From d2603b38d80f4f4ea93772ed030d552e3f79a9b9 Mon Sep 17 00:00:00 2001
From: catvayor <catvayor@katvayor.net>
Date: Fri, 31 Jan 2025 15:28:59 +0100
Subject: [PATCH] feat(netconf/netaccess01): init

---
 .forgejo/workflows/eval-nodes.yaml | 11 +++++++
 machines/netconf/netaccess01.nix   | 47 ++++++++++++++++++++++++++++++
 meta/nodes/netconf.nix             | 46 +++++++++++++++--------------
 3 files changed, 82 insertions(+), 22 deletions(-)
 create mode 100644 machines/netconf/netaccess01.nix

diff --git a/.forgejo/workflows/eval-nodes.yaml b/.forgejo/workflows/eval-nodes.yaml
index 53d7bbe..28328dc 100644
--- a/.forgejo/workflows/eval-nodes.yaml
+++ b/.forgejo/workflows/eval-nodes.yaml
@@ -100,6 +100,17 @@ jobs:
         STORE_USER: admin
       name: Build and cache hypervisor03
       run: nix-shell -A eval-nodes --run cache-node
+  netaccess01:
+    runs-on: nix
+    steps:
+    - uses: actions/checkout@v3
+    - env:
+        BUILD_NODE: netaccess01
+        STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/
+        STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
+        STORE_USER: admin
+      name: Build and cache netaccess01
+      run: nix-shell -A eval-nodes --run cache-node
   netcore02:
     runs-on: nix
     steps:
diff --git a/machines/netconf/netaccess01.nix b/machines/netconf/netaccess01.nix
new file mode 100644
index 0000000..1a7176e
--- /dev/null
+++ b/machines/netconf/netaccess01.nix
@@ -0,0 +1,47 @@
+# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin.bailly@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+let
+  #TODO: meta
+  vlansPlan = {
+    "uplink-cri".id = 223;
+
+    "admin-core" = {
+      id = 3000;
+      l3-interface = "irb.0";
+    };
+    "admin-ap".id = 3001;
+    "users".id-list = [
+      {
+        begin = 3045;
+        end = 4094;
+      }
+    ];
+
+    "ap-staging".id = 2000;
+    "hypervisor".id = 2001;
+  };
+in
+{
+  vlans = vlansPlan;
+  dgn-hardware.model = "EX2300-48P";
+  dgn-interfaces = {
+    # "ge-0/0/0" = AP-staging;
+    # "ge-0/0/1" = AP-staging;
+    # "ge-0/0/2" = AP-staging;
+    # "ge-0/0/3" = AP-staging;
+    # "ge-0/0/4" = AP-staging;
+    # "ge-0/0/5" = AP-staging;
+
+    # netcore02
+    "xe-0/1/0".ethernet-switching = {
+      interface-mode = "trunk";
+      vlans = [ "all" ];
+    };
+
+    # management
+    "me0".inet.addresses = [ "192.168.42.6/24" ];
+    "irb".inet6.addresses = [ "fd26:baf9:d250:8000::2001/64" ];
+  };
+}
diff --git a/meta/nodes/netconf.nix b/meta/nodes/netconf.nix
index 278aee6..7e464bf 100644
--- a/meta/nodes/netconf.nix
+++ b/meta/nodes/netconf.nix
@@ -26,26 +26,28 @@
       system = "netconf";
     };
   };
-  #  netaccess01 = {
-  #    site = "hyp02";
-  #
-  #    hashedPassword = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0";
-  #
-  #    stateVersion = null;
-  #
-  #    adminGroups = [ "fai" ];
-  #
-  #    deployment = {
-  #      targetHost = "fd26:baf9:d250:8000::2001";
-  #      sshOptions = [
-  #        "-J"
-  #        "root@vault01.hyp01.infra.dgnum.eu"
-  #      ];
-  #    };
-  #
-  #    nixpkgs = {
-  #      version = "24.05"; # FIXME: meaningless
-  #      system = "netconf";
-  #    };
-  #  };
+  netaccess01 = {
+    site = "hyp02";
+
+    hashedPassword = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0";
+
+    stateVersion = null;
+
+    adminGroups = [ "fai" ];
+
+    deployment = {
+      targetHost = "fd26:baf9:d250:8000::2001";
+      sshOptions = [
+        "-J"
+        "root@vault01.hyp01.infra.dgnum.eu"
+        "-p"
+        "830"
+      ];
+    };
+
+    nixpkgs = {
+      version = "24.05"; # FIXME: meaningless
+      system = "netconf";
+    };
+  };
 }