diff --git a/machines/default.nix b/machines/default.nix index 4553d17..7f2d660 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -32,7 +32,8 @@ in hardware.common-pc-ssd ]; - targetHost = "fuuko.home.sbruder.de"; + #targetHost = "fuuko.home.sbruder.de"; + targetHost = "10.80.1.1"; }; mayushii = { system = "x86_64-linux"; diff --git a/machines/fuuko/README.md b/machines/fuuko/README.md index a1a5a42..1bdcaab 100644 --- a/machines/fuuko/README.md +++ b/machines/fuuko/README.md @@ -13,6 +13,7 @@ Custom build in a be quiet! Pure Base 600. * GPU (required for text console/firmware due to lack of integrated graphics in R5 1400): NVIDIA Quadro NVS 290 (the PCIe x1 variant) * Case fan: Noctua NF-A9 PWM * Blu-ray burner LG WH16NS60 + * Additional NIC: Intel I225-V * Wireless card Gigabyte GC-WB1733D-I (includes user-serviceable Intel Wireless-AC 9260 card) diff --git a/machines/fuuko/hardware-configuration.nix b/machines/fuuko/hardware-configuration.nix index 9e7d150..0570292 100644 --- a/machines/fuuko/hardware-configuration.nix +++ b/machines/fuuko/hardware-configuration.nix @@ -15,14 +15,14 @@ supportedFilesystems = [ "btrfs" ]; # FIXME this doesn’t work because (AFAIK) there is no VLAN support in the ip= parameter kernelParams = [ - (with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${physical.name}") + (with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${lan.name}") ]; initrd = { availableKernelModules = [ "aesni_intel" # hardware crypto for luks "ahci" "cryptd" - "r8169" # network interface for remote unlocking + "igc" # network interface for remote unlocking "sd_mod" "usb_storage" "usbhid" diff --git a/machines/fuuko/services/router.nix b/machines/fuuko/services/router.nix index 10391dc..43064ed 100644 --- a/machines/fuuko/services/router.nix +++ b/machines/fuuko/services/router.nix @@ -1,23 +1,18 @@ # Home network configuration # -# +----------+ +---------------+ -# | | | +-+-+---+ | -# | +|-|-|-|-|+ | | -# +---+----+ |5 4 3 2 1| | +--+--+ -# |upstream| |TL-SG105 | | |fuuko| -# +--------+ +---------+ | +-----+ -# | -# ( clients ) +# +----------+ +------+ +# | | | | ( clients ) +# | | | +|-|-|-|-|+ +# +---+----+ +-+-+-+ |5 4 3 2 1| +# |upstream| |fuuko| |TL-SG105 | +# +--------+ +-----+ +---------+ # # It consists of fuuko as a router (this configuration), # connected to a TP-LINK TL-SG105E “smart managed” (i.e., it can do VLANs) 5-port switch. # The upstream comes from some plasic Huawei router/AP I don’t control. # -# The VLANs are configured as follows: -# Port | VLAN | ID(s) -# 5 | untagged | 2 -# 4 | tagged | 2,3 -# 1-3 | untagged | 3 +# fuuko has two physical network interfaces, +# because remote unlocking (which requires network in initrd) is hard with VLANs. # # Wireless is configured by providing the whole hostapd configuration file as a secret. # Once nixpkgs PR 222536 is merged, I will migrate to using the NixOS module. @@ -55,24 +50,6 @@ in systemd.network = { enable = true; netdevs = { - wan = { - netdevConfig = { - Kind = "vlan"; - Name = "wan"; - }; - vlanConfig = { - Id = 2; - }; - }; - lan = { - netdevConfig = { - Kind = "vlan"; - Name = "lan"; - }; - vlanConfig = { - Id = 3; - }; - }; br-lan = { netdevConfig = { Name = "br-lan"; @@ -99,23 +76,8 @@ in }; }; networks = { - physical = { - name = "enp8s0"; - vlan = [ "wan" "lan" ]; - # no autoconfiguration needed, only tagged VLAN - networkConfig = { - LinkLocalAddressing = "no"; - LLDP = "no"; - EmitLLDP = "no"; - IPv6AcceptRA = "no"; - IPv6SendRA = "no"; - }; - }; wan = { - name = "wan"; - matchConfig = { - Type = "vlan"; - }; + name = "enp8s0"; networkConfig = { # Upstream provides no IPv6 :( # If this is not set, it waits and fails systemd-networkd-wait-online @@ -128,10 +90,7 @@ in }; }; lan = { - name = "lan"; - matchConfig = { - Type = "vlan"; - }; + name = "enp9s0"; bridge = [ "br-lan" ]; }; br-lan = {