style: requested changes
Some checks failed
Check meta / check_meta (pull_request) Successful in 26s
Check meta / check_dns (pull_request) Successful in 47s
build configuration / build_vault01 (pull_request) Successful in 1m14s
build configuration / build_compute01 (pull_request) Successful in 1m16s
build configuration / build_web02 (pull_request) Successful in 54s
build configuration / build_storage01 (pull_request) Successful in 1m27s
build configuration / build_web01 (pull_request) Successful in 1m33s
build configuration / build_rescue01 (pull_request) Successful in 55s
build configuration / build_web02 (push) Successful in 1m7s
build configuration / build_storage01 (push) Successful in 1m13s
build configuration / build_rescue01 (push) Successful in 1m12s
build configuration / build_compute01 (push) Successful in 1m16s
build configuration / build_vault01 (push) Successful in 1m15s
build configuration / build_web01 (push) Successful in 1m36s
lint / check (push) Successful in 24s
build configuration / push_to_cache (pull_request) Failing after 2m17s
build configuration / push_to_cache (push) Successful in 2m42s

This commit is contained in:
catvayor 2024-05-23 16:28:13 +02:00
parent 9f256186e0
commit bc5ee80d69
3 changed files with 46 additions and 64 deletions

View file

@ -7,13 +7,15 @@
let let
inherit (lib) inherit (lib)
attrsToList
getExe'
imap0
mapAttrsToList
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
types
mapAttrsToList
optionalString optionalString
zipListsWith types
; ;
settingsFormat = pkgs.formats.toml { }; settingsFormat = pkgs.formats.toml { };
@ -49,14 +51,14 @@ in
extra-mods = mkOption { extra-mods = mkOption {
type = types.attrsOf types.path; type = types.attrsOf types.path;
description = "Additional files to be linked in mods-enabled.";
default = { }; default = { };
description = "Additional files to be linked in mods-enabled.";
}; };
extra-sites = mkOption { extra-sites = mkOption {
type = types.attrsOf types.path; type = types.attrsOf types.path;
description = "Additional files to be linked in sites-enabled.";
default = { }; default = { };
description = "Additional files to be linked in sites-enabled.";
}; };
dictionary = mkOption { dictionary = mkOption {
@ -69,8 +71,8 @@ in
"string" "string"
] ]
); );
description = "Declare additionnal attributes to be listed in the dictionary.";
default = { }; default = { };
description = "Declare additionnal attributes to be listed in the dictionary.";
}; };
radiusClients = mkOption { radiusClients = mkOption {
@ -109,7 +111,7 @@ in
checkConfiguration = mkOption { checkConfiguration = mkOption {
type = types.bool; type = types.bool;
description = "Check the configuration before starting the deamon. Usefull for debugging."; description = "Check the configuration before starting the deamon. Useful for debugging.";
default = false; default = false;
}; };
}; };
@ -202,18 +204,16 @@ in
sed -i ${cfg.configDir}/mods-available/eap \ sed -i ${cfg.configDir}/mods-available/eap \
-e "s/whatever/$(cat "${cfg.privateKeyPasswordFile}")/" -e "s/whatever/$(cat "${cfg.privateKeyPasswordFile}")/"
# Build the dictionary # Link the dictionary
cat <<EOF > ${cfg.configDir}/dictionary ln -nsf ${
${ pkgs.writeText "radius-dictionary" (
let builtins.concatStringsSep "\n" (
attrs = mapAttrsToList (name: type: { inherit name type; }) cfg.dictionary; imap0 (i: { name, value }: "ATTRIBUTE ${name} ${builtins.toString (3000 + i)} ${value}") (
idList = builtins.genList (id: 3000 + id) (builtins.length attrs); attrsToList cfg.dictionary
in )
builtins.concatStringsSep "\n" ( )
zipListsWith ({ name, type }: id: "ATTRIBUTE ${name} ${toString id} ${type}") attrs idList
) )
} } ${cfg.configDir}/dictionary
EOF
# Link extra-mods # Link extra-mods
${builtins.concatStringsSep "\n" ( ${builtins.concatStringsSep "\n" (
@ -228,9 +228,7 @@ in
)} )}
# Check the configuration # Check the configuration
${ ${optionalString cfg.checkConfiguration "${getExe' pkgs.freeradius "radiusd"} -C -d ${cfg.configDir} -l stdout"}
optionalString (!cfg.checkConfiguration) "# "
}${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout
''; '';
path = [ path = [

View file

@ -19,7 +19,7 @@ let
mkNetwork = mkNetwork =
name: name:
{ {
address, address ? [ ],
extraNetwork ? { }, extraNetwork ? { },
... ...
}: }:
@ -37,31 +37,30 @@ let
}; };
mkUserVlan = mkUserVlan =
{ id:
vlan, let
netIP, # on alloue 10.0.0.0/17 aux thurnés, avec un /27 chacun, on garde 10.0.0.0/27 pour nous (routeur et autres)
servIP, vlan = 4094 - id;
prefixLength, prefix24nb = (id + 1) / 8;
interfaceName, prefix27nb = (id + 1 - prefix24nb * 8) * 32;
... netIP = "10.0.${toString prefix24nb}.${toString prefix27nb}";
}: servIP = "10.0.${toString prefix24nb}.${toString (prefix27nb + 1)}";
interfaceName = "vlan-user-${toString vlan}";
in
{ {
name = interfaceName; name = interfaceName;
value = { value = {
Id = vlan; Id = vlan;
address = [ ];
extraNetwork = { extraNetwork = {
networkConfig = { networkConfig = {
LinkLocalAddressing = "no"; LinkLocalAddressing = "no";
DHCPServer = "yes"; DHCPServer = "yes";
}; };
linkConfig = { linkConfig.Promiscuous = true;
Promiscuous = true;
};
addresses = [ addresses = [
{ {
addressConfig = { addressConfig = {
Address = "${servIP}/${toString prefixLength}"; Address = "${servIP}/27";
AddPrefixRoute = false; AddPrefixRoute = false;
}; };
} }
@ -69,7 +68,7 @@ let
routes = [ routes = [
{ {
routeConfig = { routeConfig = {
Destination = "${netIP}/${toString prefixLength}"; Destination = "${netIP}/27";
Table = "user"; Table = "user";
}; };
} }
@ -77,7 +76,7 @@ let
routingPolicyRules = [ routingPolicyRules = [
{ {
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
From = "${netIP}/${toString prefixLength}"; From = "${netIP}/27";
To = "10.0.0.0/27"; To = "10.0.0.0/27";
IncomingInterface = interfaceName; IncomingInterface = interfaceName;
Table = "user"; Table = "user";
@ -120,7 +119,7 @@ let
extraNetwork.networkConfig.DHCPServer = "yes"; extraNetwork.networkConfig.DHCPServer = "yes";
}; };
} // builtins.listToAttrs (map mkUserVlan (import ./user_vlans.nix)); } // builtins.listToAttrs (builtins.genList mkUserVlan 850);
in in
{ {
@ -175,20 +174,19 @@ in
wantedBy = [ "systemd-networkd.service" ]; wantedBy = [ "systemd-networkd.service" ];
after = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ]; after = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
bindsTo = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ]; bindsTo = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
script = '' script = builtins.concatStringsSep "\n" (
${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rxvlan off builtins.map (name: "${lib.getExe pkgs.ethtool} -K enp67s0f0np0 ${name} off") [
${lib.getExe pkgs.ethtool} -K enp67s0f0np0 txvlan off "rxvlan"
${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rx-vlan-filter off "txvlan"
${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rx-vlan-offload off "rx-vlan-filter"
${lib.getExe pkgs.ethtool} -K enp67s0f0np0 tx-vlan-offload off "rx-vlan-offload"
${lib.getExe pkgs.ethtool} -K enp67s0f0np0 tx-vlan-stag-hw-insert off "tx-vlan-offload"
echo "Hardware for enp67s0f0np0 configured" "tx-vlan-stag-hw-insert"
''; ]
);
}; };
systemd-networkd.serviceConfig = { systemd-networkd.serviceConfig.LimitNOFILE = 4096;
LimitNOFILE = 4096;
};
}; };
}; };

View file

@ -1,14 +0,0 @@
let
mkUserVlan = id: rec {
# on alloue 10.0.0.0/17 aux thurnés, avec un /27 chacun, on garde 10.0.0.0/27 pour nous (routeur et autres)
vlan = 4094 - id;
prefix24nb = (id + 1) / 8;
prefix27nb = (id + 1 - prefix24nb * 8) * 32;
prefixLength = 27;
netIP = "10.0.${toString prefix24nb}.${toString prefix27nb}";
servIP = "10.0.${toString prefix24nb}.${toString (prefix27nb + 1)}";
broadIP = "10.0.${toString prefix24nb}.${toString (prefix27nb + 31)}";
interfaceName = "vlan-user-${toString vlan}";
};
in
builtins.genList mkUserVlan 850