I have an internet-facing NixOS router that I have to run 802.1p Class of Service on. For a couple years I did this on debian, but its even easier on NixOS. This isn’t the config for the whole box, but its a starting point for anyone else looking to do this:
networking.useDHCP = false;
networking.vlans.vlan2 = {
id=2;
interface="enp2s0f0";
};
networking.interfaces.vlan2.useDHCP = true;
networking.bridges = {
"br0" = {
interfaces = [ "enp2s0f1" "enp2s0f2" "enp2s0f3" "enp6s0f0" "enp6s0f1" "enp8s0f0" "enp8s0f1" ];
};
};
networking.interfaces."br0".ipv4.addresses = [{
address = "172.60.120.1";
prefixLength = 24;
}];
systemd.services = {
egress_qos_tag = {
after = [ "network.target" "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.vlan}/bin/vconfig set_egress_map vlan2 0 3";
};
};
};
networking.nat = {
enable = true;
internalInterfaces = ["br0"];
externalInterface = "vlan2";
};
services.dnsmasq = {
enable = true;
settings = {
interface = "br0";
bind-interfaces = true;
dhcp-authoritative = true;
server = config.networking.nameservers;
dhcp-option = [ "option:router,172.60.120.1" ];
dhcp-range = [ "172.60.120.100,172.60.120.254,24h" ];
};
};
NixOS by the way is bombproof as an x86 router. Mine is ~100 lines and running on ‘for parts not working’ denverton e-waste.