simon
/
nixos-config
1
1
Fork 0
Code Issues 8 Pull Requests Projects Releases Activity

fuuko: Use additional NIC instead of VLANs

nazuna
Simon Bruder 2023-04-15 18:08:46 +02:00
parent 62b1b6a37e
commit 52dab514ca
Signed by: simon
GPG Key ID: 8D3C82F9F309F8EC
4 changed files with 15 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
machines/default.nix
View File

@ -32,7 +32,8 @@ in
hardware.common-pc-ssd hardware.common-pc-ssd
]; ];
targetHost = "fuuko.home.sbruder.de"; #targetHost = "fuuko.home.sbruder.de";
targetHost = "10.80.1.1";
}; };
mayushii = { mayushii = {
system = "x86_64-linux"; system = "x86_64-linux";

1
machines/fuuko/README.md
View File

@ -13,6 +13,7 @@ Custom build in a be quiet! Pure Base 600.
* GPU (required for text console/firmware due to lack of integrated graphics in R5 1400): NVIDIA Quadro NVS 290 (the PCIe x1 variant) * GPU (required for text console/firmware due to lack of integrated graphics in R5 1400): NVIDIA Quadro NVS 290 (the PCIe x1 variant)
* Case fan: Noctua NF-A9 PWM * Case fan: Noctua NF-A9 PWM
* Blu-ray burner LG WH16NS60 * Blu-ray burner LG WH16NS60
* Additional NIC: Intel I225-V
* Wireless card Gigabyte GC-WB1733D-I * Wireless card Gigabyte GC-WB1733D-I
(includes user-serviceable Intel Wireless-AC 9260 card) (includes user-serviceable Intel Wireless-AC 9260 card)

4
machines/fuuko/hardware-configuration.nix
View File

@ -15,14 +15,14 @@
supportedFilesystems = [ "btrfs" ]; supportedFilesystems = [ "btrfs" ];
# FIXME this doesnt work because (AFAIK) there is no VLAN support in the ip= parameter # FIXME this doesnt work because (AFAIK) there is no VLAN support in the ip= parameter
kernelParams = [ kernelParams = [
(with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${physical.name}") (with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${lan.name}")
]; ];
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
"aesni_intel" # hardware crypto for luks "aesni_intel" # hardware crypto for luks
"ahci" "ahci"
"cryptd" "cryptd"
"r8169" # network interface for remote unlocking "igc" # network interface for remote unlocking
"sd_mod" "sd_mod"
"usb_storage" "usb_storage"
"usbhid" "usbhid"

61
machines/fuuko/services/router.nix
View File

@ -1,23 +1,18 @@
# Home network configuration # Home network configuration
# #
# +----------+ +---------------+ # +----------+ +------+
# | | | +-+-+---+ | # | | | | ( clients )
# | +|-|-|-|-|+ | | # | | | +|-|-|-|-|+
# +---+----+ |5 4 3 2 1| | +--+--+ # +---+----+ +-+-+-+ |5 4 3 2 1|
# |upstream| |TL-SG105 | | |fuuko| # |upstream| |fuuko| |TL-SG105 |
# +--------+ +---------+ | +-----+ # +--------+ +-----+ +---------+
# |
# ( clients )
# #
# It consists of fuuko as a router (this configuration), # It consists of fuuko as a router (this configuration),
# connected to a TP-LINK TL-SG105E “smart managed” (i.e., it can do VLANs) 5-port switch. # connected to a TP-LINK TL-SG105E “smart managed” (i.e., it can do VLANs) 5-port switch.
# The upstream comes from some plasic Huawei router/AP I dont control. # The upstream comes from some plasic Huawei router/AP I dont control.
# #
# The VLANs are configured as follows: # fuuko has two physical network interfaces,
# Port | VLAN | ID(s) # because remote unlocking (which requires network in initrd) is hard with VLANs.
# 5 | untagged | 2
# 4 | tagged | 2,3
# 1-3 | untagged | 3
# #
# Wireless is configured by providing the whole hostapd configuration file as a secret. # Wireless is configured by providing the whole hostapd configuration file as a secret.
# Once nixpkgs PR 222536 is merged, I will migrate to using the NixOS module. # Once nixpkgs PR 222536 is merged, I will migrate to using the NixOS module.
@ -55,24 +50,6 @@ in
systemd.network = { systemd.network = {
enable = true; enable = true;
netdevs = { netdevs = {
wan = {
netdevConfig = {
Kind = "vlan";
Name = "wan";
};
vlanConfig = {
Id = 2;
};
};
lan = {
netdevConfig = {
Kind = "vlan";
Name = "lan";
};
vlanConfig = {
Id = 3;
};
};
br-lan = { br-lan = {
netdevConfig = { netdevConfig = {
Name = "br-lan"; Name = "br-lan";
@ -99,23 +76,8 @@ in
}; };
}; };
networks = { networks = {
physical = {
name = "enp8s0";
vlan = [ "wan" "lan" ];
# no autoconfiguration needed, only tagged VLAN
networkConfig = {
LinkLocalAddressing = "no";
LLDP = "no";
EmitLLDP = "no";
IPv6AcceptRA = "no";
IPv6SendRA = "no";
};
};
wan = { wan = {
name = "wan"; name = "enp8s0";
matchConfig = {
Type = "vlan";
};
networkConfig = { networkConfig = {
# Upstream provides no IPv6 :( # Upstream provides no IPv6 :(
# If this is not set, it waits and fails systemd-networkd-wait-online # If this is not set, it waits and fails systemd-networkd-wait-online
@ -128,10 +90,7 @@ in
}; };
}; };
lan = { lan = {
name = "lan"; name = "enp9s0";
matchConfig = {
Type = "vlan";
};
bridge = [ "br-lan" ]; bridge = [ "br-lan" ];
}; };
br-lan = { br-lan = {