fuuko: Use additional NIC instead of VLANs

This commit is contained in:
Simon Bruder 2023-04-15 18:08:46 +02:00
parent 62b1b6a37e
commit 52dab514ca
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
4 changed files with 15 additions and 54 deletions

View file

@ -32,7 +32,8 @@ in
hardware.common-pc-ssd
];
targetHost = "fuuko.home.sbruder.de";
#targetHost = "fuuko.home.sbruder.de";
targetHost = "10.80.1.1";
};
mayushii = {
system = "x86_64-linux";

View file

@ -13,6 +13,7 @@ Custom build in a be quiet! Pure Base 600.
* GPU (required for text console/firmware due to lack of integrated graphics in R5 1400): NVIDIA Quadro NVS 290 (the PCIe x1 variant)
* Case fan: Noctua NF-A9 PWM
* Blu-ray burner LG WH16NS60
* Additional NIC: Intel I225-V
* Wireless card Gigabyte GC-WB1733D-I
(includes user-serviceable Intel Wireless-AC 9260 card)

View file

@ -15,14 +15,14 @@
supportedFilesystems = [ "btrfs" ];
# FIXME this doesnt work because (AFAIK) there is no VLAN support in the ip= parameter
kernelParams = [
(with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${physical.name}")
(with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${lan.name}")
];
initrd = {
availableKernelModules = [
"aesni_intel" # hardware crypto for luks
"ahci"
"cryptd"
"r8169" # network interface for remote unlocking
"igc" # network interface for remote unlocking
"sd_mod"
"usb_storage"
"usbhid"

View file

@ -1,23 +1,18 @@
# Home network configuration
#
# +----------+ +---------------+
# | | | +-+-+---+ |
# | +|-|-|-|-|+ | |
# +---+----+ |5 4 3 2 1| | +--+--+
# |upstream| |TL-SG105 | | |fuuko|
# +--------+ +---------+ | +-----+
# |
# ( clients )
# +----------+ +------+
# | | | | ( clients )
# | | | +|-|-|-|-|+
# +---+----+ +-+-+-+ |5 4 3 2 1|
# |upstream| |fuuko| |TL-SG105 |
# +--------+ +-----+ +---------+
#
# It consists of fuuko as a router (this configuration),
# connected to a TP-LINK TL-SG105E “smart managed” (i.e., it can do VLANs) 5-port switch.
# The upstream comes from some plasic Huawei router/AP I dont control.
#
# The VLANs are configured as follows:
# Port | VLAN | ID(s)
# 5 | untagged | 2
# 4 | tagged | 2,3
# 1-3 | untagged | 3
# fuuko has two physical network interfaces,
# because remote unlocking (which requires network in initrd) is hard with VLANs.
#
# Wireless is configured by providing the whole hostapd configuration file as a secret.
# Once nixpkgs PR 222536 is merged, I will migrate to using the NixOS module.
@ -55,24 +50,6 @@ in
systemd.network = {
enable = true;
netdevs = {
wan = {
netdevConfig = {
Kind = "vlan";
Name = "wan";
};
vlanConfig = {
Id = 2;
};
};
lan = {
netdevConfig = {
Kind = "vlan";
Name = "lan";
};
vlanConfig = {
Id = 3;
};
};
br-lan = {
netdevConfig = {
Name = "br-lan";
@ -99,23 +76,8 @@ in
};
};
networks = {
physical = {
name = "enp8s0";
vlan = [ "wan" "lan" ];
# no autoconfiguration needed, only tagged VLAN
networkConfig = {
LinkLocalAddressing = "no";
LLDP = "no";
EmitLLDP = "no";
IPv6AcceptRA = "no";
IPv6SendRA = "no";
};
};
wan = {
name = "wan";
matchConfig = {
Type = "vlan";
};
name = "enp8s0";
networkConfig = {
# Upstream provides no IPv6 :(
# If this is not set, it waits and fails systemd-networkd-wait-online
@ -128,10 +90,7 @@ in
};
};
lan = {
name = "lan";
matchConfig = {
Type = "vlan";
};
name = "enp9s0";
bridge = [ "br-lan" ];
};
br-lan = {