diff --git a/machines/vault01/networking.nix b/machines/vault01/networking.nix index f506dfe..596063d 100644 --- a/machines/vault01/networking.nix +++ b/machines/vault01/networking.nix @@ -47,15 +47,35 @@ let name = "vlan-user-${builtins.toString vlan}"; value = { Id = vlan; - extraNetwork.routes = [ - { - routeConfig = { - Destination = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27"; - Source = "10.0.0.1/17"; - }; - } - ]; - address = [ "10.0.0.1/17" ]; + address = [ ]; + extraNetwork = { + addresses = [ + { + addressConfig = { + Address = "10.0.${builtins.toString prefix24nb}.${builtins.toString (prefix27nb + 1)}/27"; + AddPrefixRoute = false; + }; + } + ]; + routes = [ + { + routeConfig = { + Destination = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27"; + Table = "user"; + }; + } + ]; + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + From = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27"; + To = "10.0.0.0/27"; + IncomingInterface = "vlan-user-${builtins.toString vlan}"; + Table = "user"; + }; + } + ]; + }; }; }; @@ -91,12 +111,37 @@ let extraNetwork.networkConfig.DHCPServer = "yes"; }; - } // builtins.listToAttrs (builtins.genList mkUserVlan 300); # 850 when we can + } // builtins.listToAttrs (builtins.genList mkUserVlan 10); # 850 when we can in { systemd.network = { + config.routeTables."user" = 1000; networks = { + "10-lo" = { + name = "lo"; + address = [ + "::1/128" + "127.0.0.1/8" + "10.0.0.1/16" + ]; + routes = [ + { + routeConfig = { + Destination = "10.0.0.0/27"; + Table = "user"; + }; + } + ]; + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + IncomingInterface = "lo"; + Table = "user"; + }; + } + ]; + }; "10-enp67s0f0np0" = { name = "enp67s0f0np0"; networkConfig = {