let vlanName = "vlan-uplink-cri"; vlanAdmin = "vlan-admin"; vlanAP = "vlan-admin-ap"; vlanAP-apro = "vlan-apro"; linkIp = "10.120.33.250"; linkPrefix = "30"; upstreamRouterIp = "10.120.33.249"; publicIp = "129.199.195.129"; # sync with meta linkPrefixedIp = "${linkIp}/${linkPrefix}"; in { systemd.network = { networks = { "10-enp67s0f0np0" = { name = "enp67s0f0np0"; networkConfig = { VLAN = [ vlanName vlanAdmin vlanAP vlanAP-apro ]; LinkLocalAddressing = false; LLDP = false; EmitLLDP = false; IPv6AcceptRA = false; IPv6SendRA = false; }; }; "10-${vlanName}" = { name = vlanName; address = [ linkPrefixedIp ]; routes = [ { routeConfig = { PreferredSource = publicIp; Gateway = upstreamRouterIp; }; } ]; }; "10-${vlanAdmin}" = { name = vlanAdmin; address = [ "fd26:baf9:d250:8000::1/64" ]; }; "10-${vlanAP}" = { name = vlanAP; address = [ "fd26:baf9:d250:8010::1/60" ]; }; "10-${vlanAP-apro}" = { name = vlanAP-apro; address = [ "10.0.255.1/24" ]; networkConfig.DHCPServer = "yes"; }; }; netdevs = { "10-${vlanName}" = { netdevConfig = { Name = vlanName; Kind = "vlan"; }; vlanConfig = { Id = 223; }; }; "10-${vlanAdmin}" = { netdevConfig = { Name = vlanAdmin; Kind = "vlan"; }; vlanConfig = { Id = 3000; }; }; "10-${vlanAP}" = { netdevConfig = { Name = vlanAP; Kind = "vlan"; }; vlanConfig = { Id = 3001; }; }; "10-${vlanAP-apro}" = { netdevConfig = { Name = vlanAP-apro; Kind = "vlan"; }; vlanConfig = { Id = 2000; }; }; }; }; networking.firewall.allowedUDPPorts = [ 67 ]; }