|
|
|
|
|
|
by trepanne
1738 days ago
|
|
|
I followed the tenets laid out in this article to provision a home router on NixOS... only difference is I used BTRFS snapshots instead of ZFS (which would have been pretty heavyweight for a packet filtering appliance). It's a pretty great system for such an application. All the details of all the specialized, rarely-touched, hard-to-remember moving parts (nftables syntax, dual-stack DNS resolution, RS-232 serial connection parameters, etc. etc.) are all neatly collected under /etc/nixos for future me to puzzle out... and under version control, backed up offsite. It would be pretty easy for me to swap out failed hardware or upgrade it. I wouldn't mind getting more infrastructure set up on these lines, and then maybe figure out a good setup for NixOps. It wasn't too bad learning a little Nix to keep the configs DRY, modularized and parametrized. I find the results clean & readable, even though I'm hardly a grade-A FP propellerhead. My main complaint was that nftables rules need to be expressed as dead strings instead of proper objects in the Nix language, which limits their composability. This would be a nice thing for the wish list. |
|
|