
|
|
|
|
};
|
|
|
|
netnsNet6 = lib.mkOption {
|
|
|
|
description = "private inter-netns communication network cidr6+main netns addr6 (ex: fd01:ba09:8765:4321::1/64)";
|
|
|
|
type = router-lib.types.cidr6;
|
|
|
|
};
|
|
|
|
wanNetnsAddr = lib.mkOption {
|
|
|
|
description = "ip to assign to wan netns";
|
|
|
|
type = router-lib.types.ipv4;
|
|
|
|
};
|
|
|
|
wanNetnsAddr6 = lib.mkOption {
|
|
|
|
description = "ipv6 to assign to wan netns";
|
|
|
|
type = router-lib.types.ipv6;
|
|
|
|
};
|
|
|
|
country_code = lib.mkOption {
|
|
|
|
description = "wlan country_code (ex: US)";
|
2023-06-20 15:11:01 +07:00
|
|
|
type = lib.types.str;
|
|
|
|
};
|
|
|
|
ssid = lib.mkOption {
|
2023-06-24 07:12:11 +07:00
|
|
|
description = "wlan ssid";
|
2023-06-20 15:11:01 +07:00
|
|
|
type = lib.types.str;
|
|
|
|
};
|
|
|
|
wpa_passphrase = lib.mkOption {
|
2023-06-24 07:12:11 +07:00
|
|
|
description = "wlan passphrase";
|
2023-06-20 15:11:01 +07:00
|
|
|
type = lib.types.str;
|
|
|
|
};
|
2023-06-24 07:12:11 +07:00
|
|
|
wireguard = lib.mkOption {
|
|
|
|
description = "wireguard config";
|
|
|
|
type = lib.types.attrs;
|
|
|
|
};
|
|
|
|
dhcpReservations = lib.mkOption {
|
|
|
|
description = "dhcp reservations (ipv4)";
|
|
|
|
default = [ ];
|
|
|
|
type = lib.types.listOf (lib.types.submodule {
|
|
|
|
options.ipAddress = lib.mkOption {
|
|
|
|
type = router-lib.types.ipv4;
|
|
|
|
description = "device's ip address";
|
|
|
|
};
|
|
|
|
options.macAddress = lib.mkOption {
|
|
|
|
type = lib.types.str;
|
|
|
|
description = "device's mac address";
|
|
|
|
};
|
|
|
|
});
|
|
|
|
};
|
|
|
|
dhcp6Reservations = lib.mkOption {
|
|
|
|
description = "dhcp reservations (ipv6)";
|
|
|
|
default = [ ];
|
|
|
|
type = lib.types.listOf (lib.types.submodule {
|
|
|
|
options.ipAddress = lib.mkOption {
|
|
|
|
type = router-lib.types.ipv6;
|
|
|
|
description = "device's ip address";
|
|
|
|
};
|
|
|
|
options.macAddress = lib.mkOption {
|
|
|
|
type = lib.types.str;
|
|
|
|
description = "device's mac address";
|
|
|
|
};
|
|
|
|
});
|
|
|
|
};
|
|
|
|
dnatRules = lib.mkOption {
|
|
|
|
description = "dnat (port forwarding) rules";
|
|
|
|
default = [ ];
|
|
|
|
type = lib.types.listOf (lib.types.submodule {
|
|
|
|
options.inVpn = lib.mkOption {
|
|
|
|
type = lib.types.bool;
|
|
|
|
default = false;
|
|
|
|
description = "whether this is a vpn port forward";
|
|
|
|
};
|
|
|
|
options.mode = lib.mkOption {
|
|
|
|
type = lib.types.str;
|
|
|
|
default = "";
|
|
|
|
description = ''
|
|
|
|
forward mode.
|
|
|
|
snat = snat to router ip so routing is always correct; this mangles source ip and may not be desirable
|
|
|
|
mark = change ct mark if the sport/saddr match the target
|
|
|
|
rule = add an ip rule that does the above
|
|
|
|
none = do nothing
|
|
|
|
default = snat for target=router, mark otherwise
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
# at least one of target4/target6 must be set
|
|
|
|
options.port = lib.mkOption {
|
|
|
|
type = notnft.types.expression;
|
|
|
|
description = "source port (nft expr)";
|
|
|
|
};
|
|
|
|
options.target4 = lib.mkOption {
|
|
|
|
default = null;
|
|
|
|
type = with lib.types; nullOr (submodule {
|
|
|
|
options.address = lib.mkOption {
|
|
|
|
type = router-lib.types.ipv4;
|
|
|
|
description = "ipv4 address";
|
|
|
|
};
|
|
|
|
options.port = lib.mkOption {
|
2023-07-12 03:26:50 +07:00
|
|
|
type = nullOr port;
|
2023-06-24 07:12:11 +07:00
|
|
|
description = "target port";
|
|
|
|
default = null;
|
|
|
|
};
|
|
|
|
});
|
|
|
|
description = "port forwarding target (ipv4)";
|
|
|
|
};
|
|
|
|
options.target6 = lib.mkOption {
|
|
|
|
default = null;
|
|
|
|
type = with lib.types; nullOr (submodule {
|
|
|
|
options.address = lib.mkOption {
|
|
|
|
type = router-lib.types.ipv6;
|
|
|
|
description = "ipv6 address";
|
|
|
|
};
|
|
|
|
options.port = lib.mkOption {
|
2023-07-12 03:26:50 +07:00
|
|
|
type = nullOr port;
|
2023-06-24 07:12:11 +07:00
|
|
|
description = "target port";
|
|
|
|
default = null;
|
|
|
|
};
|
|
|
|
});
|
|
|
|
description = "port forwarding target (ipv6)";
|
|
|
|
};
|
|
|
|
options.tcp = lib.mkOption {
|
|
|
|
type = lib.types.bool;
|
|
|
|
description = "whether to forward tcp";
|
|
|
|
};
|
|
|
|
options.udp = lib.mkOption {
|
|
|
|
type = lib.types.bool;
|
|
|
|
description = "whether to forward udp";
|
|
|
|
};
|
|
|
|
});
|
|
|
|
};
|
2023-06-20 15:11:01 +07:00
|
|
|
};
|
|
|
|
}
|