feat(fuchsia): add internet sharing service for 3D printer

Enables internet connection sharing from WiFi (wlo1) to Ethernet (enp34s0) to provide network access for the 3D printer. Includes DHCP server with static IP reservation, DNS forwarding through Pi-hole, and NAT configuration.
2025-10-30 14:57:38 +08:00 · 2025-10-30 14:57:38 +08:00 · 421ac61655
commit 421ac61655
parent e18635be43
3 changed files with 101 additions and 4 deletions
--- a/nixos/fuchsia/services/default.nix
+++ b/nixos/fuchsia/services/default.nix
@ -3,6 +3,7 @@
    ./amdgpu-clocks
    ./borgbackup
    ./flatpak
+    ./internet-sharing
    ./libinput
    ./pipewire
    ./printing
--- a/nixos/fuchsia/services/internet-sharing/default.nix
+++ b/nixos/fuchsia/services/internet-sharing/default.nix
@ -0,0 +1,76 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  # Internet connection sharing for 3D printer over Ethernet
+  # Shares WiFi connection (wlo1) to Ethernet (enp34s0) using 10.1.0.0/24
+
+  # Enable IP forwarding to route traffic between interfaces
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = 1;
+    "net.ipv6.conf.all.forwarding" = 1;
+  };
+
+  networking = {
+    # Tell NetworkManager not to manage the Ethernet interface
+    networkmanager.unmanaged = ["enp34s0"];
+
+    # Configure static IP on Ethernet interface
+    interfaces.enp34s0 = {
+      useDHCP = false;
+      ipv4.addresses = [
+        {
+          address = "10.1.0.1";
+          prefixLength = 24;
+        }
+      ];
+    };
+
+    # Firewall configuration for connection sharing
+    firewall = {
+      # Allow DHCP and DNS traffic on the Ethernet interface
+      interfaces.enp34s0 = {
+        allowedUDPPorts = [
+          53  # DNS queries
+          67  # DHCP server
+        ];
+      };
+
+      # Allow traffic forwarding
+      extraCommands = ''
+        # NAT: masquerade traffic from Ethernet going to WiFi
+        iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
+        # Allow forwarding from Ethernet to WiFi
+        iptables -A FORWARD -i enp34s0 -o wlo1 -j ACCEPT
+        # Allow established connections back from WiFi to Ethernet
+        iptables -A FORWARD -i wlo1 -o enp34s0 -m state \
+          --state RELATED,ESTABLISHED -j ACCEPT
+      '';
+    };
+  };
+
+  # DHCP server for automatic IP assignment to printer
+  services.dnsmasq = {
+    enable = true;
+    settings = {
+      # Only listen on the Ethernet interface
+      interface = "enp34s0";
+      # Bind only to specified interface
+      bind-interfaces = true;
+      # Don't read /etc/resolv.conf
+      no-resolv = true;
+      # DHCP range: 10.1.0.2 through 10.1.0.10, 24h lease
+      dhcp-range = ["10.1.0.2,10.1.0.10,24h"];
+      # Upstream DNS: Pi-hole for ad-blocking and network-wide filtering
+      server = ["192.168.50.249"];
+      # Gateway for DHCP clients
+      dhcp-option = ["option:router,10.1.0.1"];
+      # Static DHCP reservation for 3D printer (BigTreeTech CB1)
+      dhcp-host = [
+        "5a:0a:da:dc:b8:2f,10.1.0.2,bigtreetech-cb1,infinite"
+      ];
+    };
+  };
+}