fuuko: Use additional NIC instead of VLANs
This commit is contained in:
parent
62b1b6a37e
commit
52dab514ca
GPG key ID:
8D3C82F9F309F8EC
|
|
@ -32,7 +32,8 @@ in
|
||||||
hardware.common-pc-ssd
|
hardware.common-pc-ssd
|
||||||
];
|
];
|
||||||
|
|
||||||
targetHost = "fuuko.home.sbruder.de";
|
#targetHost = "fuuko.home.sbruder.de";
|
||||||
|
targetHost = "10.80.1.1";
|
||||||
};
|
};
|
||||||
mayushii = {
|
mayushii = {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ Custom build in a be quiet! Pure Base 600.
|
||||||
* GPU (required for text console/firmware due to lack of integrated graphics in R5 1400): NVIDIA Quadro NVS 290 (the PCIe x1 variant)
|
* GPU (required for text console/firmware due to lack of integrated graphics in R5 1400): NVIDIA Quadro NVS 290 (the PCIe x1 variant)
|
||||||
* Case fan: Noctua NF-A9 PWM
|
* Case fan: Noctua NF-A9 PWM
|
||||||
* Blu-ray burner LG WH16NS60
|
* Blu-ray burner LG WH16NS60
|
||||||
|
* Additional NIC: Intel I225-V
|
||||||
* Wireless card Gigabyte GC-WB1733D-I
|
* Wireless card Gigabyte GC-WB1733D-I
|
||||||
(includes user-serviceable Intel Wireless-AC 9260 card)
|
(includes user-serviceable Intel Wireless-AC 9260 card)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,14 +15,14 @@
|
||||||
supportedFilesystems = [ "btrfs" ];
|
supportedFilesystems = [ "btrfs" ];
|
||||||
# FIXME this doesn’t work because (AFAIK) there is no VLAN support in the ip= parameter
|
# FIXME this doesn’t work because (AFAIK) there is no VLAN support in the ip= parameter
|
||||||
kernelParams = [
|
kernelParams = [
|
||||||
(with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${physical.name}")
|
(with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${lan.name}")
|
||||||
];
|
];
|
||||||
initrd = {
|
initrd = {
|
||||||
availableKernelModules = [
|
availableKernelModules = [
|
||||||
"aesni_intel" # hardware crypto for luks
|
"aesni_intel" # hardware crypto for luks
|
||||||
"ahci"
|
"ahci"
|
||||||
"cryptd"
|
"cryptd"
|
||||||
"r8169" # network interface for remote unlocking
|
"igc" # network interface for remote unlocking
|
||||||
"sd_mod"
|
"sd_mod"
|
||||||
"usb_storage"
|
"usb_storage"
|
||||||
"usbhid"
|
"usbhid"
|
||||||
|
|
|
||||||
|
|
@ -1,23 +1,18 @@
|
||||||
# Home network configuration
|
# Home network configuration
|
||||||
#
|
#
|
||||||
# +----------+ +---------------+
|
# +----------+ +------+
|
||||||
# | | | +-+-+---+ |
|
# | | | | ( clients )
|
||||||
# | +|-|-|-|-|+ | |
|
# | | | +|-|-|-|-|+
|
||||||
# +---+----+ |5 4 3 2 1| | +--+--+
|
# +---+----+ +-+-+-+ |5 4 3 2 1|
|
||||||
# |upstream| |TL-SG105 | | |fuuko|
|
# |upstream| |fuuko| |TL-SG105 |
|
||||||
# +--------+ +---------+ | +-----+
|
# +--------+ +-----+ +---------+
|
||||||
# |
|
|
||||||
# ( clients )
|
|
||||||
#
|
#
|
||||||
# It consists of fuuko as a router (this configuration),
|
# It consists of fuuko as a router (this configuration),
|
||||||
# connected to a TP-LINK TL-SG105E “smart managed” (i.e., it can do VLANs) 5-port switch.
|
# connected to a TP-LINK TL-SG105E “smart managed” (i.e., it can do VLANs) 5-port switch.
|
||||||
# The upstream comes from some plasic Huawei router/AP I don’t control.
|
# The upstream comes from some plasic Huawei router/AP I don’t control.
|
||||||
#
|
#
|
||||||
# The VLANs are configured as follows:
|
# fuuko has two physical network interfaces,
|
||||||
# Port | VLAN | ID(s)
|
# because remote unlocking (which requires network in initrd) is hard with VLANs.
|
||||||
# 5 | untagged | 2
|
|
||||||
# 4 | tagged | 2,3
|
|
||||||
# 1-3 | untagged | 3
|
|
||||||
#
|
#
|
||||||
# Wireless is configured by providing the whole hostapd configuration file as a secret.
|
# Wireless is configured by providing the whole hostapd configuration file as a secret.
|
||||||
# Once nixpkgs PR 222536 is merged, I will migrate to using the NixOS module.
|
# Once nixpkgs PR 222536 is merged, I will migrate to using the NixOS module.
|
||||||
|
|
@ -55,24 +50,6 @@ in
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
enable = true;
|
enable = true;
|
||||||
netdevs = {
|
netdevs = {
|
||||||
wan = {
|
|
||||||
netdevConfig = {
|
|
||||||
Kind = "vlan";
|
|
||||||
Name = "wan";
|
|
||||||
};
|
|
||||||
vlanConfig = {
|
|
||||||
Id = 2;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
lan = {
|
|
||||||
netdevConfig = {
|
|
||||||
Kind = "vlan";
|
|
||||||
Name = "lan";
|
|
||||||
};
|
|
||||||
vlanConfig = {
|
|
||||||
Id = 3;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
br-lan = {
|
br-lan = {
|
||||||
netdevConfig = {
|
netdevConfig = {
|
||||||
Name = "br-lan";
|
Name = "br-lan";
|
||||||
|
|
@ -99,23 +76,8 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
networks = {
|
networks = {
|
||||||
physical = {
|
|
||||||
name = "enp8s0";
|
|
||||||
vlan = [ "wan" "lan" ];
|
|
||||||
# no autoconfiguration needed, only tagged VLAN
|
|
||||||
networkConfig = {
|
|
||||||
LinkLocalAddressing = "no";
|
|
||||||
LLDP = "no";
|
|
||||||
EmitLLDP = "no";
|
|
||||||
IPv6AcceptRA = "no";
|
|
||||||
IPv6SendRA = "no";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wan = {
|
wan = {
|
||||||
name = "wan";
|
name = "enp8s0";
|
||||||
matchConfig = {
|
|
||||||
Type = "vlan";
|
|
||||||
};
|
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
# Upstream provides no IPv6 :(
|
# Upstream provides no IPv6 :(
|
||||||
# If this is not set, it waits and fails systemd-networkd-wait-online
|
# If this is not set, it waits and fails systemd-networkd-wait-online
|
||||||
|
|
@ -128,10 +90,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
lan = {
|
lan = {
|
||||||
name = "lan";
|
name = "enp9s0";
|
||||||
matchConfig = {
|
|
||||||
Type = "vlan";
|
|
||||||
};
|
|
||||||
bridge = [ "br-lan" ];
|
bridge = [ "br-lan" ];
|
||||||
};
|
};
|
||||||
br-lan = {
|
br-lan = {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue