feat(routing): Chaque vlan a une IP différente et policyrules
This commit is contained in:
parent
93bf6f8baa
commit
150e741263
1 changed files with 55 additions and 10 deletions
|
@ -47,15 +47,35 @@ let
|
||||||
name = "vlan-user-${builtins.toString vlan}";
|
name = "vlan-user-${builtins.toString vlan}";
|
||||||
value = {
|
value = {
|
||||||
Id = vlan;
|
Id = vlan;
|
||||||
extraNetwork.routes = [
|
address = [ ];
|
||||||
{
|
extraNetwork = {
|
||||||
routeConfig = {
|
addresses = [
|
||||||
Destination = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27";
|
{
|
||||||
Source = "10.0.0.1/17";
|
addressConfig = {
|
||||||
};
|
Address = "10.0.${builtins.toString prefix24nb}.${builtins.toString (prefix27nb + 1)}/27";
|
||||||
}
|
AddPrefixRoute = false;
|
||||||
];
|
};
|
||||||
address = [ "10.0.0.1/17" ];
|
}
|
||||||
|
];
|
||||||
|
routes = [
|
||||||
|
{
|
||||||
|
routeConfig = {
|
||||||
|
Destination = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27";
|
||||||
|
Table = "user";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
routingPolicyRules = [
|
||||||
|
{
|
||||||
|
routingPolicyRuleConfig = {
|
||||||
|
From = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27";
|
||||||
|
To = "10.0.0.0/27";
|
||||||
|
IncomingInterface = "vlan-user-${builtins.toString vlan}";
|
||||||
|
Table = "user";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -91,12 +111,37 @@ let
|
||||||
|
|
||||||
extraNetwork.networkConfig.DHCPServer = "yes";
|
extraNetwork.networkConfig.DHCPServer = "yes";
|
||||||
};
|
};
|
||||||
} // builtins.listToAttrs (builtins.genList mkUserVlan 300); # 850 when we can
|
} // builtins.listToAttrs (builtins.genList mkUserVlan 10); # 850 when we can
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
|
config.routeTables."user" = 1000;
|
||||||
networks = {
|
networks = {
|
||||||
|
"10-lo" = {
|
||||||
|
name = "lo";
|
||||||
|
address = [
|
||||||
|
"::1/128"
|
||||||
|
"127.0.0.1/8"
|
||||||
|
"10.0.0.1/16"
|
||||||
|
];
|
||||||
|
routes = [
|
||||||
|
{
|
||||||
|
routeConfig = {
|
||||||
|
Destination = "10.0.0.0/27";
|
||||||
|
Table = "user";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
routingPolicyRules = [
|
||||||
|
{
|
||||||
|
routingPolicyRuleConfig = {
|
||||||
|
IncomingInterface = "lo";
|
||||||
|
Table = "user";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
"10-enp67s0f0np0" = {
|
"10-enp67s0f0np0" = {
|
||||||
name = "enp67s0f0np0";
|
name = "enp67s0f0np0";
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
|
|
Loading…
Reference in a new issue