nixos/castle: Add lan-lo

nixos/home/routing-common: Add DHCP pool for untrusted LAN
2026-03-04 21:30:53 +00:00 · 2026-03-03 20:15:45 +00:00
2 changed files with 41 additions and 1 deletions
--- a/nixos/boxes/home/castle/default.nix
+++ b/nixos/boxes/home/castle/default.nix
@@ -118,6 +118,7 @@ in
            };
          };
          blueman.enable = true;
+          avahi.enable = true;
        };

        programs = {
@@ -161,6 +162,7 @@ in
          network = {
            netdevs = mkMerge [
              (mkVLAN "lan-hi" vlans.hi)
+              (mkVLAN "lan-lo" vlans.lo)
            ];
            links = {
              "10-et2.5g" = {
@@ -182,7 +184,7 @@ in
            networks = {
              "30-et100g" = {
                matchConfig.Name = "et100g";
-                vlan = [ "lan-hi" ];
+                vlan = [ "lan-hi" "lan-lo" ];
                networkConfig.IPv6AcceptRA = false;
              };
              "40-lan-hi" = mkMerge [
@@ -190,6 +192,22 @@ in
                # So we don't drop the IP we use to connect to NVMe-oF!
                { networkConfig.KeepConfiguration = "static"; }
              ];
+              "45-lan-lo" = {
+                matchConfig.Name = "lan-lo";
+                networkConfig = {
+                  DHCP = "ipv4";
+                  IPv6AcceptRA = true;
+                  UseDomains = false;
+                };
+                dhcpV4Config = {
+                  UseDNS = false;
+                  UseGateway = false;
+                };
+                ipv6AcceptRAConfig = {
+                  UseDNS = false;
+                  UseGateway = false;
+                };
+              };
            };
          };
        };
--- a/nixos/boxes/home/routing-common/kea.nix
+++ b/nixos/boxes/home/routing-common/kea.nix
@@ -165,6 +165,28 @@ in
                }
              ];
            }
+            {
+              id = 3;
+              subnet = prefixes.untrusted.v4;
+              interface = "lan-untrusted";
+              option-data = [
+                {
+                  name = "routers";
+                  data = vips.untrusted.v4;
+                }
+                {
+                  name = "domain-name-servers";
+                  data = "1.1.1.1, 1.0.0.1";
+                }
+              ];
+              pools = [
+                {
+                  pool = if index == 0
+                    then "192.168.80.10 - 192.168.80.127"
+                    else "192.168.80.128 - 192.168.80.250";
+                }
+              ];
+            }
          ];
          ddns-send-updates = true;
          ddns-replace-client-name = "when-not-present";
Author	SHA1	Message	Date
Jack O'Sullivan	dde682390f	nixos/castle: Add lan-lo Some checks failed CI / Check, build and cache nixfiles (push) Failing after 6m27s Details	2026-03-04 21:30:53 +00:00
Jack O'Sullivan	4ec59a64ce	nixos/home/routing-common: Add DHCP pool for untrusted LAN	2026-03-03 20:15:45 +00:00