diff --git a/machines/vault01/networking.nix b/machines/vault01/networking.nix index 71fe3da..ad1ffe0 100644 --- a/machines/vault01/networking.nix +++ b/machines/vault01/networking.nix @@ -37,16 +37,13 @@ let }; mkUserVlan = - id: - let - # on alloue 10.0.0.0/17 aux thurnés, avec un /27 chacun, on garde 10.0.0.0/27 pour nous (routeur et autres) - vlan = 4094 - id; - prefix24nb = (id + 1) / 8; - prefix27nb = (id + 1 - prefix24nb * 8) * 32; - netIP = "10.0.${toString prefix24nb}.${toString prefix27nb}"; - servIP = "10.0.${toString prefix24nb}.${toString (prefix27nb + 1)}"; - interfaceName = "vlan-user-${toString vlan}"; - in + { + vlan, + netIP, + servIP, + interfaceName, + ... + }: { name = interfaceName; value = { @@ -87,6 +84,15 @@ let }; }; + userVlans = builtins.genList (id: rec { + vlan = 4094 - id; + prefix24nb = (id + 1) / 8; + prefix27nb = (id + 1 - prefix24nb * 8) * 32; + netIP = "10.0.${toString prefix24nb}.${toString prefix27nb}"; + servIP = "10.0.${toString prefix24nb}.${toString (prefix27nb + 1)}"; + interfaceName = "vlan-user-${toString vlan}"; + }) 850; + vlans = { vlan-uplink-cri = { Id = 223; @@ -119,7 +125,7 @@ let extraNetwork.networkConfig.DHCPServer = "yes"; }; - } // builtins.listToAttrs (builtins.genList mkUserVlan 850); + } // builtins.listToAttrs (map mkUserVlan userVlans); in { @@ -187,6 +193,31 @@ in }; systemd-networkd.serviceConfig.LimitNOFILE = 4096; + + net-checker = { + path = [ + pkgs.iputils + pkgs.systemd + ]; + script = '' + if ping -c 1 8.8.8.8 > /dev/null || ping -c 1 1.1.1.1 > /dev/null; then + ${ + lib.concatMapStringsSep "\n " ({ interfaceName, ... }: "networkctl up ${interfaceName}") userVlans + } + else + ${ + lib.concatMapStringsSep "\n " ( + { interfaceName, ... }: "networkctl down ${interfaceName}" + ) userVlans + } + fi + ''; + }; + }; + + timers.net-checker = { + wantedBy = [ "timers.target" ]; + timerConfig.OnCalendar = "*-*-* *:*:42"; }; };