swann: switch to SFP
This commit is contained in:
parent
addba44d44
commit
b40f3435f4
1 changed files with 68 additions and 15 deletions
|
@ -80,7 +80,7 @@ in {
|
||||||
];
|
];
|
||||||
# Additional options configured in networkd.
|
# Additional options configured in networkd.
|
||||||
};
|
};
|
||||||
en-general = {
|
br-internal = {
|
||||||
ipv4.addresses = [
|
ipv4.addresses = [
|
||||||
{ address = "192.168.1.1"; prefixLength = 23; }
|
{ address = "192.168.1.1"; prefixLength = 23; }
|
||||||
{ address = "92.118.30.17"; prefixLength = 28; }
|
{ address = "92.118.30.17"; prefixLength = 28; }
|
||||||
|
@ -100,12 +100,6 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
vlans = {
|
|
||||||
vl-eduroam = {
|
|
||||||
id = 100;
|
|
||||||
interface = "en-general";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
systemd.network = let
|
systemd.network = let
|
||||||
hexToInt = h: (builtins.fromTOML "h = ${h}").h;
|
hexToInt = h: (builtins.fromTOML "h = ${h}").h;
|
||||||
|
@ -308,6 +302,17 @@ in {
|
||||||
linkConfig.RequiredForOnline = "no";
|
linkConfig.RequiredForOnline = "no";
|
||||||
};
|
};
|
||||||
networks."40-en-gnet" = (physicalNetwork routeTables.gnet "0xcafe" []);
|
networks."40-en-gnet" = (physicalNetwork routeTables.gnet "0xcafe" []);
|
||||||
|
networks."40-br-internal" = {
|
||||||
|
networkConfig.VLAN = [ "vl-eduroam" ];
|
||||||
|
};
|
||||||
|
networks."40-en-int-eth" = {
|
||||||
|
matchConfig.Name = "en-int-eth";
|
||||||
|
networkConfig.Bridge = "br-internal";
|
||||||
|
};
|
||||||
|
networks."40-en-int-sfp" = {
|
||||||
|
matchConfig.Name = "en-int-sfp";
|
||||||
|
networkConfig.Bridge = "br-internal";
|
||||||
|
};
|
||||||
|
|
||||||
netdevs = let
|
netdevs = let
|
||||||
wireguard = { name, listenPort, privateKey, endpoint, publicKey, fwmark }: {
|
wireguard = { name, listenPort, privateKey, endpoint, publicKey, fwmark }: {
|
||||||
|
@ -357,14 +362,42 @@ in {
|
||||||
endpoint = "92.118.28.252:51822";
|
endpoint = "92.118.28.252:51822";
|
||||||
fwmark = "0xcafe";
|
fwmark = "0xcafe";
|
||||||
};
|
};
|
||||||
|
"20-br-internal" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "br-internal";
|
||||||
|
Kind = "bridge";
|
||||||
|
Description = "Bridge br-internal";
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
[Bridge]
|
||||||
|
VLANFiltering=true
|
||||||
|
MulticastQuerier=true
|
||||||
|
MulticastSnooping=true
|
||||||
|
STP=true
|
||||||
|
VLANProtocol=802.1q
|
||||||
|
MulticastIGMPVersion=3
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"25-vl-eduroam" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "vl-eduroam";
|
||||||
|
Kind = "vlan";
|
||||||
|
Description = "Eduroam VLAN on br-internal";
|
||||||
|
};
|
||||||
|
vlanConfig = {
|
||||||
|
Id = 100;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
services.mstpd.enable = true;
|
||||||
my.ip.tailscale = "100.102.224.95";
|
my.ip.tailscale = "100.102.224.95";
|
||||||
services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
ATTR{address}=="e4:3a:6e:16:07:62", DRIVERS=="?*", NAME="en-virginmedia"
|
ATTR{address}=="e4:3a:6e:16:07:62", DRIVERS=="?*", NAME="en-virginmedia"
|
||||||
ATTR{address}=="e4:3a:6e:16:07:63", DRIVERS=="?*", NAME="en-ee"
|
ATTR{address}=="e4:3a:6e:16:07:63", DRIVERS=="?*", NAME="en-ee"
|
||||||
ATTR{address}=="e4:3a:6e:16:07:64", DRIVERS=="?*", NAME="en-gnet"
|
ATTR{address}=="e4:3a:6e:16:07:64", DRIVERS=="?*", NAME="en-gnet"
|
||||||
ATTR{address}=="e4:3a:6e:16:07:67", DRIVERS=="?*", NAME="en-general"
|
ATTR{address}=="e4:3a:6e:16:07:67", DRIVERS=="?*", NAME="en-int-eth"
|
||||||
|
ATTR{address}=="e4:3a:6e:16:08:bc", DRIVERS=="?*", NAME="en-int-sfp"
|
||||||
'';
|
'';
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl = {
|
||||||
"net.ipv4.ip_forward" = "1";
|
"net.ipv4.ip_forward" = "1";
|
||||||
|
@ -376,7 +409,7 @@ in {
|
||||||
};
|
};
|
||||||
networking.nat = {
|
networking.nat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
internalInterfaces = ["en-general"];
|
internalInterfaces = ["br-internal"];
|
||||||
externalInterface = "en-virginmedia";
|
externalInterface = "en-virginmedia";
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
# Send PS5 RTMP to totoro instead.
|
# Send PS5 RTMP to totoro instead.
|
||||||
|
@ -409,7 +442,7 @@ in {
|
||||||
};
|
};
|
||||||
services.dhcpd4 = {
|
services.dhcpd4 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
interfaces = ["en-general" "vl-eduroam"];
|
interfaces = ["br-internal" "vl-eduroam"];
|
||||||
authoritative = true;
|
authoritative = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
shared-network int {
|
shared-network int {
|
||||||
|
@ -496,7 +529,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
interfaces.en-general = {
|
interfaces.br-internal = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
8080 6789 # Unifi
|
8080 6789 # Unifi
|
||||||
53 # DNS
|
53 # DNS
|
||||||
|
@ -562,6 +595,26 @@ in {
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
ethtool
|
ethtool
|
||||||
|
(writeShellApplication {
|
||||||
|
name = "bridge-stp";
|
||||||
|
runtimeInputs = [ mstpd ];
|
||||||
|
text = ''
|
||||||
|
BRIDGES=("br-internal")
|
||||||
|
for BRIDGE in "''${BRIDGES[@]}"; do
|
||||||
|
if [[ "$BRIDGE" = "$1" ]]; then
|
||||||
|
if [[ "$2" = "start" ]]; then
|
||||||
|
mstpctl addbridge "$BRIDGE"
|
||||||
|
exit 0
|
||||||
|
elif [[ "$2" = "stop" ]]; then
|
||||||
|
mstpctl delbridge "$BRIDGE"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
exit 1
|
||||||
|
'';
|
||||||
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
services.coredns = {
|
services.coredns = {
|
||||||
|
@ -689,8 +742,8 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
# Covering route...
|
# Covering route...
|
||||||
route 2a09:a443::/64 via "en-general";
|
route 2a09:a443::/64 via "br-internal";
|
||||||
route 2a09:a443:1::/48 via "en-general";
|
route 2a09:a443:1::/48 via "br-internal";
|
||||||
route 2a09:a443:2::/64 via "vl-eduroam";
|
route 2a09:a443:2::/64 via "vl-eduroam";
|
||||||
route 2a09:a443:3::/48 via "vl-eduroam";
|
route 2a09:a443:3::/48 via "vl-eduroam";
|
||||||
route 2a09:a443::/32 unreachable;
|
route 2a09:a443::/32 unreachable;
|
||||||
|
@ -716,7 +769,7 @@ in {
|
||||||
services.radvd = {
|
services.radvd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
config = ''
|
config = ''
|
||||||
interface en-general {
|
interface br-internal {
|
||||||
AdvSendAdvert on;
|
AdvSendAdvert on;
|
||||||
AdvLinkMTU 1420; # Wireguard
|
AdvLinkMTU 1420; # Wireguard
|
||||||
AdvManagedFlag on;
|
AdvManagedFlag on;
|
||||||
|
@ -754,7 +807,7 @@ in {
|
||||||
};
|
};
|
||||||
services.dhcpd6 = {
|
services.dhcpd6 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
interfaces = ["en-general" "vl-eduroam"];
|
interfaces = ["br-internal" "vl-eduroam"];
|
||||||
authoritative = true;
|
authoritative = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
subnet6 2a09:a443:1::/48 {
|
subnet6 2a09:a443:1::/48 {
|
||||||
|
|
Loading…
Reference in a new issue