From a7589ad4fe526f910544fd286476e312ddb4a4fd Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 1 May 2024 10:39:52 +0200 Subject: [PATCH 1/3] add initial router config --- flake.nix | 4 ++++ mikrotik.nix | 44 +++++++++++++++++++++++++++++++++++ router.nix | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 113 insertions(+) create mode 100644 mikrotik.nix create mode 100644 router.nix diff --git a/flake.nix b/flake.nix index 92d00f0..344ed2a 100644 --- a/flake.nix +++ b/flake.nix @@ -46,5 +46,9 @@ inputs@{ self, nixpkgs, ... }: { nixosConfigurations = import ./systems.nix { inherit self inputs nixpkgs; }; + packages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: import ./mikrotik.nix { + inherit system inputs; + pkgs = nixpkgs.legacyPackages.${system}; + }); }; } diff --git a/mikrotik.nix b/mikrotik.nix new file mode 100644 index 0000000..d393fe3 --- /dev/null +++ b/mikrotik.nix @@ -0,0 +1,44 @@ +{ mikrotik-config ? ./router.nix, pkgs, inputs, system}: +with pkgs; +with lib; +with builtins; + +let + rtr = (import mikrotik-config); + + formatValue = key: value: + if key == "comment" then + ''${key}="${value}"'' + else if key == "no_label" then + formatValue null value + #''${key}="${value}"'' + else if isAttrs value && key != null then + concatStringsSep " " (["${key}"] ++ (mapAttrsToList (k: v: formatValue k v) value)) + + else if isAttrs value then + concatStringsSep " " (mapAttrsToList (k: v: formatValue k v) value) + + else + "${key}=${value}"; + + formatSection = name: opts: + [ "${name}" ] ++ (if isAttrs opts then + (mapAttrsToList (k: v: "set ${formatValue k v}") opts) + else + (map (x: "add ${formatValue null x}") opts)); + +in rec { + mikrotik-router = stdenv.mkDerivation rec { + version = "0.0.1"; + name = "mikrotik-router-${version}"; + + src = builtins.toFile "router-config.rsc" (concatStringsSep "\n" + (flatten (mapAttrsToList (key: values: formatSection key values) rtr))); + + builder = builtins.toFile "builder.sh" '' + source $stdenv/setup + mkdir $out + install $src $out/router-config.rsc + ''; + }; +} diff --git a/router.nix b/router.nix new file mode 100644 index 0000000..e1cc0f5 --- /dev/null +++ b/router.nix @@ -0,0 +1,65 @@ +{ + "/interface bridge" = [ + { + auto-mac = "no"; + comment = "defconf"; + name = "bridge"; + } + ]; + "/interface list" = [ + { comment = "defconf"; name = "WAN"; } + { comment = "defconf"; name = "LAN"; } + ]; + "/interface wireless security-profiles" = [{ find.default = "yes"; supplicant-identity = "MikroTik"; }]; + "/ip pool" = [ + { name = "default-dhcp"; ranges = "192.168.88.10-192.168.88.254"; } + ]; + "/ip dhcp-server" = [ + { address-pool = "default-dhcp"; disabled = "no"; interface = "bridge"; name = "defconf"; } + ]; + "/interface bridge port" = [ + { bridge = "bridge"; comment = "defconf"; interface = "ether2"; } + { bridge = "bridge"; comment = "defconf"; interface = "ether3"; } + { bridge = "bridge"; comment = "defconf"; interface = "ether4"; } + { bridge = "bridge"; comment = "defconf"; interface = "ether5"; } + ]; + "/ip neighbor discovery-settings" = { discover-interface-list = "LAN"; }; + "/interface ethernet switch vlan" = [ + { "independent-learning" = "no"; ports = "ether2,ether3"; switch = "switch1"; "vlan-id" = "20"; } + { "independent-learning" = "no"; ports = "ether4"; switch = "switch1"; "vlan-id" = "30"; } + { "independent-learning" = "no"; ports = "ether5"; switch = "switch1"; "vlan-id" = "40"; } + ]; + "/interface list member" = [ + { comment = "defconf"; interface = "bridge"; list = "LAN"; } + { comment = "defconf"; interface = "ether1"; list = "WAN"; } + ]; + "/ip address" = [ + { address = "192.168.88.1/24"; comment = "defconf"; interface = "bridge"; network = "192.168.88.0"; } + ]; + "/ip dhcp-client" = [ + { comment = "defconf"; "dhcp-options" = "hostname,clientid"; disabled = "no"; interface = "ether1"; } + ]; + "/ip dhcp-server lease" = [{ address = "192.168.88.253"; "allow-dual-stack-queue" = "no"; "mac-address" = "D8:3A:DD:28:1D:3B"; }]; + "/ip dhcp-server network" = [{ address = "192.168.88.0/24"; comment = "defconf"; gateway = "192.168.88.1"; }]; + "/ip dns" = { "allow-remote-requests" = "yes"; servers = "192.168.88.253"; }; + "/ip dns static" = [{ address = "192.168.88.1"; name = "router.lan"; }]; + "/ip firewall filter" = [ + { action = "accept"; chain = "input"; comment = "defconf: accept established,related,untracked"; "connection-state" = "established,related,untracked"; } + { action = "drop"; chain = "input"; comment = "defconf: drop invalid"; "connection-state" = "invalid"; } + { action = "accept"; chain = "input"; comment = "defconf: accept ICMP"; protocol = "icmp"; } + { action = "drop"; chain = "input"; comment = "defconf: drop all not coming from LAN"; "in-interface-list" = "!LAN"; } + { action = "accept"; chain = "forward"; comment = "defconf: accept in ipsec policy"; "ipsec-policy" = "in,ipsec"; } + { action = "accept"; chain = "forward"; comment = "defconf: accept out ipsec policy"; "ipsec-policy" = "out,ipsec"; } + { action = "fasttrack-connection"; chain = "forward"; comment = "defconf: fasttrack"; "connection-state" = "established,related"; } + { action = "accept"; chain = "forward"; comment = "defconf: accept established,related, untracked"; "connection-state" = "established,related,untracked"; } + { action = "drop"; chain = "forward"; comment = "defconf: drop invalid"; "connection-state" = "invalid"; } + { action = "drop"; chain = "forward"; comment = "defconf: drop all from WAN not DSTNATed"; "connection-nat-state" = "!dstnat"; "connection-state" = "new"; "in-interface-list" = "WAN"; } + ]; + "/ip firewall nat" = [ + { action = "masquerade"; chain = "srcnat"; comment = "defconf: masquerade"; "ipsec-policy" = "out,none"; "out-interface-list" = "WAN"; } + ]; + "/system clock" = { "time-zone-name" = "Europe/Berlin"; }; + "/system routerboard settings" = { "silent-boot" = "no"; }; + "/tool mac-server" = { "allowed-interface-list" = "LAN"; }; + "/tool mac-server mac-winbox" = { "allowed-interface-list" = "LAN"; }; +} From 0e56405038a99acc0aa6b56a1a420ba97882239b Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 1 May 2024 10:40:26 +0200 Subject: [PATCH 2/3] format --- common.nix | 8 +- flake.nix | 11 +- mikrotik.nix | 37 +++-- router.nix | 228 ++++++++++++++++++++++++++----- systems/club-mate/default.nix | 14 +- systems/fritz-mate/default.nix | 10 +- systems/mio-mio-mate/default.nix | 12 +- users/default.nix | 6 +- 8 files changed, 257 insertions(+), 69 deletions(-) diff --git a/common.nix b/common.nix index a8274b0..d34e31e 100644 --- a/common.nix +++ b/common.nix @@ -1,4 +1,10 @@ -{ lib, pkgs, config, self, ... }: +{ + lib, + pkgs, + config, + self, + ... +}: { networking = { wireless = { diff --git a/flake.nix b/flake.nix index 344ed2a..f238a69 100644 --- a/flake.nix +++ b/flake.nix @@ -46,9 +46,12 @@ inputs@{ self, nixpkgs, ... }: { nixosConfigurations = import ./systems.nix { inherit self inputs nixpkgs; }; - packages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: import ./mikrotik.nix { - inherit system inputs; - pkgs = nixpkgs.legacyPackages.${system}; - }); + packages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed ( + system: + import ./mikrotik.nix { + inherit system inputs; + pkgs = nixpkgs.legacyPackages.${system}; + } + ); }; } diff --git a/mikrotik.nix b/mikrotik.nix index d393fe3..6897b45 100644 --- a/mikrotik.nix +++ b/mikrotik.nix @@ -1,4 +1,9 @@ -{ mikrotik-config ? ./router.nix, pkgs, inputs, system}: +{ + mikrotik-config ? ./router.nix, + pkgs, + inputs, + system, +}: with pkgs; with lib; with builtins; @@ -6,14 +11,15 @@ with builtins; let rtr = (import mikrotik-config); - formatValue = key: value: + formatValue = + key: value: if key == "comment" then ''${key}="${value}"'' else if key == "no_label" then formatValue null value - #''${key}="${value}"'' + #''${key}="${value}"'' else if isAttrs value && key != null then - concatStringsSep " " (["${key}"] ++ (mapAttrsToList (k: v: formatValue k v) value)) + concatStringsSep " " ([ "${key}" ] ++ (mapAttrsToList (k: v: formatValue k v) value)) else if isAttrs value then concatStringsSep " " (mapAttrsToList (k: v: formatValue k v) value) @@ -21,19 +27,24 @@ let else "${key}=${value}"; - formatSection = name: opts: - [ "${name}" ] ++ (if isAttrs opts then - (mapAttrsToList (k: v: "set ${formatValue k v}") opts) - else - (map (x: "add ${formatValue null x}") opts)); - -in rec { + formatSection = + name: opts: + [ "${name}" ] + ++ ( + if isAttrs opts then + (mapAttrsToList (k: v: "set ${formatValue k v}") opts) + else + (map (x: "add ${formatValue null x}") opts) + ); +in +rec { mikrotik-router = stdenv.mkDerivation rec { version = "0.0.1"; name = "mikrotik-router-${version}"; - src = builtins.toFile "router-config.rsc" (concatStringsSep "\n" - (flatten (mapAttrsToList (key: values: formatSection key values) rtr))); + src = builtins.toFile "router-config.rsc" ( + concatStringsSep "\n" (flatten (mapAttrsToList (key: values: formatSection key values) rtr)) + ); builder = builtins.toFile "builder.sh" '' source $stdenv/setup diff --git a/router.nix b/router.nix index e1cc0f5..63ed4cc 100644 --- a/router.nix +++ b/router.nix @@ -7,59 +7,215 @@ } ]; "/interface list" = [ - { comment = "defconf"; name = "WAN"; } - { comment = "defconf"; name = "LAN"; } + { + comment = "defconf"; + name = "WAN"; + } + { + comment = "defconf"; + name = "LAN"; + } + ]; + "/interface wireless security-profiles" = [ + { + find.default = "yes"; + supplicant-identity = "MikroTik"; + } ]; - "/interface wireless security-profiles" = [{ find.default = "yes"; supplicant-identity = "MikroTik"; }]; "/ip pool" = [ - { name = "default-dhcp"; ranges = "192.168.88.10-192.168.88.254"; } + { + name = "default-dhcp"; + ranges = "192.168.88.10-192.168.88.254"; + } ]; "/ip dhcp-server" = [ - { address-pool = "default-dhcp"; disabled = "no"; interface = "bridge"; name = "defconf"; } + { + address-pool = "default-dhcp"; + disabled = "no"; + interface = "bridge"; + name = "defconf"; + } ]; "/interface bridge port" = [ - { bridge = "bridge"; comment = "defconf"; interface = "ether2"; } - { bridge = "bridge"; comment = "defconf"; interface = "ether3"; } - { bridge = "bridge"; comment = "defconf"; interface = "ether4"; } - { bridge = "bridge"; comment = "defconf"; interface = "ether5"; } + { + bridge = "bridge"; + comment = "defconf"; + interface = "ether2"; + } + { + bridge = "bridge"; + comment = "defconf"; + interface = "ether3"; + } + { + bridge = "bridge"; + comment = "defconf"; + interface = "ether4"; + } + { + bridge = "bridge"; + comment = "defconf"; + interface = "ether5"; + } ]; - "/ip neighbor discovery-settings" = { discover-interface-list = "LAN"; }; + "/ip neighbor discovery-settings" = { + discover-interface-list = "LAN"; + }; "/interface ethernet switch vlan" = [ - { "independent-learning" = "no"; ports = "ether2,ether3"; switch = "switch1"; "vlan-id" = "20"; } - { "independent-learning" = "no"; ports = "ether4"; switch = "switch1"; "vlan-id" = "30"; } - { "independent-learning" = "no"; ports = "ether5"; switch = "switch1"; "vlan-id" = "40"; } + { + "independent-learning" = "no"; + ports = "ether2,ether3"; + switch = "switch1"; + "vlan-id" = "20"; + } + { + "independent-learning" = "no"; + ports = "ether4"; + switch = "switch1"; + "vlan-id" = "30"; + } + { + "independent-learning" = "no"; + ports = "ether5"; + switch = "switch1"; + "vlan-id" = "40"; + } ]; "/interface list member" = [ - { comment = "defconf"; interface = "bridge"; list = "LAN"; } - { comment = "defconf"; interface = "ether1"; list = "WAN"; } + { + comment = "defconf"; + interface = "bridge"; + list = "LAN"; + } + { + comment = "defconf"; + interface = "ether1"; + list = "WAN"; + } ]; "/ip address" = [ - { address = "192.168.88.1/24"; comment = "defconf"; interface = "bridge"; network = "192.168.88.0"; } + { + address = "192.168.88.1/24"; + comment = "defconf"; + interface = "bridge"; + network = "192.168.88.0"; + } ]; "/ip dhcp-client" = [ - { comment = "defconf"; "dhcp-options" = "hostname,clientid"; disabled = "no"; interface = "ether1"; } + { + comment = "defconf"; + "dhcp-options" = "hostname,clientid"; + disabled = "no"; + interface = "ether1"; + } + ]; + "/ip dhcp-server lease" = [ + { + address = "192.168.88.253"; + "allow-dual-stack-queue" = "no"; + "mac-address" = "D8:3A:DD:28:1D:3B"; + } + ]; + "/ip dhcp-server network" = [ + { + address = "192.168.88.0/24"; + comment = "defconf"; + gateway = "192.168.88.1"; + } + ]; + "/ip dns" = { + "allow-remote-requests" = "yes"; + servers = "192.168.88.253"; + }; + "/ip dns static" = [ + { + address = "192.168.88.1"; + name = "router.lan"; + } ]; - "/ip dhcp-server lease" = [{ address = "192.168.88.253"; "allow-dual-stack-queue" = "no"; "mac-address" = "D8:3A:DD:28:1D:3B"; }]; - "/ip dhcp-server network" = [{ address = "192.168.88.0/24"; comment = "defconf"; gateway = "192.168.88.1"; }]; - "/ip dns" = { "allow-remote-requests" = "yes"; servers = "192.168.88.253"; }; - "/ip dns static" = [{ address = "192.168.88.1"; name = "router.lan"; }]; "/ip firewall filter" = [ - { action = "accept"; chain = "input"; comment = "defconf: accept established,related,untracked"; "connection-state" = "established,related,untracked"; } - { action = "drop"; chain = "input"; comment = "defconf: drop invalid"; "connection-state" = "invalid"; } - { action = "accept"; chain = "input"; comment = "defconf: accept ICMP"; protocol = "icmp"; } - { action = "drop"; chain = "input"; comment = "defconf: drop all not coming from LAN"; "in-interface-list" = "!LAN"; } - { action = "accept"; chain = "forward"; comment = "defconf: accept in ipsec policy"; "ipsec-policy" = "in,ipsec"; } - { action = "accept"; chain = "forward"; comment = "defconf: accept out ipsec policy"; "ipsec-policy" = "out,ipsec"; } - { action = "fasttrack-connection"; chain = "forward"; comment = "defconf: fasttrack"; "connection-state" = "established,related"; } - { action = "accept"; chain = "forward"; comment = "defconf: accept established,related, untracked"; "connection-state" = "established,related,untracked"; } - { action = "drop"; chain = "forward"; comment = "defconf: drop invalid"; "connection-state" = "invalid"; } - { action = "drop"; chain = "forward"; comment = "defconf: drop all from WAN not DSTNATed"; "connection-nat-state" = "!dstnat"; "connection-state" = "new"; "in-interface-list" = "WAN"; } + { + action = "accept"; + chain = "input"; + comment = "defconf: accept established,related,untracked"; + "connection-state" = "established,related,untracked"; + } + { + action = "drop"; + chain = "input"; + comment = "defconf: drop invalid"; + "connection-state" = "invalid"; + } + { + action = "accept"; + chain = "input"; + comment = "defconf: accept ICMP"; + protocol = "icmp"; + } + { + action = "drop"; + chain = "input"; + comment = "defconf: drop all not coming from LAN"; + "in-interface-list" = "!LAN"; + } + { + action = "accept"; + chain = "forward"; + comment = "defconf: accept in ipsec policy"; + "ipsec-policy" = "in,ipsec"; + } + { + action = "accept"; + chain = "forward"; + comment = "defconf: accept out ipsec policy"; + "ipsec-policy" = "out,ipsec"; + } + { + action = "fasttrack-connection"; + chain = "forward"; + comment = "defconf: fasttrack"; + "connection-state" = "established,related"; + } + { + action = "accept"; + chain = "forward"; + comment = "defconf: accept established,related, untracked"; + "connection-state" = "established,related,untracked"; + } + { + action = "drop"; + chain = "forward"; + comment = "defconf: drop invalid"; + "connection-state" = "invalid"; + } + { + action = "drop"; + chain = "forward"; + comment = "defconf: drop all from WAN not DSTNATed"; + "connection-nat-state" = "!dstnat"; + "connection-state" = "new"; + "in-interface-list" = "WAN"; + } ]; "/ip firewall nat" = [ - { action = "masquerade"; chain = "srcnat"; comment = "defconf: masquerade"; "ipsec-policy" = "out,none"; "out-interface-list" = "WAN"; } + { + action = "masquerade"; + chain = "srcnat"; + comment = "defconf: masquerade"; + "ipsec-policy" = "out,none"; + "out-interface-list" = "WAN"; + } ]; - "/system clock" = { "time-zone-name" = "Europe/Berlin"; }; - "/system routerboard settings" = { "silent-boot" = "no"; }; - "/tool mac-server" = { "allowed-interface-list" = "LAN"; }; - "/tool mac-server mac-winbox" = { "allowed-interface-list" = "LAN"; }; + "/system clock" = { + "time-zone-name" = "Europe/Berlin"; + }; + "/system routerboard settings" = { + "silent-boot" = "no"; + }; + "/tool mac-server" = { + "allowed-interface-list" = "LAN"; + }; + "/tool mac-server mac-winbox" = { + "allowed-interface-list" = "LAN"; + }; } diff --git a/systems/club-mate/default.nix b/systems/club-mate/default.nix index 38b08b1..b40ebcb 100644 --- a/systems/club-mate/default.nix +++ b/systems/club-mate/default.nix @@ -65,8 +65,14 @@ source-han-serif-japanese ]; fontconfig.defaultFonts = { - serif = [ "Noto Serif" "Source Han Serif" ]; - sansSerif = [ "Noto Sans" "Source Han Sans" ]; + serif = [ + "Noto Serif" + "Source Han Serif" + ]; + sansSerif = [ + "Noto Sans" + "Source Han Sans" + ]; }; }; @@ -115,7 +121,9 @@ }; }; - environment.variables = { LOG_ICONS = "true"; }; + environment.variables = { + LOG_ICONS = "true"; + }; services = { xserver = { xkb.layout = "de"; diff --git a/systems/fritz-mate/default.nix b/systems/fritz-mate/default.nix index 8805ac5..322a0fa 100644 --- a/systems/fritz-mate/default.nix +++ b/systems/fritz-mate/default.nix @@ -7,9 +7,7 @@ }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { loader = { @@ -19,12 +17,14 @@ kernelPackages = self.inputs.rpi_5.legacyPackages.aarch64-linux.linuxPackages_rpi5; kernelModules = [ ]; initrd = { - availableKernelModules = [ "usbhid" "usb_storage" ]; + availableKernelModules = [ + "usbhid" + "usb_storage" + ]; kernelModules = [ ]; }; }; - networking = { useDHCP = lib.mkDefault true; wireless.iwd = { diff --git a/systems/mio-mio-mate/default.nix b/systems/mio-mio-mate/default.nix index 7e8a19f..0c51bc5 100644 --- a/systems/mio-mio-mate/default.nix +++ b/systems/mio-mio-mate/default.nix @@ -35,8 +35,16 @@ networking.firewall = { enable = true; - allowedTCPPorts = [ 80 443 53 ]; - allowedUDPPorts = [ 80 443 53 ]; + allowedTCPPorts = [ + 80 + 443 + 53 + ]; + allowedUDPPorts = [ + 80 + 443 + 53 + ]; }; services.nginx = { diff --git a/users/default.nix b/users/default.nix index 3cc8526..bfe68b4 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,8 +1,4 @@ -{ - pkgs, - config, - ... -}: +{ pkgs, config, ... }: { home = { From 827e859277bb73bf44329550a7c37fc525b48f2a Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 1 May 2024 10:54:20 +0200 Subject: [PATCH 3/3] update router confi --- router.nix | 99 +++++++++++++++++++++--------------------------------- 1 file changed, 38 insertions(+), 61 deletions(-) diff --git a/router.nix b/router.nix index 63ed4cc..c676be2 100644 --- a/router.nix +++ b/router.nix @@ -5,127 +5,104 @@ comment = "defconf"; name = "bridge"; } + { name = "wifi"; } ]; "/interface list" = [ - { - comment = "defconf"; - name = "WAN"; - } - { - comment = "defconf"; - name = "LAN"; - } - ]; - "/interface wireless security-profiles" = [ - { - find.default = "yes"; - supplicant-identity = "MikroTik"; - } + { name = "WAN"; } + { name = "LAN"; } ]; "/ip pool" = [ { - name = "default-dhcp"; - ranges = "192.168.88.10-192.168.88.254"; + name = "wired-pool"; + ranges = "10.10.10.10-10.10.10.254"; + } + { + name = "wifi-pool"; + ranges = "10.10.11.10-10.10.11.254"; } ]; "/ip dhcp-server" = [ { - address-pool = "default-dhcp"; + address-pool = "wired-pool"; disabled = "no"; interface = "bridge"; - name = "defconf"; + name = "wired-dhcp"; + } + { + address-pool = "wifi-pool"; + disabled = "no"; + interface = "wifi"; + name = "wifi-dhcp"; } ]; "/interface bridge port" = [ { bridge = "bridge"; - comment = "defconf"; interface = "ether2"; } { bridge = "bridge"; - comment = "defconf"; interface = "ether3"; } { bridge = "bridge"; - comment = "defconf"; interface = "ether4"; } { - bridge = "bridge"; - comment = "defconf"; + bridge = "wifi"; interface = "ether5"; } + { + bridge = "bridge"; + interface = "sfp1"; + } ]; "/ip neighbor discovery-settings" = { discover-interface-list = "LAN"; }; - "/interface ethernet switch vlan" = [ - { - "independent-learning" = "no"; - ports = "ether2,ether3"; - switch = "switch1"; - "vlan-id" = "20"; - } - { - "independent-learning" = "no"; - ports = "ether4"; - switch = "switch1"; - "vlan-id" = "30"; - } - { - "independent-learning" = "no"; - ports = "ether5"; - switch = "switch1"; - "vlan-id" = "40"; - } - ]; "/interface list member" = [ { - comment = "defconf"; interface = "bridge"; list = "LAN"; } { - comment = "defconf"; interface = "ether1"; list = "WAN"; } ]; "/ip address" = [ { - address = "192.168.88.1/24"; - comment = "defconf"; + address = "10.10.10.1/24"; interface = "bridge"; - network = "192.168.88.0"; + network = "10.10.10.0"; + } + { + address = "10.10.11.1/24"; + interface = "wifi"; + network = "10.10.11.0"; } ]; "/ip dhcp-client" = [ { - comment = "defconf"; - "dhcp-options" = "hostname,clientid"; disabled = "no"; interface = "ether1"; } ]; - "/ip dhcp-server lease" = [ - { - address = "192.168.88.253"; - "allow-dual-stack-queue" = "no"; - "mac-address" = "D8:3A:DD:28:1D:3B"; - } - ]; "/ip dhcp-server network" = [ { - address = "192.168.88.0/24"; - comment = "defconf"; - gateway = "192.168.88.1"; + address = "10.10.10.0/24"; + gateway = "10.10.10.1"; + netmask = "24"; + } + { + address = "10.10.11.0/24"; + gateway = "10.10.11.1"; + netmask = "24"; } ]; "/ip dns" = { "allow-remote-requests" = "yes"; - servers = "192.168.88.253"; + servers = "1.1.1.1,1.0.0.1"; }; "/ip dns static" = [ {