fablab-nea/nix-gscheits
1
0
Fork 0
Code Issues 7 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Add public network for events

Browse source
This commit is contained in:
Jakob Lechner 2022-08-03 00:31:57 +00:00
parent 33852f2c0d
commit 4dead39dcc
No known key found for this signature in database
GPG key ID: 996082EFB5906C10
4 changed files with 55 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
machines/raven/configuration.nix
View file

@ -21,6 +21,10 @@
id = 5; id = 5;
interface = "eno1"; interface = "eno1";
}; };
pubevent = {
id = 6;
interface = "eno1";
};
}; };
interfaces = { interfaces = {
eno2.useDHCP = true; eno2.useDHCP = true;
@ -28,6 +32,10 @@
address = "192.168.94.1"; address = "192.168.94.1";
prefixLength = 24; prefixLength = 24;
}]; }];
pubevent.ipv4.addresses = [{
address = "10.10.0.1";
prefixLength = 20;
}];
voip.ipv4.addresses = [{ voip.ipv4.addresses = [{
address = "192.168.93.1"; address = "192.168.93.1";
prefixLength = 24; prefixLength = 24;
@ -38,6 +46,7 @@
externalInterface = "eno2"; externalInterface = "eno2";
internalInterfaces = [ internalInterfaces = [
"labprod" "labprod"
"pubevent"
"voip" "voip"
]; ];
}; };

41
machines/raven/services/dnsmasq.nix
View file

@ -1,11 +1,31 @@
{ pkgs, ... }: { pkgs, ... }:
let
stateDir = "/var/lib/dnsmasq";
dnsmasqEventsConf = pkgs.writeText "dnsmasq-events.conf" ''
dhcp-leasefile=${stateDir}/dnsmasq-events.leases
bind-dynamic
listen-address=10.10.0.1
except-interface=lo
domain=events.fablab-nea.de
dhcp-range=10.10.0.20,10.10.15.254,24h
cache-size=10000
dns-forward-max=1000
no-hosts
'';
in
{ {
services.dnsmasq = { services.dnsmasq = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
bind-dynamic bind-dynamic
listen-address=192.168.93.1
listen-address=192.168.94.1
interface=lo
expand-hosts expand-hosts
domain=lab.fablab-nea.de domain=lab.fablab-nea.de
@ -34,6 +54,27 @@
]; ];
}; };
systemd.services."dnsmasq-events" = {
description = "dnsmasq daemon for public event network";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.dnsmasq ];
preStart = ''
mkdir -m 755 -p ${stateDir}
dnsmasq --test -C ${dnsmasqEventsConf}
'';
serviceConfig = {
Type = "dbus";
BusName = "uk.org.thekelleys.dnsmasq-events";
ExecStart = "${pkgs.dnsmasq}/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C ${dnsmasqEventsConf}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
PrivateTmp = true;
ProtectSystem = true;
ProtectHome = true;
Restart = "on-failure";
};
};
networking.firewall = { networking.firewall = {
allowedUDPPorts = [ 53 67 ]; allowedUDPPorts = [ 53 67 ];
allowedTCPPorts = [ 53 ]; allowedTCPPorts = [ 53 ];

4
pkgs/fablab/freeradius-anon-access/raddb/mods-available/eap
View file

@ -836,7 +836,7 @@ eap {
# #
# allowed values: {no, yes} # allowed values: {no, yes}
# #
use_tunneled_reply = no use_tunneled_reply = yes
# The inner tunneled request can be sent # The inner tunneled request can be sent
# through a virtual server constructed # through a virtual server constructed
@ -945,7 +945,7 @@ eap {
# sections of sites-available/default, and of # sections of sites-available/default, and of
# sites-available/inner-tunnel # sites-available/inner-tunnel
# #
use_tunneled_reply = no use_tunneled_reply = yes
# When the tunneled session is proxied, the # When the tunneled session is proxied, the
# home server may not understand EAP-MSCHAP-V2. # home server may not understand EAP-MSCHAP-V2.

3
pkgs/fablab/freeradius-anon-access/raddb/mods-config/files/authorize
View file

@ -2,6 +2,9 @@ anonymous Cleartext-Password := "anonymous"
#/ wildcard, accept any credentials #/ wildcard, accept any credentials
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Auth-Type := Accept DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Auth-Type := Accept
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 6
#DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Auth-Type := Accept #DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Auth-Type := Accept
# session-timeout = 14400, # session-timeout = 14400,