feat[server]: add initial router config

2025-12-06 09:07:21 +01:00 · 2025-11-10 01:30:18 +01:00 · 2025-11-10 01:30:18 +01:00 · cea15be44d
commit cea15be44d
parent 719d92c178
11 changed files with 470 additions and 15 deletions
--- a/modules/nixos/server/router.nix
+++ b/modules/nixos/server/router.nix
@ -0,0 +1,56 @@
+{ lib, config, ... }:
+let
+  serviceName = "router";
+in
+{
+  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+
+    systemd.network = {
+      wait-online.anyInterface = true;
+      networks = {
+        "30-lan0" = {
+          matchConfig.Name = "lan0";
+          linkConfig.RequiredForOnline = "enslaved";
+          networkConfig = {
+            ConfigureWithoutCarrier = true;
+          };
+        };
+        "30-lan1" = {
+          matchConfig.Name = "lan1";
+          linkConfig.RequiredForOnline = "enslaved";
+          networkConfig = {
+            ConfigureWithoutCarrier = true;
+          };
+        };
+        "30-lan2" = {
+          matchConfig.Name = "lan2";
+          linkConfig.RequiredForOnline = "enslaved";
+          networkConfig = {
+            ConfigureWithoutCarrier = true;
+          };
+        };
+        "30-lan3" = {
+          matchConfig.Name = "lan3";
+          linkConfig.RequiredForOnline = "enslaved";
+          networkConfig = {
+            ConfigureWithoutCarrier = true;
+          };
+        };
+        "10-wan" = {
+          matchConfig.Name = "wan";
+          networkConfig = {
+            # start a DHCP Client for IPv4 Addressing/Routing
+            DHCP = "ipv4";
+            DNSOverTLS = true;
+            DNSSEC = true;
+            IPv6PrivacyExtensions = false;
+            IPForward = true;
+          };
+          # make routing on this interface a dependency for network-online.target
+          linkConfig.RequiredForOnline = "routable";
+        };
+      };
+    };
+  };
+}