Gateway (create a zone)

A zone is a subnet, which has a gateway, behind which you can connect as many machines as you want.

Hardware

The gateway is ideally installed on a mini-computer that is always on, with at least two network interfaces: one to the ISP box (WAN), the others to the local network (LAN, ethernet or wifi).

Declare the zone

The zone and its gateway are described in etc/config.yaml:

zones:
  maison:
    description: "Home network"
    ipPrefix: "10.0"             # zone in 10.0.0.0/16
    gateway:
      wan:
        interface: "enp1s0"      # to the ISP box
      lan:
        interfaces: ["enp2s0"]   # to the local network

hosts:
  - hostname: "gw"
    name: "Gateway"
    zone: "maison:1.1"           # fixed IP 10.0.1.1
    profile: "gateway"
    services:
      adguardhome:               # DNS + ad blocking
      homepage:                  # service portal
    disko:
      profile: "server-1-disk"
      devices:
        main: "/dev/sda"

Install the gateway

Installation is often done remotely: someone on-site prepares the machine, the administrator installs over SSH.

Prepare the gateway (on-site)
1. Connect the gateway to the ISP box.
2. Boot from the USB drive (just build-iso image).
3. Note the gateway’s IP address.
4. Forward port 22 from the ISP box to the gateway.
It allows SSH access during installation. The USB drive only accepts authentication keys (no password). The forwarding can be removed afterwards.

Install (administrator)

just install gw nix <ip>     # nixos-anywhere + disko
just configure gw            # hardware + infrastructure key
just apply-verbose gw        # first deployment

Connecting other machines

Linux workstations : same procedure as the first workstation, see Initial installation.
Smartphones, tablets, third-party PCs : connect automatically to the gateway’s network.