style: requested changes
Some checks failed
Check meta / check_meta (pull_request) Successful in 26s
Check meta / check_dns (pull_request) Successful in 47s
build configuration / build_vault01 (pull_request) Successful in 1m14s
build configuration / build_compute01 (pull_request) Successful in 1m16s
build configuration / build_web02 (pull_request) Successful in 54s
build configuration / build_storage01 (pull_request) Successful in 1m27s
build configuration / build_web01 (pull_request) Successful in 1m33s
build configuration / build_rescue01 (pull_request) Successful in 55s
build configuration / build_web02 (push) Successful in 1m7s
build configuration / build_storage01 (push) Successful in 1m13s
build configuration / build_rescue01 (push) Successful in 1m12s
build configuration / build_compute01 (push) Successful in 1m16s
build configuration / build_vault01 (push) Successful in 1m15s
build configuration / build_web01 (push) Successful in 1m36s
lint / check (push) Successful in 24s
build configuration / push_to_cache (pull_request) Failing after 2m17s
build configuration / push_to_cache (push) Successful in 2m42s
Some checks failed
Check meta / check_meta (pull_request) Successful in 26s
Check meta / check_dns (pull_request) Successful in 47s
build configuration / build_vault01 (pull_request) Successful in 1m14s
build configuration / build_compute01 (pull_request) Successful in 1m16s
build configuration / build_web02 (pull_request) Successful in 54s
build configuration / build_storage01 (pull_request) Successful in 1m27s
build configuration / build_web01 (pull_request) Successful in 1m33s
build configuration / build_rescue01 (pull_request) Successful in 55s
build configuration / build_web02 (push) Successful in 1m7s
build configuration / build_storage01 (push) Successful in 1m13s
build configuration / build_rescue01 (push) Successful in 1m12s
build configuration / build_compute01 (push) Successful in 1m16s
build configuration / build_vault01 (push) Successful in 1m15s
build configuration / build_web01 (push) Successful in 1m36s
lint / check (push) Successful in 24s
build configuration / push_to_cache (pull_request) Failing after 2m17s
build configuration / push_to_cache (push) Successful in 2m42s
This commit is contained in:
parent
9f256186e0
commit
bc5ee80d69
3 changed files with 46 additions and 64 deletions
|
@ -7,13 +7,15 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib)
|
inherit (lib)
|
||||||
|
attrsToList
|
||||||
|
getExe'
|
||||||
|
imap0
|
||||||
|
mapAttrsToList
|
||||||
mkEnableOption
|
mkEnableOption
|
||||||
mkIf
|
mkIf
|
||||||
mkOption
|
mkOption
|
||||||
types
|
|
||||||
mapAttrsToList
|
|
||||||
optionalString
|
optionalString
|
||||||
zipListsWith
|
types
|
||||||
;
|
;
|
||||||
|
|
||||||
settingsFormat = pkgs.formats.toml { };
|
settingsFormat = pkgs.formats.toml { };
|
||||||
|
@ -49,14 +51,14 @@ in
|
||||||
|
|
||||||
extra-mods = mkOption {
|
extra-mods = mkOption {
|
||||||
type = types.attrsOf types.path;
|
type = types.attrsOf types.path;
|
||||||
description = "Additional files to be linked in mods-enabled.";
|
|
||||||
default = { };
|
default = { };
|
||||||
|
description = "Additional files to be linked in mods-enabled.";
|
||||||
};
|
};
|
||||||
|
|
||||||
extra-sites = mkOption {
|
extra-sites = mkOption {
|
||||||
type = types.attrsOf types.path;
|
type = types.attrsOf types.path;
|
||||||
description = "Additional files to be linked in sites-enabled.";
|
|
||||||
default = { };
|
default = { };
|
||||||
|
description = "Additional files to be linked in sites-enabled.";
|
||||||
};
|
};
|
||||||
|
|
||||||
dictionary = mkOption {
|
dictionary = mkOption {
|
||||||
|
@ -69,8 +71,8 @@ in
|
||||||
"string"
|
"string"
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
description = "Declare additionnal attributes to be listed in the dictionary.";
|
|
||||||
default = { };
|
default = { };
|
||||||
|
description = "Declare additionnal attributes to be listed in the dictionary.";
|
||||||
};
|
};
|
||||||
|
|
||||||
radiusClients = mkOption {
|
radiusClients = mkOption {
|
||||||
|
@ -109,7 +111,7 @@ in
|
||||||
|
|
||||||
checkConfiguration = mkOption {
|
checkConfiguration = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
description = "Check the configuration before starting the deamon. Usefull for debugging.";
|
description = "Check the configuration before starting the deamon. Useful for debugging.";
|
||||||
default = false;
|
default = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -202,18 +204,16 @@ in
|
||||||
sed -i ${cfg.configDir}/mods-available/eap \
|
sed -i ${cfg.configDir}/mods-available/eap \
|
||||||
-e "s/whatever/$(cat "${cfg.privateKeyPasswordFile}")/"
|
-e "s/whatever/$(cat "${cfg.privateKeyPasswordFile}")/"
|
||||||
|
|
||||||
# Build the dictionary
|
# Link the dictionary
|
||||||
cat <<EOF > ${cfg.configDir}/dictionary
|
ln -nsf ${
|
||||||
${
|
pkgs.writeText "radius-dictionary" (
|
||||||
let
|
builtins.concatStringsSep "\n" (
|
||||||
attrs = mapAttrsToList (name: type: { inherit name type; }) cfg.dictionary;
|
imap0 (i: { name, value }: "ATTRIBUTE ${name} ${builtins.toString (3000 + i)} ${value}") (
|
||||||
idList = builtins.genList (id: 3000 + id) (builtins.length attrs);
|
attrsToList cfg.dictionary
|
||||||
in
|
)
|
||||||
builtins.concatStringsSep "\n" (
|
)
|
||||||
zipListsWith ({ name, type }: id: "ATTRIBUTE ${name} ${toString id} ${type}") attrs idList
|
|
||||||
)
|
)
|
||||||
}
|
} ${cfg.configDir}/dictionary
|
||||||
EOF
|
|
||||||
|
|
||||||
# Link extra-mods
|
# Link extra-mods
|
||||||
${builtins.concatStringsSep "\n" (
|
${builtins.concatStringsSep "\n" (
|
||||||
|
@ -228,9 +228,7 @@ in
|
||||||
)}
|
)}
|
||||||
|
|
||||||
# Check the configuration
|
# Check the configuration
|
||||||
${
|
${optionalString cfg.checkConfiguration "${getExe' pkgs.freeradius "radiusd"} -C -d ${cfg.configDir} -l stdout"}
|
||||||
optionalString (!cfg.checkConfiguration) "# "
|
|
||||||
}${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
path = [
|
path = [
|
||||||
|
|
|
@ -19,7 +19,7 @@ let
|
||||||
mkNetwork =
|
mkNetwork =
|
||||||
name:
|
name:
|
||||||
{
|
{
|
||||||
address,
|
address ? [ ],
|
||||||
extraNetwork ? { },
|
extraNetwork ? { },
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
|
@ -37,31 +37,30 @@ let
|
||||||
};
|
};
|
||||||
|
|
||||||
mkUserVlan =
|
mkUserVlan =
|
||||||
{
|
id:
|
||||||
vlan,
|
let
|
||||||
netIP,
|
# on alloue 10.0.0.0/17 aux thurnés, avec un /27 chacun, on garde 10.0.0.0/27 pour nous (routeur et autres)
|
||||||
servIP,
|
vlan = 4094 - id;
|
||||||
prefixLength,
|
prefix24nb = (id + 1) / 8;
|
||||||
interfaceName,
|
prefix27nb = (id + 1 - prefix24nb * 8) * 32;
|
||||||
...
|
netIP = "10.0.${toString prefix24nb}.${toString prefix27nb}";
|
||||||
}:
|
servIP = "10.0.${toString prefix24nb}.${toString (prefix27nb + 1)}";
|
||||||
|
interfaceName = "vlan-user-${toString vlan}";
|
||||||
|
in
|
||||||
{
|
{
|
||||||
name = interfaceName;
|
name = interfaceName;
|
||||||
value = {
|
value = {
|
||||||
Id = vlan;
|
Id = vlan;
|
||||||
address = [ ];
|
|
||||||
extraNetwork = {
|
extraNetwork = {
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
LinkLocalAddressing = "no";
|
LinkLocalAddressing = "no";
|
||||||
DHCPServer = "yes";
|
DHCPServer = "yes";
|
||||||
};
|
};
|
||||||
linkConfig = {
|
linkConfig.Promiscuous = true;
|
||||||
Promiscuous = true;
|
|
||||||
};
|
|
||||||
addresses = [
|
addresses = [
|
||||||
{
|
{
|
||||||
addressConfig = {
|
addressConfig = {
|
||||||
Address = "${servIP}/${toString prefixLength}";
|
Address = "${servIP}/27";
|
||||||
AddPrefixRoute = false;
|
AddPrefixRoute = false;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -69,7 +68,7 @@ let
|
||||||
routes = [
|
routes = [
|
||||||
{
|
{
|
||||||
routeConfig = {
|
routeConfig = {
|
||||||
Destination = "${netIP}/${toString prefixLength}";
|
Destination = "${netIP}/27";
|
||||||
Table = "user";
|
Table = "user";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -77,7 +76,7 @@ let
|
||||||
routingPolicyRules = [
|
routingPolicyRules = [
|
||||||
{
|
{
|
||||||
routingPolicyRuleConfig = {
|
routingPolicyRuleConfig = {
|
||||||
From = "${netIP}/${toString prefixLength}";
|
From = "${netIP}/27";
|
||||||
To = "10.0.0.0/27";
|
To = "10.0.0.0/27";
|
||||||
IncomingInterface = interfaceName;
|
IncomingInterface = interfaceName;
|
||||||
Table = "user";
|
Table = "user";
|
||||||
|
@ -120,7 +119,7 @@ let
|
||||||
|
|
||||||
extraNetwork.networkConfig.DHCPServer = "yes";
|
extraNetwork.networkConfig.DHCPServer = "yes";
|
||||||
};
|
};
|
||||||
} // builtins.listToAttrs (map mkUserVlan (import ./user_vlans.nix));
|
} // builtins.listToAttrs (builtins.genList mkUserVlan 850);
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -175,20 +174,19 @@ in
|
||||||
wantedBy = [ "systemd-networkd.service" ];
|
wantedBy = [ "systemd-networkd.service" ];
|
||||||
after = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
|
after = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
|
||||||
bindsTo = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
|
bindsTo = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
|
||||||
script = ''
|
script = builtins.concatStringsSep "\n" (
|
||||||
${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rxvlan off
|
builtins.map (name: "${lib.getExe pkgs.ethtool} -K enp67s0f0np0 ${name} off") [
|
||||||
${lib.getExe pkgs.ethtool} -K enp67s0f0np0 txvlan off
|
"rxvlan"
|
||||||
${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rx-vlan-filter off
|
"txvlan"
|
||||||
${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rx-vlan-offload off
|
"rx-vlan-filter"
|
||||||
${lib.getExe pkgs.ethtool} -K enp67s0f0np0 tx-vlan-offload off
|
"rx-vlan-offload"
|
||||||
${lib.getExe pkgs.ethtool} -K enp67s0f0np0 tx-vlan-stag-hw-insert off
|
"tx-vlan-offload"
|
||||||
echo "Hardware for enp67s0f0np0 configured"
|
"tx-vlan-stag-hw-insert"
|
||||||
'';
|
]
|
||||||
|
);
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd-networkd.serviceConfig = {
|
systemd-networkd.serviceConfig.LimitNOFILE = 4096;
|
||||||
LimitNOFILE = 4096;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
let
|
|
||||||
mkUserVlan = id: rec {
|
|
||||||
# on alloue 10.0.0.0/17 aux thurnés, avec un /27 chacun, on garde 10.0.0.0/27 pour nous (routeur et autres)
|
|
||||||
vlan = 4094 - id;
|
|
||||||
prefix24nb = (id + 1) / 8;
|
|
||||||
prefix27nb = (id + 1 - prefix24nb * 8) * 32;
|
|
||||||
prefixLength = 27;
|
|
||||||
netIP = "10.0.${toString prefix24nb}.${toString prefix27nb}";
|
|
||||||
servIP = "10.0.${toString prefix24nb}.${toString (prefix27nb + 1)}";
|
|
||||||
broadIP = "10.0.${toString prefix24nb}.${toString (prefix27nb + 31)}";
|
|
||||||
interfaceName = "vlan-user-${toString vlan}";
|
|
||||||
};
|
|
||||||
in
|
|
||||||
builtins.genList mkUserVlan 850
|
|
Loading…
Reference in a new issue