jasmine/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(fuchsia): add internet sharing service for 3D printer

Browse source 
Enables internet connection sharing from WiFi (wlo1) to Ethernet (enp34s0)
to provide network access for the 3D printer. Includes DHCP server with
static IP reservation, DNS forwarding through Pi-hole, and NAT configuration.
This commit is contained in:
♥ Minnie ♥ 2025-10-30 14:57:38 +08:00
parent e18635be43
commit 421ac61655
Signed by: jasmine
GPG key ID: 8563E358D4E8040E
3 changed files with 101 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

28
CLAUDE.md
View file

@ -171,10 +171,13 @@ Services are organized by host in `nixos/<hostname>/services/`:
- **Unfree packages**: Add to allowlist in `nixos/common/global/default.nix` - **Unfree packages**: Add to allowlist in `nixos/common/global/default.nix`
### Testing Changes ### Testing Changes
1. Build configuration: `just build <hostname>` 1. **IMPORTANT**: Stage new files with git before building or checking
2. Check for evaluation errors: `nix flake check` - Nix flakes only evaluate files tracked in git
3. Review changes before switching - Run `git add <file>` for any new files before `nix flake check` or build
4. Switch: `just switch <hostname>` (local) or `just deploy <hostname>` (remote) 2. Build configuration: `just build <hostname>`
3. Check for evaluation errors: `nix flake check`
4. Review changes before switching
5. Switch: `just switch <hostname>` (local) or `just deploy <hostname>` (remote)
### Managing Secrets ### Managing Secrets
- Secrets are encrypted per-host and stored in - Secrets are encrypted per-host and stored in
@ -186,6 +189,23 @@ Services are organized by host in `nixos/<hostname>/services/`:
## Important Conventions ## Important Conventions
### Network IP Allocation
This infrastructure uses the following IP range scheme to avoid conflicts:
**Allocated Ranges:**
- `192.168.50.0/24` - Home router/main LAN
- `10.1.0.0/24` - Internet sharing from fuchsia (Ethernet to printer)
- `10.2.0.0/24` - Reserved for future internet sharing from another host
- `10.3.0.0/24` - Reserved for future internet sharing from another host
- `10.39.179.0/24` - WireGuard VPN on Raspberry Pi
- `172.17.0.0/16` - Docker default bridge network (viridian)
**Conventions:**
- Internet connection sharing uses `10.N.0.0/24` where N is 1, 2, 3, etc.
- Gateway host is always `10.N.0.1`
- DHCP pools typically use `10.N.0.2` through `10.N.0.10`
- Keep VPN/tunnel ranges in the `10.30.0.0/16` and higher space
### Line Length ### Line Length
Keep all Nix code to a maximum of 100 characters per line for consistency. Keep all Nix code to a maximum of 100 characters per line for consistency.

1
nixos/fuchsia/services/default.nix
View file

@ -3,6 +3,7 @@
./amdgpu-clocks ./amdgpu-clocks
./borgbackup ./borgbackup
./flatpak ./flatpak
./internet-sharing
./libinput ./libinput
./pipewire ./pipewire
./printing ./printing

76
nixos/fuchsia/services/internet-sharing/default.nix Normal file
View file

@ -0,0 +1,76 @@
{
config,
lib,
pkgs,
...
}: {
# Internet connection sharing for 3D printer over Ethernet
# Shares WiFi connection (wlo1) to Ethernet (enp34s0) using 10.1.0.0/24
# Enable IP forwarding to route traffic between interfaces
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
networking = {
# Tell NetworkManager not to manage the Ethernet interface
networkmanager.unmanaged = ["enp34s0"];
# Configure static IP on Ethernet interface
interfaces.enp34s0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "10.1.0.1";
prefixLength = 24;
}
];
};
# Firewall configuration for connection sharing
firewall = {
# Allow DHCP and DNS traffic on the Ethernet interface
interfaces.enp34s0 = {
allowedUDPPorts = [
53 # DNS queries
67 # DHCP server
];
};
# Allow traffic forwarding
extraCommands = ''
# NAT: masquerade traffic from Ethernet going to WiFi
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
# Allow forwarding from Ethernet to WiFi
iptables -A FORWARD -i enp34s0 -o wlo1 -j ACCEPT
# Allow established connections back from WiFi to Ethernet
iptables -A FORWARD -i wlo1 -o enp34s0 -m state \
--state RELATED,ESTABLISHED -j ACCEPT
'';
};
};
# DHCP server for automatic IP assignment to printer
services.dnsmasq = {
enable = true;
settings = {
# Only listen on the Ethernet interface
interface = "enp34s0";
# Bind only to specified interface
bind-interfaces = true;
# Don't read /etc/resolv.conf
no-resolv = true;
# DHCP range: 10.1.0.2 through 10.1.0.10, 24h lease
dhcp-range = ["10.1.0.2,10.1.0.10,24h"];
# Upstream DNS: Pi-hole for ad-blocking and network-wide filtering
server = ["192.168.50.249"];
# Gateway for DHCP clients
dhcp-option = ["option:router,10.1.0.1"];
# Static DHCP reservation for 3D printer (BigTreeTech CB1)
dhcp-host = [
"5a:0a:da:dc:b8:2f,10.1.0.2,bigtreetech-cb1,infinite"
];
};
};
}