fix(vlans): activate things to bypass vlan limit

machines/vault01/networking.nix

@@ -1,4 +1,5 @@
 {
+  pkgs,
   lib,
   meta,
   name,
@@ -49,12 +50,11 @@ let
         Id = vlan;
         address = [ ];
         extraNetwork = {
-          networkConfig.DHCPServer = "yes";
+          networkConfig = {
-          dhcpServerConfig = {
+            LinkLocalAddressing = "no";
-            EmitRouter = true;
+          };
-            Router = "10.0.0.1";
+          linkConfig = {
-            EmitDNS = true;
+            Promiscuous = true;
-            DNS = "10.0.0.1";
           };
           addresses = [
             {
@@ -118,7 +118,7 @@ let
 
       extraNetwork.networkConfig.DHCPServer = "yes";
     };
-  } // builtins.listToAttrs (builtins.genList mkUserVlan 10); # 850 when we can
+  } // builtins.listToAttrs (builtins.genList mkUserVlan 850); # 850 when we can
 in
 
 {
@@ -151,6 +151,7 @@ in
       };
       "10-enp67s0f0np0" = {
         name = "enp67s0f0np0";
+        linkConfig.Promiscuous = true;
         networkConfig = {
           VLAN = builtins.attrNames vlans;
 
@@ -166,5 +167,20 @@ in
     netdevs = mapAttrs' mkNetdev vlans;
   };
 
+  systemd.services.ethtoolConfig = {
+    wantedBy = [ "systemd-networkd.service" ];
+    after = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
+    bindsTo = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
+    script = ''
+      ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rxvlan off
+      ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 txvlan off
+      ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rx-vlan-filter off
+      ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rx-vlan-offload off
+      ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 tx-vlan-offload off
+      ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 tx-vlan-stag-hw-insert off
+      echo "Hardware for enp67s0f0np0 configured"
+    '';
+  };
+
   networking.firewall.allowedUDPPorts = [ 67 ];
 }