Untitled

{ config, pkgs, lib, ... }:
let
  inherit (lib) mkEnableOption mkOption types mkIf;
  cfg = config.networking.ip-gateway;
  isIPv6 = str: builtins.match ".*:.*" str == null;
  ip4nameservers = builtins.filter
    isIPv6
    config.networking.nameservers;
in
{

  options = {
    networking.ip-gateway = {
      enable = mkEnableOption "IP-Gateway";
      external = mkOption {
        type = types.str;
        description = "The external interface, e.g. a wireless interface";
      };
      internal = mkOption {
        type = types.str;
        description = "The internal interface to supply DHCP and RAs to, e.g. a bridge.";
      };
    };

  };

  config = lib.mkIf cfg.enable {

    boot.kernel.sysctl = {
      "net.ipv4.ip_forward" = "1";
      "net.ipv6.conf.all.forwarding" = "1";
    };

    services.dhcpd4 =
      assert ip4nameservers != [ ];
      {
        enable = true;
        interfaces = [ cfg.internal ];
        extraConfig = ''
          subnet 192.168.0.0 netmask 255.255.255.0 {
            range 192.168.0.100 192.168.0.200;
            option subnet-mask 255.255.255.0;
            # option broadcast-address 192.168.0.255;
            option routers 192.168.0.1;
            option domain-name-servers ${builtins.concatStringsSep ", " ip4nameservers};
          }
        '';
      };

    services.radvd = {
      enable = true;
      config = ''
        interface ${cfg.internal} {
          AdvSendAdvert on;
          # This special prefix means: Distribute the prefix of the
          # non-link-local address on that interface.
          prefix ::/64 { };
        };
      '';
    };

    networking = {
      interfaces.${cfg.internal} = {
        useDHCP = false;
        ipv4.addresses = [
          {
            address = "192.168.0.1";
            prefixLength = 24;
          }
        ];
      };
      nat = {
        enable = true;
        externalInterface = cfg.external;
        internalInterfaces = [ cfg.internal ];
      };
      firewall.interfaces.${cfg.internal}.allowedUDPPorts = [
        67 # DHCP
        68 # DHCP
      ];
      # request at max a /60 prefix and share cfg.internal a 64 from it
      dhcpcd.extraConfig = ''
        interface ${cfg.external}
          ia_pd 1/::/60 ${cfg.internal}/1/64
          # ia_na
      '';
    };

  };
}