From 150e7412630c46cf39ab326c921d48f263ffbf53 Mon Sep 17 00:00:00 2001
From: catvayor <catvayor@katvayor.net>
Date: Thu, 25 Apr 2024 18:41:10 +0200
Subject: [PATCH] =?UTF-8?q?feat(routing):=20Chaque=20vlan=20a=20une=20IP?=
 =?UTF-8?q?=20diff=C3=A9rente=20et=20policyrules?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 machines/vault01/networking.nix | 65 ++++++++++++++++++++++++++++-----
 1 file changed, 55 insertions(+), 10 deletions(-)

diff --git a/machines/vault01/networking.nix b/machines/vault01/networking.nix
index f506dfe..596063d 100644
--- a/machines/vault01/networking.nix
+++ b/machines/vault01/networking.nix
@@ -47,15 +47,35 @@ let
       name = "vlan-user-${builtins.toString vlan}";
       value = {
         Id = vlan;
-        extraNetwork.routes = [
-          {
-            routeConfig = {
-              Destination = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27";
-              Source = "10.0.0.1/17";
-            };
-          }
-        ];
-        address = [ "10.0.0.1/17" ];
+        address = [ ];
+        extraNetwork = {
+          addresses = [
+            {
+              addressConfig = {
+                Address = "10.0.${builtins.toString prefix24nb}.${builtins.toString (prefix27nb + 1)}/27";
+                AddPrefixRoute = false;
+              };
+            }
+          ];
+          routes = [
+            {
+              routeConfig = {
+                Destination = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27";
+                Table = "user";
+              };
+            }
+          ];
+          routingPolicyRules = [
+            {
+              routingPolicyRuleConfig = {
+                From = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27";
+                To = "10.0.0.0/27";
+                IncomingInterface = "vlan-user-${builtins.toString vlan}";
+                Table = "user";
+              };
+            }
+          ];
+        };
       };
     };
 
@@ -91,12 +111,37 @@ let
 
       extraNetwork.networkConfig.DHCPServer = "yes";
     };
-  } // builtins.listToAttrs (builtins.genList mkUserVlan 300); # 850 when we can
+  } // builtins.listToAttrs (builtins.genList mkUserVlan 10); # 850 when we can
 in
 
 {
   systemd.network = {
+    config.routeTables."user" = 1000;
     networks = {
+      "10-lo" = {
+        name = "lo";
+        address = [
+          "::1/128"
+          "127.0.0.1/8"
+          "10.0.0.1/16"
+        ];
+        routes = [
+          {
+            routeConfig = {
+              Destination = "10.0.0.0/27";
+              Table = "user";
+            };
+          }
+        ];
+        routingPolicyRules = [
+          {
+            routingPolicyRuleConfig = {
+              IncomingInterface = "lo";
+              Table = "user";
+            };
+          }
+        ];
+      };
       "10-enp67s0f0np0" = {
         name = "enp67s0f0np0";
         networkConfig = {