swann: switch to SFP

This commit is contained in:
Luke Granger-Brown 2022-03-30 16:42:37 +00:00
parent addba44d44
commit b40f3435f4

View file

@ -80,7 +80,7 @@ in {
]; ];
# Additional options configured in networkd. # Additional options configured in networkd.
}; };
en-general = { br-internal = {
ipv4.addresses = [ ipv4.addresses = [
{ address = "192.168.1.1"; prefixLength = 23; } { address = "192.168.1.1"; prefixLength = 23; }
{ address = "92.118.30.17"; prefixLength = 28; } { address = "92.118.30.17"; prefixLength = 28; }
@ -100,12 +100,6 @@ in {
]; ];
}; };
}; };
vlans = {
vl-eduroam = {
id = 100;
interface = "en-general";
};
};
}; };
systemd.network = let systemd.network = let
hexToInt = h: (builtins.fromTOML "h = ${h}").h; hexToInt = h: (builtins.fromTOML "h = ${h}").h;
@ -308,6 +302,17 @@ in {
linkConfig.RequiredForOnline = "no"; linkConfig.RequiredForOnline = "no";
}; };
networks."40-en-gnet" = (physicalNetwork routeTables.gnet "0xcafe" []); networks."40-en-gnet" = (physicalNetwork routeTables.gnet "0xcafe" []);
networks."40-br-internal" = {
networkConfig.VLAN = [ "vl-eduroam" ];
};
networks."40-en-int-eth" = {
matchConfig.Name = "en-int-eth";
networkConfig.Bridge = "br-internal";
};
networks."40-en-int-sfp" = {
matchConfig.Name = "en-int-sfp";
networkConfig.Bridge = "br-internal";
};
netdevs = let netdevs = let
wireguard = { name, listenPort, privateKey, endpoint, publicKey, fwmark }: { wireguard = { name, listenPort, privateKey, endpoint, publicKey, fwmark }: {
@ -357,14 +362,42 @@ in {
endpoint = "92.118.28.252:51822"; endpoint = "92.118.28.252:51822";
fwmark = "0xcafe"; fwmark = "0xcafe";
}; };
"20-br-internal" = {
netdevConfig = {
Name = "br-internal";
Kind = "bridge";
Description = "Bridge br-internal";
};
extraConfig = ''
[Bridge]
VLANFiltering=true
MulticastQuerier=true
MulticastSnooping=true
STP=true
VLANProtocol=802.1q
MulticastIGMPVersion=3
'';
};
"25-vl-eduroam" = {
netdevConfig = {
Name = "vl-eduroam";
Kind = "vlan";
Description = "Eduroam VLAN on br-internal";
};
vlanConfig = {
Id = 100;
};
};
}; };
}; };
services.mstpd.enable = true;
my.ip.tailscale = "100.102.224.95"; my.ip.tailscale = "100.102.224.95";
services.udev.extraRules = '' services.udev.extraRules = ''
ATTR{address}=="e4:3a:6e:16:07:62", DRIVERS=="?*", NAME="en-virginmedia" ATTR{address}=="e4:3a:6e:16:07:62", DRIVERS=="?*", NAME="en-virginmedia"
ATTR{address}=="e4:3a:6e:16:07:63", DRIVERS=="?*", NAME="en-ee" ATTR{address}=="e4:3a:6e:16:07:63", DRIVERS=="?*", NAME="en-ee"
ATTR{address}=="e4:3a:6e:16:07:64", DRIVERS=="?*", NAME="en-gnet" ATTR{address}=="e4:3a:6e:16:07:64", DRIVERS=="?*", NAME="en-gnet"
ATTR{address}=="e4:3a:6e:16:07:67", DRIVERS=="?*", NAME="en-general" ATTR{address}=="e4:3a:6e:16:07:67", DRIVERS=="?*", NAME="en-int-eth"
ATTR{address}=="e4:3a:6e:16:08:bc", DRIVERS=="?*", NAME="en-int-sfp"
''; '';
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.ip_forward" = "1"; "net.ipv4.ip_forward" = "1";
@ -376,7 +409,7 @@ in {
}; };
networking.nat = { networking.nat = {
enable = true; enable = true;
internalInterfaces = ["en-general"]; internalInterfaces = ["br-internal"];
externalInterface = "en-virginmedia"; externalInterface = "en-virginmedia";
extraCommands = '' extraCommands = ''
# Send PS5 RTMP to totoro instead. # Send PS5 RTMP to totoro instead.
@ -409,7 +442,7 @@ in {
}; };
services.dhcpd4 = { services.dhcpd4 = {
enable = true; enable = true;
interfaces = ["en-general" "vl-eduroam"]; interfaces = ["br-internal" "vl-eduroam"];
authoritative = true; authoritative = true;
extraConfig = '' extraConfig = ''
shared-network int { shared-network int {
@ -496,7 +529,7 @@ in {
}; };
networking.firewall = { networking.firewall = {
interfaces.en-general = { interfaces.br-internal = {
allowedTCPPorts = [ allowedTCPPorts = [
8080 6789 # Unifi 8080 6789 # Unifi
53 # DNS 53 # DNS
@ -562,6 +595,26 @@ in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ethtool ethtool
(writeShellApplication {
name = "bridge-stp";
runtimeInputs = [ mstpd ];
text = ''
BRIDGES=("br-internal")
for BRIDGE in "''${BRIDGES[@]}"; do
if [[ "$BRIDGE" = "$1" ]]; then
if [[ "$2" = "start" ]]; then
mstpctl addbridge "$BRIDGE"
exit 0
elif [[ "$2" = "stop" ]]; then
mstpctl delbridge "$BRIDGE"
exit 0
fi
exit 1
fi
done
exit 1
'';
})
]; ];
services.coredns = { services.coredns = {
@ -689,8 +742,8 @@ in {
}; };
# Covering route... # Covering route...
route 2a09:a443::/64 via "en-general"; route 2a09:a443::/64 via "br-internal";
route 2a09:a443:1::/48 via "en-general"; route 2a09:a443:1::/48 via "br-internal";
route 2a09:a443:2::/64 via "vl-eduroam"; route 2a09:a443:2::/64 via "vl-eduroam";
route 2a09:a443:3::/48 via "vl-eduroam"; route 2a09:a443:3::/48 via "vl-eduroam";
route 2a09:a443::/32 unreachable; route 2a09:a443::/32 unreachable;
@ -716,7 +769,7 @@ in {
services.radvd = { services.radvd = {
enable = true; enable = true;
config = '' config = ''
interface en-general { interface br-internal {
AdvSendAdvert on; AdvSendAdvert on;
AdvLinkMTU 1420; # Wireguard AdvLinkMTU 1420; # Wireguard
AdvManagedFlag on; AdvManagedFlag on;
@ -754,7 +807,7 @@ in {
}; };
services.dhcpd6 = { services.dhcpd6 = {
enable = true; enable = true;
interfaces = ["en-general" "vl-eduroam"]; interfaces = ["br-internal" "vl-eduroam"];
authoritative = true; authoritative = true;
extraConfig = '' extraConfig = ''
subnet6 2a09:a443:1::/48 { subnet6 2a09:a443:1::/48 {