{
lib,
meta,
name,
...
}:
let
inherit (lib) mapAttrs' nameValuePair;
uplink = {
ip = "10.120.33.250";
prefix = 30;
router = "10.120.33.249";
};
mkNetwork =
name:
{
address,
extraNetwork ? { },
...
}:
nameValuePair "10-${name}" ({ inherit name address; } // extraNetwork);
mkNetdev =
name:
{ Id, ... }:
nameValuePair "10-${name}" {
netdevConfig = {
Name = name;
Kind = "vlan";
};
vlanConfig.Id = Id;
};
mkUserVlan =
id:
let
vlan = 3245 + id;
prefix24nb = id / 32;
prefix29nb = (id - prefix24nb * 32) * 8;
in
{
name = "vlan-user-${builtins.toString vlan}";
value = {
Id = vlan;
address = [ "10.0.${builtins.toString prefix24nb}.${builtins.toString (prefix29nb + 1)}/29" ];
};
};
vlans = {
vlan-uplink-cri = {
Id = 223;
address = with uplink; [ "${ip}/${builtins.toString prefix}" ];
extraNetwork.routes = [
{
routeConfig = {
# Get the public ip from the metadata
PreferredSource = builtins.head meta.network.${name}.addresses.ipv4;
Gateway = uplink.router;
};
}
];
};
vlan-admin = {
Id = 3000;
address = [ "fd26:baf9:d250:8000::1/64" ];
};
vlan-admin-ap = {
Id = 3001;
address = [ "fd26:baf9:d250:8010::1/60" ];
};
vlan-apro = {
Id = 2000;
address = [ "10.0.255.1/24" ];
extraNetwork.networkConfig.DHCPServer = "yes";
};
} // builtins.listToAttrs (builtins.genList mkUserVlan 300); # 850 when we can
in
{
systemd.network = {
networks = {
"10-enp67s0f0np0" = {
name = "enp67s0f0np0";
networkConfig = {
VLAN = builtins.attrNames vlans;
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
} // (mapAttrs' mkNetwork vlans);
netdevs = mapAttrs' mkNetdev vlans;
};
networking.firewall.allowedUDPPorts = [ 67 ];
}