swann: switch to SFP

This commit is contained in:
Luke Granger-Brown 2022-03-30 16:42:37 +00:00
parent addba44d44
commit b40f3435f4

View file

@ -80,7 +80,7 @@ in {
];
# Additional options configured in networkd.
};
en-general = {
br-internal = {
ipv4.addresses = [
{ address = "192.168.1.1"; prefixLength = 23; }
{ address = "92.118.30.17"; prefixLength = 28; }
@ -100,12 +100,6 @@ in {
];
};
};
vlans = {
vl-eduroam = {
id = 100;
interface = "en-general";
};
};
};
systemd.network = let
hexToInt = h: (builtins.fromTOML "h = ${h}").h;
@ -308,6 +302,17 @@ in {
linkConfig.RequiredForOnline = "no";
};
networks."40-en-gnet" = (physicalNetwork routeTables.gnet "0xcafe" []);
networks."40-br-internal" = {
networkConfig.VLAN = [ "vl-eduroam" ];
};
networks."40-en-int-eth" = {
matchConfig.Name = "en-int-eth";
networkConfig.Bridge = "br-internal";
};
networks."40-en-int-sfp" = {
matchConfig.Name = "en-int-sfp";
networkConfig.Bridge = "br-internal";
};
netdevs = let
wireguard = { name, listenPort, privateKey, endpoint, publicKey, fwmark }: {
@ -357,14 +362,42 @@ in {
endpoint = "92.118.28.252:51822";
fwmark = "0xcafe";
};
"20-br-internal" = {
netdevConfig = {
Name = "br-internal";
Kind = "bridge";
Description = "Bridge br-internal";
};
extraConfig = ''
[Bridge]
VLANFiltering=true
MulticastQuerier=true
MulticastSnooping=true
STP=true
VLANProtocol=802.1q
MulticastIGMPVersion=3
'';
};
"25-vl-eduroam" = {
netdevConfig = {
Name = "vl-eduroam";
Kind = "vlan";
Description = "Eduroam VLAN on br-internal";
};
vlanConfig = {
Id = 100;
};
};
};
};
services.mstpd.enable = true;
my.ip.tailscale = "100.102.224.95";
services.udev.extraRules = ''
ATTR{address}=="e4:3a:6e:16:07:62", DRIVERS=="?*", NAME="en-virginmedia"
ATTR{address}=="e4:3a:6e:16:07:63", DRIVERS=="?*", NAME="en-ee"
ATTR{address}=="e4:3a:6e:16:07:64", DRIVERS=="?*", NAME="en-gnet"
ATTR{address}=="e4:3a:6e:16:07:67", DRIVERS=="?*", NAME="en-general"
ATTR{address}=="e4:3a:6e:16:07:67", DRIVERS=="?*", NAME="en-int-eth"
ATTR{address}=="e4:3a:6e:16:08:bc", DRIVERS=="?*", NAME="en-int-sfp"
'';
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = "1";
@ -376,7 +409,7 @@ in {
};
networking.nat = {
enable = true;
internalInterfaces = ["en-general"];
internalInterfaces = ["br-internal"];
externalInterface = "en-virginmedia";
extraCommands = ''
# Send PS5 RTMP to totoro instead.
@ -409,7 +442,7 @@ in {
};
services.dhcpd4 = {
enable = true;
interfaces = ["en-general" "vl-eduroam"];
interfaces = ["br-internal" "vl-eduroam"];
authoritative = true;
extraConfig = ''
shared-network int {
@ -496,7 +529,7 @@ in {
};
networking.firewall = {
interfaces.en-general = {
interfaces.br-internal = {
allowedTCPPorts = [
8080 6789 # Unifi
53 # DNS
@ -562,6 +595,26 @@ in {
environment.systemPackages = with pkgs; [
ethtool
(writeShellApplication {
name = "bridge-stp";
runtimeInputs = [ mstpd ];
text = ''
BRIDGES=("br-internal")
for BRIDGE in "''${BRIDGES[@]}"; do
if [[ "$BRIDGE" = "$1" ]]; then
if [[ "$2" = "start" ]]; then
mstpctl addbridge "$BRIDGE"
exit 0
elif [[ "$2" = "stop" ]]; then
mstpctl delbridge "$BRIDGE"
exit 0
fi
exit 1
fi
done
exit 1
'';
})
];
services.coredns = {
@ -689,8 +742,8 @@ in {
};
# Covering route...
route 2a09:a443::/64 via "en-general";
route 2a09:a443:1::/48 via "en-general";
route 2a09:a443::/64 via "br-internal";
route 2a09:a443:1::/48 via "br-internal";
route 2a09:a443:2::/64 via "vl-eduroam";
route 2a09:a443:3::/48 via "vl-eduroam";
route 2a09:a443::/32 unreachable;
@ -716,7 +769,7 @@ in {
services.radvd = {
enable = true;
config = ''
interface en-general {
interface br-internal {
AdvSendAdvert on;
AdvLinkMTU 1420; # Wireguard
AdvManagedFlag on;
@ -754,7 +807,7 @@ in {
};
services.dhcpd6 = {
enable = true;
interfaces = ["en-general" "vl-eduroam"];
interfaces = ["br-internal" "vl-eduroam"];
authoritative = true;
extraConfig = ''
subnet6 2a09:a443:1::/48 {