DGNum/lab-infra
8
1
Fork 1
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions
lab-infra/machines/roam01/networking.nix
catvayor b3e97e0be5
All checks were successful
build configuration / build_krz01 (push) Successful in 6m51s
Details
lint / check (push) Successful in 29s
Details
feat(roam01): gretap with vault01
2025-01-22 13:52:06 +01:00

139 lines
3.2 KiB
Nix
Raw Blame History

{ config, ... }:
{
networking.firewall.trustedInterfaces = [ "wg0" ];
systemd.network = {
networks = {
"10-enp2s0" = {
name = "enp2s0";
networkConfig = {
Bridge = "br0";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"10-enp3s0" = {
name = "enp3s0";
networkConfig = {
Bridge = "br1";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"20-vlan-apro" = {
name = "vlan-apro";
networkConfig = {
Bridge = "br1";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-gretap1" = {
name = "gretap1";
networkConfig = {
Bridge = "br0";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-br0" = {
name = "br0";
networkConfig = {
VLAN = [ "vlan-apro" ];
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-br1" = {
name = "br1";
networkConfig = {
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-wg0" = {
name = "wg0";
address = [ "10.10.17.2/30" ];
networkConfig.Tunnel = "gretap1";
};
};
netdevs = {
"20-vlan-apro" = {
netdevConfig = {
Name = "vlan-apro";
Kind = "vlan";
};
vlanConfig.Id = 2000;
};
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig.PrivateKeyFile = config.age.secrets."systemd-network-wg_vault01_key".path;
wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [ "10.10.17.0/30" ];
PublicKey = "ijgcPnWWZ0njUJjsDNSGhlhVO40aUDD+zFLtw/1nfBY=";
Endpoint = "vault01.hyp01.infra.dgnum.eu:1194";
PersistentKeepalive = 25;
};
}
];
};
"50-br0" = {
netdevConfig = {
Name = "br0";
Kind = "bridge";
};
bridgeConfig = {
VLANFiltering = false;
STP = false;
};
};
"50-br1" = {
netdevConfig = {
Name = "br1";
Kind = "bridge";
};
bridgeConfig = {
VLANFiltering = false;
STP = false;
};
};
"50-gretap1" = {
netdevConfig = {
Name = "gretap1";
Kind = "gretap";
};
tunnelConfig = {
Local = "10.10.17.2";
Remote = "10.10.17.1";
};
};
};
};
}
Reference in a new issue View git blame Copy permalink