parameterize main nic and dmz bridge interface names

firewall some services to particular interfaces
2024-01-13 00:05:25 +01:00 · 2024-01-13 00:05:25 +01:00 · 76501362f7
commit 76501362f7
parent 6bcdd774ac
5 changed files with 44 additions and 28 deletions
--- a/nixos/modules/networking/dmz/default.nix
+++ b/nixos/modules/networking/dmz/default.nix
@ -21,7 +21,7 @@ in
  };

  config = lib.mkIf cfg.enable {
-    networking.firewall = {
+    networking.firewall.interfaces.${config.lab.networking.dmzBridgeName} = {
      allowedTCPPorts = [ 53 5353 ];
      allowedUDPPorts = [ 53 67 5353 ];
    };
--- a/nixos/modules/networking/dmz/dnsmasq.nix
+++ b/nixos/modules/networking/dmz/dnsmasq.nix
@ -4,34 +4,38 @@ let
 in
 {
  no-resolv = true;
-  server = [
-    dmzRouterIPv4
-    "/geokunis2.nl/${dmzDHCPIPv4}"
-    "/kun.is/${dmzDHCPIPv4}"
-  ];
  local = "/dmz/";
  dhcp-fqdn = true;
  no-hosts = true;
  expand-hosts = true;
  domain = "dmz";
  dhcp-authoritative = true;
-  dhcp-range = [
-    "192.168.30.50,192.168.30.127,15m"
-  ];
-  dhcp-host = [
-    "b8:27:eb:b9:ab:e2,esrom"
-    "ca:fe:c0:ff:ee:08,maestro,${dockerSwarmInternalIPv4}"
-  ];
-  dhcp-option = [
-    "3,${dmzRouterIPv4}"
-    "option:dns-server,${dmzRouterIPv4}"
-  ];
  ra-param = "*,0,0";
  alias = "${publicIPv4},${dockerSwarmInternalIPv4}";
  log-dhcp = true;
  log-queries = true;
-  # interface-name = "hermes.dmz,ens3";
  port = "5353";
+
+  server = [
+    dmzRouterIPv4
+    "/geokunis2.nl/${dmzDHCPIPv4}"
+    "/kun.is/${dmzDHCPIPv4}"
+  ];
+
+  dhcp-range = [
+    "192.168.30.50,192.168.30.127,15m"
+  ];
+
+  dhcp-host = [
+    "b8:27:eb:b9:ab:e2,esrom"
+    "ca:fe:c0:ff:ee:08,maestro,${dockerSwarmInternalIPv4}"
+  ];
+
+  dhcp-option = [
+    "3,${dmzRouterIPv4}"
+    "option:dns-server,${dmzRouterIPv4}"
+  ];
+
  address = [
    "/ns.pizzapim.nl/ns.geokunis2.nl/${dmzDHCPIPv4}"
  ];