infrastructure/meta/isp/default.nix

# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin.bailly@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{ config, lib, ... }:

let
  inherit (lib) genList listToAttrs nameValuePair;

  mkCIDR = address: prefix: "${address}/${builtins.toString prefix}";
in

{
  imports = [ ./module.nix ];

  isp = {
    vlans =
      {
        uplink-cri = {
          id = 223;
          settings = {
            address = [ (mkCIDR "10.120.33.250" 30) ];
            routes = [
              {
                PreferredSource = builtins.head config.network.vault01.addresses.ipv4;
                Gateway = "10.120.33.249";
              }
            ];
            linkConfig.MTUBytes = 1500;
          };
        };

        admin = {
          id = 3000;
          settings = {
            address = [ "fd26:baf9:d250:8000::1/64" ];
          };
        };

        admin-ap = {
          id = 3001;
          settings = {
            address = [
              "fd26:baf9:d250:8001::1/64"
              # FIXME: ipv4 is temporary for APs in production
              "10.0.253.1/24"
            ];
            networkConfig = {
              IPv6SendRA = true;
              DHCPServer = "yes";
            };
            ipv6Prefixes = [
              {
                AddressAutoconfiguration = false;
                OnLink = false;
                Prefix = "fd26:baf9:d250:8001::/64";
              }
            ];
          };
          internal = {
            network = "10.0.253.0";
            prefix = 24;
          };
        };

        apro = {
          id = 2000;
          settings = {
            address = [ "10.0.255.1/24" ];
            networkConfig.DHCPServer = "yes";
            linkConfig.MTUBytes = 1500;
          };
        };

        hypervisor = {
          id = 2001;
          settings = {
            address = [ "10.0.254.1/24" ];
            networkConfig.DHCPServer = "yes";
            linkConfig.MTUBytes = 1500;
          };
          internal = {
            network = "10.0.254.0";
            prefix = 24;
          };
        };
      }
      // listToAttrs (
        genList (
          base:
          let
            id = (4096 - 2) - base;
            range24 = (base + 1) / 8;
            range27 = (base + 1 - range24 * 8) * 32;
          in
          nameValuePair "user-${builtins.toString id}" rec {
            inherit id;
            internal = {
              network = "10.0.${builtins.toString range24}.${builtins.toString range27}";
              address = "10.0.${builtins.toString range24}.${builtins.toString (range27 + 1)}";
              prefix = 27;
            };
            settings = {
              networkConfig = {
                LinkLocalAddressing = "no";
                DHCPServer = "yes";
              };
              linkConfig = {
                Promiscuous = true;
                MTUBytes = 1500;
              };
              addresses = [
                {
                  Address = mkCIDR internal.address internal.prefix;
                  AddPrefixRoute = false;
                }
              ];
              routes = [
                {
                  Destination = mkCIDR internal.network internal.prefix;
                  Table = "user";
                }
              ];
            };
            userOnly = true;
          }
        ) 850
      );
  };
}
feat(meta/isp): Init vlans 2025-02-07 15:35:42 +01:00			`# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>`
			`# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin.bailly@dgnum.eu>`
			`#`
			`# SPDX-License-Identifier: EUPL-1.2`

			`{ config, lib, ... }:`

			`let`
			`inherit (lib) genList listToAttrs nameValuePair;`

			`mkCIDR = address: prefix: "${address}/${builtins.toString prefix}";`
			`in`

			`{`
			`imports = [ ./module.nix ];`

			`isp = {`
			`vlans =`
			`{`
			`uplink-cri = {`
			`id = 223;`
			`settings = {`
			`address = [ (mkCIDR "10.120.33.250" 30) ];`
			`routes = [`
			`{`
			`PreferredSource = builtins.head config.network.vault01.addresses.ipv4;`
			`Gateway = "10.120.33.249";`
			`}`
			`];`
			`linkConfig.MTUBytes = 1500;`
			`};`
			`};`

			`admin = {`
			`id = 3000;`
			`settings = {`
			`address = [ "fd26:baf9:d250:8000::1/64" ];`
			`};`
			`};`

			`admin-ap = {`
			`id = 3001;`
			`settings = {`
			`address = [`
			`"fd26:baf9:d250:8001::1/64"`
			`# FIXME: ipv4 is temporary for APs in production`
			`"10.0.253.1/24"`
			`];`
			`networkConfig = {`
			`IPv6SendRA = true;`
			`DHCPServer = "yes";`
			`};`
			`ipv6Prefixes = [`
			`{`
			`AddressAutoconfiguration = false;`
			`OnLink = false;`
			`Prefix = "fd26:baf9:d250:8001::/64";`
			`}`
			`];`
			`};`
			`internal = {`
			`network = "10.0.253.0";`
			`prefix = 24;`
			`};`
			`};`

			`apro = {`
			`id = 2000;`
			`settings = {`
			`address = [ "10.0.255.1/24" ];`
			`networkConfig.DHCPServer = "yes";`
			`linkConfig.MTUBytes = 1500;`
			`};`
			`};`

			`hypervisor = {`
			`id = 2001;`
			`settings = {`
			`address = [ "10.0.254.1/24" ];`
			`networkConfig.DHCPServer = "yes";`
			`linkConfig.MTUBytes = 1500;`
			`};`
			`internal = {`
			`network = "10.0.254.0";`
			`prefix = 24;`
			`};`
			`};`
			`}`
			`// listToAttrs (`
			`genList (`
			`base:`
			`let`
			`id = (4096 - 2) - base;`
			`range24 = (base + 1) / 8;`
			`range27 = (base + 1 - range24 * 8) * 32;`
			`in`
			`nameValuePair "user-${builtins.toString id}" rec {`
			`inherit id;`
			`internal = {`
			`network = "10.0.${builtins.toString range24}.${builtins.toString range27}";`
			`address = "10.0.${builtins.toString range24}.${builtins.toString (range27 + 1)}";`
			`prefix = 27;`
			`};`
			`settings = {`
			`networkConfig = {`
			`LinkLocalAddressing = "no";`
			`DHCPServer = "yes";`
			`};`
			`linkConfig = {`
			`Promiscuous = true;`
			`MTUBytes = 1500;`
			`};`
			`addresses = [`
			`{`
			`Address = mkCIDR internal.address internal.prefix;`
			`AddPrefixRoute = false;`
			`}`
			`];`
			`routes = [`
			`{`
			`Destination = mkCIDR internal.network internal.prefix;`
			`Table = "user";`
			`}`
			`];`
			`};`
			`userOnly = true;`
			`}`
			`) 850`
			`);`
			`};`
			`}`