#nixos-on-your-router on 2019-09-20

2019-08-19 13:17 eyJhb changed the topic of #nixos-on-your-router to: NixOS on your Router || https://logs.nix.samueldr.com/nixos-on-your-router

15:05 eyJhb has joined #nixos-on-your-router

15:06 <eyJhb> Anyone have a basic NixOS configuration for their own router they would like to share, before I start messing up my pfSense install and wiping it?

15:30 <q3k> what kind of router?

15:31 <q3k> i have some bgp router stuff, not sure if you're looking for that or a home gateway sort of deal

15:31 <eyJhb> q3k: Configs, not router hardware, already have the hardware (SuperMicro stuff) :D

15:31 <q3k> but generally i'd just do it incrementally instead of trying to copy others' configs

15:31 <q3k> no i undesrtand that

15:31 <eyJhb> But I think I have a bare minimum configuration now, so I can just get ethernet now

15:31 <q3k> but i'm not sure what sort of router _logic_ you're looking for

15:31 <eyJhb> Ah

15:32 <eyJhb> Currently, just anything bare minimum that gives me internet

15:32 <q3k> that's easy

15:32 <q3k> just follow the nixos installation manual

15:32 <eyJhb> After that, I need to setup my OpenVPN client, and forward ports using that again

15:32 <q3k> unless by 'gives me internet' you mean acts as a NAT

15:32 <q3k> okay, you likely mean the whole home gateway stuff, i don't have an example for that

15:32 <eyJhb> Acts as NAT, this is afterall router channel :D

15:32 <q3k> router is an overloaded terms

15:32 <q3k> internet routers generally don't NAT

15:33 <q3k> you're looking for 'home gateway' if you wanna be nitpicky

15:33 <q3k> anyway, start simple (maybe in a VM), build up on that

15:33 <q3k> if you stumble on some issues just ping someone here

15:34 <q3k> also https://nixos.org/nixos/options.html is your friend

15:34 <eyJhb> Yeah, don't know how I will get much internet while I am doing it, so I have just downloaded a bunch of confs, and hoping that my minimal config will work. Because I don't know how well my Android AP will work

15:35 <q3k> honestly, start in a VM, then port the config

15:35 <q3k> if you get it to work in a simulated environment, then you can just transplat configuration.nix to the real thing and it should just work

15:35 <eyJhb> Well, VM would require a dev setup in the form of a minimal network

15:35 <q3k> that's like 5 clicks in virt-manager if you're using libvirt :P

15:36 <eyJhb> That is a future plan as well! I am using my much hated VirtualBox.. Only hate it because it needs to recompile. .Every ... Single.. Upgrade... :p

15:58 pie_ has quit [Ping timeout: 265 seconds]

16:16 <eyJhb> Well well well, something works q3k ! :p

16:16 <eyJhb> Now I should probably setup some DNS server on my .. gateway? Or what did we end up calling it , and fine tune the configuration a little bit :D

16:16 <q3k> give it a cute name

16:17 <eyJhb> Isn't "srrouter" a cute name? :/

16:17 <q3k> nsd and unbound!

16:17 <q3k> that's my to-go combo for a recursor and authoritative nameserver

16:17 <eyJhb> nsdbound!

16:17 <eyJhb> Oh

16:18 <eyJhb> Yeah, unbound I have SOME experience with

16:18 <eyJhb> Are you sh.... me? http://troubleshooters.com/troubleshooters_strike_20190920.htm :p

16:19 <eyJhb> DO you have a config q3k ?

16:19 <eyJhb> Just for reference

16:19 <q3k> https://nixos.org/nixos/options.html#nsd

16:19 <q3k> https://nixos.org/nixos/options.html#unbound

16:19 <q3k> :P

16:20 <q3k> nothing ready to share, my dns is still running on an ubuntu box

16:21 <qyliss> I run unbound on my VPS

16:21 <eyJhb> Damn :p Lets see how many times I will loose my internet

16:21 <qyliss> it was services.unbound.enable = true; for me

16:22 <eyJhb> I probably need to edit allowedAccess as well, else it seems good-to-go

16:24 <q3k> yep

16:25 <q3k> also forwardAddresses if you want to forward instaead of recursing

16:26 <eyJhb> I would use forwardAddresses if I want nsd+unbound, right?

16:43 <q3k> no, if you want to use something like your ISP DNS or 8.8.8.8 for your DNS

16:43 <q3k> for nsd, you want to use stub zones, and I think those are not exposed directly as nixos options, you have to append a config

16:44 <q3k> something like

16:44 <q3k> stub-zone:

16:44 <q3k> name: "foo.example.com"

16:44 <q3k> stub-addr: 127.0.0.1@5353

16:44 <q3k> and then run nsd on port 5353

16:49 <cransom> is there a good reason to use nsd+unbound over dnsmasq? i've been using dnsmasq for forever as the dhcp+dns functionality is basically essential to me and bind+dhcpd of old was painful to setup/maintain.

16:49 <q3k> dnsmasq is somewhat simplistic

16:50 <q3k> it can't do things like stub zones, only simple hosts-style overrides

16:51 <q3k> not sure it can do things like dhcp proxying either

16:52 <q3k> you might not need those, but I do, hence why I automatically recommnd nsd/unbound/isc_dhcp

16:53 <cransom> on the plus side, dnsmasq doesn't redirect you to a climate strike page when are looking for docs on it with no option to find what you really want after reading their plea.

16:54 <qyliss> wouldn't call that a plus side

16:54 <q3k> wasn't that troubleshooters site unrealted to official docs?

16:54 <qyliss> although, what are you talking about? I can see unbound's docs fine

16:54 <q3k> https://nlnetlabs.nl/documentation/unbound/ https://www.nlnetlabs.nl/documentation/nsd/

16:54 <cransom> top hit of "nsd unbound" for me in google is troubleshooters.com

16:55 <q3k> yeah that's not their official site

16:55 <q3k> just someone's blog

16:55 <cransom> troubleshooters.com has some excellent seo then.

16:56 <q3k> or, you know, good content

17:08 <eyJhb> Disabled my DHCP server, and dropped my IP

17:08 <eyJhb> The joys !

17:10 <eyJhb> But up and running now. So DNS (Unbound) and DHCPd working fine now

17:12 <eyJhb> So next up, openvpn, and then I can look more into clean up and if it makes sense to setup nsd etc.

19:04 pie_ has joined #nixos-on-your-router

19:23 qyliss has quit [Quit: bye]

19:27 qyliss has joined #nixos-on-your-router