forked from DGNum/infrastructure
feat(vault01/networking): Simplify the configuration
This commit is contained in:
parent
60ee43b577
commit
93b7a242ab
1 changed files with 71 additions and 79 deletions
|
@ -1,30 +1,82 @@
|
|||
{
|
||||
lib,
|
||||
meta,
|
||||
name,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
vlanName = "vlan-uplink-cri";
|
||||
vlanAdmin = "vlan-admin";
|
||||
vlanAP = "vlan-admin-ap";
|
||||
vlanAP-apro = "vlan-apro";
|
||||
inherit (lib) mapAttrs' nameValuePair;
|
||||
|
||||
linkIp = "10.120.33.250";
|
||||
linkPrefix = "30";
|
||||
uplink = {
|
||||
ip = "10.120.33.250";
|
||||
prefix = 30;
|
||||
|
||||
upstreamRouterIp = "10.120.33.249";
|
||||
router = "10.120.33.249";
|
||||
};
|
||||
|
||||
publicIp = "129.199.195.129"; # sync with meta
|
||||
mkNetwork =
|
||||
name:
|
||||
{
|
||||
address,
|
||||
extraNetwork ? { },
|
||||
...
|
||||
}:
|
||||
nameValuePair "10-${name}" ({ inherit name address; } // extraNetwork);
|
||||
|
||||
linkPrefixedIp = "${linkIp}/${linkPrefix}";
|
||||
mkNetdev =
|
||||
name:
|
||||
{ Id, ... }:
|
||||
nameValuePair "10-${name}" {
|
||||
netdevConfig = {
|
||||
Name = name;
|
||||
Kind = "vlan";
|
||||
};
|
||||
vlanConfig.Id = Id;
|
||||
};
|
||||
|
||||
vlans = {
|
||||
vlan-uplink-cri = {
|
||||
Id = 223;
|
||||
address = with uplink; [ "${ip}/${builtins.toString prefix}" ];
|
||||
|
||||
extraNetwork.routes = [
|
||||
{
|
||||
routeConfig = {
|
||||
# Get the public ip from the metadata
|
||||
PreferredSource = builtins.head meta.network.${name}.addresses.ipv4;
|
||||
Gateway = uplink.router;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
vlan-admin = {
|
||||
Id = 3000;
|
||||
address = [ "fd26:baf9:d250:8000::1/64" ];
|
||||
};
|
||||
|
||||
vlan-admin-ap = {
|
||||
Id = 3001;
|
||||
address = [ "fd26:baf9:d250:8010::1/60" ];
|
||||
};
|
||||
|
||||
vlan-apro = {
|
||||
Id = 2000;
|
||||
address = [ "10.0.255.1/24" ];
|
||||
|
||||
extraNetwork.networkConfig.DHCPServer = "yes";
|
||||
};
|
||||
};
|
||||
in
|
||||
|
||||
{
|
||||
systemd.network = {
|
||||
networks = {
|
||||
"10-enp67s0f0np0" = {
|
||||
name = "enp67s0f0np0";
|
||||
networkConfig = {
|
||||
VLAN = [
|
||||
vlanName
|
||||
vlanAdmin
|
||||
vlanAP
|
||||
vlanAP-apro
|
||||
];
|
||||
VLAN = builtins.attrNames vlans;
|
||||
|
||||
LinkLocalAddressing = false;
|
||||
LLDP = false;
|
||||
|
@ -33,70 +85,10 @@ in
|
|||
IPv6SendRA = false;
|
||||
};
|
||||
};
|
||||
"10-${vlanName}" = {
|
||||
name = vlanName;
|
||||
address = [ linkPrefixedIp ];
|
||||
routes = [
|
||||
{
|
||||
routeConfig = {
|
||||
PreferredSource = publicIp;
|
||||
Gateway = upstreamRouterIp;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
"10-${vlanAdmin}" = {
|
||||
name = vlanAdmin;
|
||||
address = [ "fd26:baf9:d250:8000::1/64" ];
|
||||
};
|
||||
"10-${vlanAP}" = {
|
||||
name = vlanAP;
|
||||
address = [ "fd26:baf9:d250:8010::1/60" ];
|
||||
};
|
||||
"10-${vlanAP-apro}" = {
|
||||
name = vlanAP-apro;
|
||||
address = [ "10.0.255.1/24" ];
|
||||
networkConfig.DHCPServer = "yes";
|
||||
};
|
||||
};
|
||||
netdevs = {
|
||||
"10-${vlanName}" = {
|
||||
netdevConfig = {
|
||||
Name = vlanName;
|
||||
Kind = "vlan";
|
||||
};
|
||||
vlanConfig = {
|
||||
Id = 223;
|
||||
};
|
||||
};
|
||||
"10-${vlanAdmin}" = {
|
||||
netdevConfig = {
|
||||
Name = vlanAdmin;
|
||||
Kind = "vlan";
|
||||
};
|
||||
vlanConfig = {
|
||||
Id = 3000;
|
||||
};
|
||||
};
|
||||
"10-${vlanAP}" = {
|
||||
netdevConfig = {
|
||||
Name = vlanAP;
|
||||
Kind = "vlan";
|
||||
};
|
||||
vlanConfig = {
|
||||
Id = 3001;
|
||||
};
|
||||
};
|
||||
"10-${vlanAP-apro}" = {
|
||||
netdevConfig = {
|
||||
Name = vlanAP-apro;
|
||||
Kind = "vlan";
|
||||
};
|
||||
vlanConfig = {
|
||||
Id = 2000;
|
||||
};
|
||||
};
|
||||
};
|
||||
} // (mapAttrs' mkNetwork vlans);
|
||||
|
||||
netdevs = mapAttrs' mkNetdev vlans;
|
||||
};
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 67 ];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue