From f22580dd26f44d9a743a928fcdb2a87fa359aaad Mon Sep 17 00:00:00 2001 From: catvayor Date: Thu, 2 May 2024 10:39:19 +0200 Subject: [PATCH] fix(vlans): activate things to bypass vlan limit --- machines/vault01/networking.nix | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/machines/vault01/networking.nix b/machines/vault01/networking.nix index 55528fb..fb87530 100644 --- a/machines/vault01/networking.nix +++ b/machines/vault01/networking.nix @@ -1,4 +1,5 @@ { + pkgs, lib, meta, name, @@ -49,12 +50,11 @@ let Id = vlan; address = [ ]; extraNetwork = { - networkConfig.DHCPServer = "yes"; - dhcpServerConfig = { - EmitRouter = true; - Router = "10.0.0.1"; - EmitDNS = true; - DNS = "10.0.0.1"; + networkConfig = { + LinkLocalAddressing = "no"; + }; + linkConfig = { + Promiscuous = true; }; addresses = [ { @@ -118,7 +118,7 @@ let extraNetwork.networkConfig.DHCPServer = "yes"; }; - } // builtins.listToAttrs (builtins.genList mkUserVlan 10); # 850 when we can + } // builtins.listToAttrs (builtins.genList mkUserVlan 850); # 850 when we can in { @@ -151,6 +151,7 @@ in }; "10-enp67s0f0np0" = { name = "enp67s0f0np0"; + linkConfig.Promiscuous = true; networkConfig = { VLAN = builtins.attrNames vlans; @@ -166,5 +167,20 @@ in netdevs = mapAttrs' mkNetdev vlans; }; + systemd.services.ethtoolConfig = { + wantedBy = [ "systemd-networkd.service" ]; + after = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ]; + bindsTo = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ]; + script = '' + ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rxvlan off + ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 txvlan off + ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rx-vlan-filter off + ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rx-vlan-offload off + ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 tx-vlan-offload off + ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 tx-vlan-stag-hw-insert off + echo "Hardware for enp67s0f0np0 configured" + ''; + }; + networking.firewall.allowedUDPPorts = [ 67 ]; }