feat(vault01/networking): Simplify the configuration
All checks were successful
build configuration / build_vault01 (pull_request) Successful in 1m5s
build configuration / build_storage01 (pull_request) Successful in 1m8s
build configuration / build_web02 (pull_request) Successful in 1m1s
build configuration / push_to_cache (pull_request) Successful in 2m8s
build configuration / build_compute01 (pull_request) Successful in 1m9s
build configuration / build_rescue01 (pull_request) Successful in 49s
build configuration / build_web01 (pull_request) Successful in 1m27s
build configuration / build_web02 (push) Successful in 1m0s
build configuration / build_storage01 (push) Successful in 1m6s
build configuration / build_compute01 (push) Successful in 1m12s
lint / check (push) Successful in 23s
build configuration / build_web01 (push) Successful in 1m29s
build configuration / push_to_cache (push) Successful in 2m9s
build configuration / build_vault01 (push) Successful in 1m3s
build configuration / build_rescue01 (push) Successful in 47s

This commit is contained in:
Tom Hubrecht 2024-04-14 14:12:14 +02:00 committed by thubrecht
parent 60ee43b577
commit 93b7a242ab

View file

@ -1,30 +1,82 @@
{
lib,
meta,
name,
...
}:
let
vlanName = "vlan-uplink-cri";
vlanAdmin = "vlan-admin";
vlanAP = "vlan-admin-ap";
vlanAP-apro = "vlan-apro";
inherit (lib) mapAttrs' nameValuePair;
linkIp = "10.120.33.250";
linkPrefix = "30";
uplink = {
ip = "10.120.33.250";
prefix = 30;
upstreamRouterIp = "10.120.33.249";
router = "10.120.33.249";
};
publicIp = "129.199.195.129"; # sync with meta
mkNetwork =
name:
{
address,
extraNetwork ? { },
...
}:
nameValuePair "10-${name}" ({ inherit name address; } // extraNetwork);
linkPrefixedIp = "${linkIp}/${linkPrefix}";
mkNetdev =
name:
{ Id, ... }:
nameValuePair "10-${name}" {
netdevConfig = {
Name = name;
Kind = "vlan";
};
vlanConfig.Id = Id;
};
vlans = {
vlan-uplink-cri = {
Id = 223;
address = with uplink; [ "${ip}/${builtins.toString prefix}" ];
extraNetwork.routes = [
{
routeConfig = {
# Get the public ip from the metadata
PreferredSource = builtins.head meta.network.${name}.addresses.ipv4;
Gateway = uplink.router;
};
}
];
};
vlan-admin = {
Id = 3000;
address = [ "fd26:baf9:d250:8000::1/64" ];
};
vlan-admin-ap = {
Id = 3001;
address = [ "fd26:baf9:d250:8010::1/60" ];
};
vlan-apro = {
Id = 2000;
address = [ "10.0.255.1/24" ];
extraNetwork.networkConfig.DHCPServer = "yes";
};
};
in
{
systemd.network = {
networks = {
"10-enp67s0f0np0" = {
name = "enp67s0f0np0";
networkConfig = {
VLAN = [
vlanName
vlanAdmin
vlanAP
vlanAP-apro
];
VLAN = builtins.attrNames vlans;
LinkLocalAddressing = false;
LLDP = false;
@ -33,70 +85,10 @@ in
IPv6SendRA = false;
};
};
"10-${vlanName}" = {
name = vlanName;
address = [ linkPrefixedIp ];
routes = [
{
routeConfig = {
PreferredSource = publicIp;
Gateway = upstreamRouterIp;
};
}
];
};
"10-${vlanAdmin}" = {
name = vlanAdmin;
address = [ "fd26:baf9:d250:8000::1/64" ];
};
"10-${vlanAP}" = {
name = vlanAP;
address = [ "fd26:baf9:d250:8010::1/60" ];
};
"10-${vlanAP-apro}" = {
name = vlanAP-apro;
address = [ "10.0.255.1/24" ];
networkConfig.DHCPServer = "yes";
};
};
netdevs = {
"10-${vlanName}" = {
netdevConfig = {
Name = vlanName;
Kind = "vlan";
};
vlanConfig = {
Id = 223;
};
};
"10-${vlanAdmin}" = {
netdevConfig = {
Name = vlanAdmin;
Kind = "vlan";
};
vlanConfig = {
Id = 3000;
};
};
"10-${vlanAP}" = {
netdevConfig = {
Name = vlanAP;
Kind = "vlan";
};
vlanConfig = {
Id = 3001;
};
};
"10-${vlanAP-apro}" = {
netdevConfig = {
Name = vlanAP-apro;
Kind = "vlan";
};
vlanConfig = {
Id = 2000;
};
};
};
} // (mapAttrs' mkNetwork vlans);
netdevs = mapAttrs' mkNetdev vlans;
};
networking.firewall.allowedUDPPorts = [ 67 ];
}