swann: switch to SFP
This commit is contained in:
parent
addba44d44
commit
b40f3435f4
1 changed files with 68 additions and 15 deletions
|
@ -80,7 +80,7 @@ in {
|
|||
];
|
||||
# Additional options configured in networkd.
|
||||
};
|
||||
en-general = {
|
||||
br-internal = {
|
||||
ipv4.addresses = [
|
||||
{ address = "192.168.1.1"; prefixLength = 23; }
|
||||
{ address = "92.118.30.17"; prefixLength = 28; }
|
||||
|
@ -100,12 +100,6 @@ in {
|
|||
];
|
||||
};
|
||||
};
|
||||
vlans = {
|
||||
vl-eduroam = {
|
||||
id = 100;
|
||||
interface = "en-general";
|
||||
};
|
||||
};
|
||||
};
|
||||
systemd.network = let
|
||||
hexToInt = h: (builtins.fromTOML "h = ${h}").h;
|
||||
|
@ -308,6 +302,17 @@ in {
|
|||
linkConfig.RequiredForOnline = "no";
|
||||
};
|
||||
networks."40-en-gnet" = (physicalNetwork routeTables.gnet "0xcafe" []);
|
||||
networks."40-br-internal" = {
|
||||
networkConfig.VLAN = [ "vl-eduroam" ];
|
||||
};
|
||||
networks."40-en-int-eth" = {
|
||||
matchConfig.Name = "en-int-eth";
|
||||
networkConfig.Bridge = "br-internal";
|
||||
};
|
||||
networks."40-en-int-sfp" = {
|
||||
matchConfig.Name = "en-int-sfp";
|
||||
networkConfig.Bridge = "br-internal";
|
||||
};
|
||||
|
||||
netdevs = let
|
||||
wireguard = { name, listenPort, privateKey, endpoint, publicKey, fwmark }: {
|
||||
|
@ -357,14 +362,42 @@ in {
|
|||
endpoint = "92.118.28.252:51822";
|
||||
fwmark = "0xcafe";
|
||||
};
|
||||
"20-br-internal" = {
|
||||
netdevConfig = {
|
||||
Name = "br-internal";
|
||||
Kind = "bridge";
|
||||
Description = "Bridge br-internal";
|
||||
};
|
||||
extraConfig = ''
|
||||
[Bridge]
|
||||
VLANFiltering=true
|
||||
MulticastQuerier=true
|
||||
MulticastSnooping=true
|
||||
STP=true
|
||||
VLANProtocol=802.1q
|
||||
MulticastIGMPVersion=3
|
||||
'';
|
||||
};
|
||||
"25-vl-eduroam" = {
|
||||
netdevConfig = {
|
||||
Name = "vl-eduroam";
|
||||
Kind = "vlan";
|
||||
Description = "Eduroam VLAN on br-internal";
|
||||
};
|
||||
vlanConfig = {
|
||||
Id = 100;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
services.mstpd.enable = true;
|
||||
my.ip.tailscale = "100.102.224.95";
|
||||
services.udev.extraRules = ''
|
||||
ATTR{address}=="e4:3a:6e:16:07:62", DRIVERS=="?*", NAME="en-virginmedia"
|
||||
ATTR{address}=="e4:3a:6e:16:07:63", DRIVERS=="?*", NAME="en-ee"
|
||||
ATTR{address}=="e4:3a:6e:16:07:64", DRIVERS=="?*", NAME="en-gnet"
|
||||
ATTR{address}=="e4:3a:6e:16:07:67", DRIVERS=="?*", NAME="en-general"
|
||||
ATTR{address}=="e4:3a:6e:16:07:67", DRIVERS=="?*", NAME="en-int-eth"
|
||||
ATTR{address}=="e4:3a:6e:16:08:bc", DRIVERS=="?*", NAME="en-int-sfp"
|
||||
'';
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv4.ip_forward" = "1";
|
||||
|
@ -376,7 +409,7 @@ in {
|
|||
};
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = ["en-general"];
|
||||
internalInterfaces = ["br-internal"];
|
||||
externalInterface = "en-virginmedia";
|
||||
extraCommands = ''
|
||||
# Send PS5 RTMP to totoro instead.
|
||||
|
@ -409,7 +442,7 @@ in {
|
|||
};
|
||||
services.dhcpd4 = {
|
||||
enable = true;
|
||||
interfaces = ["en-general" "vl-eduroam"];
|
||||
interfaces = ["br-internal" "vl-eduroam"];
|
||||
authoritative = true;
|
||||
extraConfig = ''
|
||||
shared-network int {
|
||||
|
@ -496,7 +529,7 @@ in {
|
|||
};
|
||||
|
||||
networking.firewall = {
|
||||
interfaces.en-general = {
|
||||
interfaces.br-internal = {
|
||||
allowedTCPPorts = [
|
||||
8080 6789 # Unifi
|
||||
53 # DNS
|
||||
|
@ -562,6 +595,26 @@ in {
|
|||
|
||||
environment.systemPackages = with pkgs; [
|
||||
ethtool
|
||||
(writeShellApplication {
|
||||
name = "bridge-stp";
|
||||
runtimeInputs = [ mstpd ];
|
||||
text = ''
|
||||
BRIDGES=("br-internal")
|
||||
for BRIDGE in "''${BRIDGES[@]}"; do
|
||||
if [[ "$BRIDGE" = "$1" ]]; then
|
||||
if [[ "$2" = "start" ]]; then
|
||||
mstpctl addbridge "$BRIDGE"
|
||||
exit 0
|
||||
elif [[ "$2" = "stop" ]]; then
|
||||
mstpctl delbridge "$BRIDGE"
|
||||
exit 0
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
exit 1
|
||||
'';
|
||||
})
|
||||
];
|
||||
|
||||
services.coredns = {
|
||||
|
@ -689,8 +742,8 @@ in {
|
|||
};
|
||||
|
||||
# Covering route...
|
||||
route 2a09:a443::/64 via "en-general";
|
||||
route 2a09:a443:1::/48 via "en-general";
|
||||
route 2a09:a443::/64 via "br-internal";
|
||||
route 2a09:a443:1::/48 via "br-internal";
|
||||
route 2a09:a443:2::/64 via "vl-eduroam";
|
||||
route 2a09:a443:3::/48 via "vl-eduroam";
|
||||
route 2a09:a443::/32 unreachable;
|
||||
|
@ -716,7 +769,7 @@ in {
|
|||
services.radvd = {
|
||||
enable = true;
|
||||
config = ''
|
||||
interface en-general {
|
||||
interface br-internal {
|
||||
AdvSendAdvert on;
|
||||
AdvLinkMTU 1420; # Wireguard
|
||||
AdvManagedFlag on;
|
||||
|
@ -754,7 +807,7 @@ in {
|
|||
};
|
||||
services.dhcpd6 = {
|
||||
enable = true;
|
||||
interfaces = ["en-general" "vl-eduroam"];
|
||||
interfaces = ["br-internal" "vl-eduroam"];
|
||||
authoritative = true;
|
||||
extraConfig = ''
|
||||
subnet6 2a09:a443:1::/48 {
|
||||
|
|
Loading…
Reference in a new issue