infrastructure/machines/vault01/networking.nix

let
  vlanName = "vlan-uplink-cri";
  vlanAdmin = "vlan-admin";
  vlanAP = "vlan-admin-ap";
  vlanAP-apro = "vlan-apro";

  linkIp = "10.120.33.250";
  linkPrefix = "30";

  upstreamRouterIp = "10.120.33.249";

  publicIp = "129.199.195.129"; # sync with meta

  linkPrefixedIp = "${linkIp}/${linkPrefix}";
in
{
  systemd.network = {
    networks = {
      "10-enp67s0f0np0" = {
        name = "enp67s0f0np0";
        networkConfig = {
          VLAN = [
            vlanName
            vlanAdmin
            vlanAP
            vlanAP-apro
          ];

          LinkLocalAddressing = false;
          LLDP = false;
          EmitLLDP = false;
          IPv6AcceptRA = false;
          IPv6SendRA = false;
        };
      };
      "10-${vlanName}" = {
        name = vlanName;
        address = [ linkPrefixedIp ];
        routes = [
          {
            routeConfig = {
              PreferredSource = publicIp;
              Gateway = upstreamRouterIp;
            };
          }
        ];
      };
      "10-${vlanAdmin}" = {
        name = vlanAdmin;
        address = [ "fd26:baf9:d250:8000::1/64" ];
      };
      "10-${vlanAP}" = {
        name = vlanAP;
        address = [ "fd26:baf9:d250:8010::1/60" ];
      };
      "10-${vlanAP-apro}" = {
        name = vlanAP-apro;
        address = [ "10.0.255.1/24" ];
        networkConfig.DHCPServer = "yes";
      };
    };
    netdevs = {
      "10-${vlanName}" = {
        netdevConfig = {
          Name = vlanName;
          Kind = "vlan";
        };
        vlanConfig = {
          Id = 223;
        };
      };
      "10-${vlanAdmin}" = {
        netdevConfig = {
          Name = vlanAdmin;
          Kind = "vlan";
        };
        vlanConfig = {
          Id = 3000;
        };
      };
      "10-${vlanAP}" = {
        netdevConfig = {
          Name = vlanAP;
          Kind = "vlan";
        };
        vlanConfig = {
          Id = 3001;
        };
      };
      "10-${vlanAP-apro}" = {
        netdevConfig = {
          Name = vlanAP-apro;
          Kind = "vlan";
        };
        vlanConfig = {
          Id = 2000;
        };
      };
    };
  };
  networking.firewall.allowedUDPPorts = [ 67 ];
}
feat(vault01): Add CRI link 2024-03-27 10:26:31 +01:00			`let`
			`vlanName = "vlan-uplink-cri";`
feat(vault01): Add admin vlan 2024-04-05 14:33:56 +02:00			`vlanAdmin = "vlan-admin";`
feat(mgmt): Add APs vlan access 2024-04-06 19:21:03 +02:00			`vlanAP = "vlan-admin-ap";`
feat(apro): Add vlan apro for AP flashing 2024-04-08 16:01:29 +02:00			`vlanAP-apro = "vlan-apro";`
feat(vault01): CRI uplink is now connected to internet 2024-03-27 15:38:46 +01:00
			`linkIp = "10.120.33.250";`
			`linkPrefix = "30";`

			`upstreamRouterIp = "10.120.33.249";`

			`publicIp = "129.199.195.129"; # sync with meta`

			`linkPrefixedIp = "${linkIp}/${linkPrefix}";`
feat(vault01): Add CRI link 2024-03-27 10:26:31 +01:00			`in`
			`{`
			`systemd.network = {`
			`networks = {`
feat(vault01): CRI uplink is now connected to internet 2024-03-27 15:38:46 +01:00			`"10-enp67s0f0np0" = {`
feat(vault01): Add CRI link 2024-03-27 10:26:31 +01:00			`name = "enp67s0f0np0";`
			`networkConfig = {`
feat(vault01): Add admin vlan 2024-04-05 14:33:56 +02:00			`VLAN = [`
			`vlanName`
			`vlanAdmin`
feat(mgmt): Add APs vlan access 2024-04-06 19:21:03 +02:00			`vlanAP`
feat(apro): Add vlan apro for AP flashing 2024-04-08 16:01:29 +02:00			`vlanAP-apro`
feat(vault01): Add admin vlan 2024-04-05 14:33:56 +02:00			`];`
feat(vault01): Add CRI link 2024-03-27 10:26:31 +01:00
			`LinkLocalAddressing = false;`
			`LLDP = false;`
			`EmitLLDP = false;`
			`IPv6AcceptRA = false;`
			`IPv6SendRA = false;`
			`};`
			`};`
feat(vault01): CRI uplink is now connected to internet 2024-03-27 15:38:46 +01:00			`"10-${vlanName}" = {`
feat(vault01): Add CRI link 2024-03-27 10:26:31 +01:00			`name = vlanName;`
feat(vault01): CRI uplink is now connected to internet 2024-03-27 15:38:46 +01:00			`address = [ linkPrefixedIp ];`
			`routes = [`
			`{`
			`routeConfig = {`
			`PreferredSource = publicIp;`
			`Gateway = upstreamRouterIp;`
			`};`
			`}`
			`];`
feat(vault01): Add CRI link 2024-03-27 10:26:31 +01:00			`};`
feat(vault01): Add admin vlan 2024-04-05 14:33:56 +02:00			`"10-${vlanAdmin}" = {`
			`name = vlanAdmin;`
feat(mgmt): Use IPv6 instead of IPv4 2024-04-06 19:18:56 +02:00			`address = [ "fd26:baf9:d250:8000::1/64" ];`
feat(vault01): Add admin vlan 2024-04-05 14:33:56 +02:00			`};`
feat(mgmt): Add APs vlan access 2024-04-06 19:21:03 +02:00			`"10-${vlanAP}" = {`
			`name = vlanAP;`
			`address = [ "fd26:baf9:d250:8010::1/60" ];`
			`};`
feat(apro): Add vlan apro for AP flashing 2024-04-08 16:01:29 +02:00			`"10-${vlanAP-apro}" = {`
			`name = vlanAP-apro;`
			`address = [ "10.0.255.1/24" ];`
			`networkConfig.DHCPServer = "yes";`
			`};`
feat(vault01): Add CRI link 2024-03-27 10:26:31 +01:00			`};`
			`netdevs = {`
feat(vault01): Add admin vlan 2024-04-05 14:33:56 +02:00			`"10-${vlanName}" = {`
feat(vault01): Add CRI link 2024-03-27 10:26:31 +01:00			`netdevConfig = {`
			`Name = vlanName;`
			`Kind = "vlan";`
			`};`
			`vlanConfig = {`
			`Id = 223;`
			`};`
			`};`
feat(vault01): Add admin vlan 2024-04-05 14:33:56 +02:00			`"10-${vlanAdmin}" = {`
			`netdevConfig = {`
			`Name = vlanAdmin;`
			`Kind = "vlan";`
			`};`
			`vlanConfig = {`
			`Id = 3000;`
			`};`
			`};`
feat(mgmt): Add APs vlan access 2024-04-06 19:21:03 +02:00			`"10-${vlanAP}" = {`
			`netdevConfig = {`
			`Name = vlanAP;`
			`Kind = "vlan";`
			`};`
			`vlanConfig = {`
			`Id = 3001;`
			`};`
			`};`
feat(apro): Add vlan apro for AP flashing 2024-04-08 16:01:29 +02:00			`"10-${vlanAP-apro}" = {`
			`netdevConfig = {`
			`Name = vlanAP-apro;`
			`Kind = "vlan";`
			`};`
			`vlanConfig = {`
			`Id = 2000;`
			`};`
			`};`
feat(vault01): Add CRI link 2024-03-27 10:26:31 +01:00			`};`
			`};`
feat(apro): Add vlan apro for AP flashing 2024-04-08 16:01:29 +02:00			`networking.firewall.allowedUDPPorts = [ 67 ];`
feat(vault01): Add CRI link 2024-03-27 10:26:31 +01:00			`}`