{ pkgs, lib, meta, name, ... }: let inherit (lib) mapAttrs' nameValuePair; uplink = { ip = "10.120.33.250"; prefix = 30; router = "10.120.33.249"; }; mkNetwork = name: { address, extraNetwork ? { }, ... }: nameValuePair "10-${name}" ({ inherit name address; } // extraNetwork); mkNetdev = name: { Id, ... }: nameValuePair "10-${name}" { netdevConfig = { Name = name; Kind = "vlan"; }; vlanConfig.Id = Id; }; mkUserVlan = id: let # on alloue 10.0.0.0/17 aux thurnés, avec un /27 chacun, on garde 10.0.0.0/27 pour nous (routeur et autres) vlan = 4094 - id; prefix24nb = (id + 1) / 8; prefix27nb = (id + 1 - prefix24nb * 8) * 32; in { name = "vlan-user-${builtins.toString vlan}"; value = { Id = vlan; address = [ ]; extraNetwork = { networkConfig = { LinkLocalAddressing = "no"; }; linkConfig = { Promiscuous = true; }; addresses = [ { addressConfig = { Address = "10.0.${builtins.toString prefix24nb}.${builtins.toString (prefix27nb + 1)}/27"; AddPrefixRoute = false; }; } ]; routes = [ { routeConfig = { Destination = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27"; Table = "user"; }; } ]; routingPolicyRules = [ { routingPolicyRuleConfig = { From = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27"; To = "10.0.0.0/27"; IncomingInterface = "vlan-user-${builtins.toString vlan}"; Table = "user"; }; } ]; }; }; }; vlans = { vlan-uplink-cri = { Id = 223; address = with uplink; [ "${ip}/${builtins.toString prefix}" ]; extraNetwork.routes = [ { routeConfig = { # Get the public ip from the metadata PreferredSource = builtins.head meta.network.${name}.addresses.ipv4; Gateway = uplink.router; }; } ]; }; vlan-admin = { Id = 3000; address = [ "fd26:baf9:d250:8000::1/64" ]; }; vlan-admin-ap = { Id = 3001; address = [ "fd26:baf9:d250:8010::1/60" ]; }; vlan-apro = { Id = 2000; address = [ "10.0.255.1/24" ]; extraNetwork.networkConfig.DHCPServer = "yes"; }; } // builtins.listToAttrs (builtins.genList mkUserVlan 850); # 850 when we can in { systemd.network = { config.routeTables."user" = 1000; networks = { "10-lo" = { name = "lo"; address = [ "::1/128" "127.0.0.1/8" "10.0.0.1/16" ]; routes = [ { routeConfig = { Destination = "10.0.0.0/27"; Table = "user"; }; } ]; routingPolicyRules = [ { routingPolicyRuleConfig = { IncomingInterface = "lo"; Table = "user"; }; } ]; }; "10-enp67s0f0np0" = { name = "enp67s0f0np0"; linkConfig.Promiscuous = true; networkConfig = { VLAN = builtins.attrNames vlans; LinkLocalAddressing = false; LLDP = false; EmitLLDP = false; IPv6AcceptRA = false; IPv6SendRA = false; }; }; } // (mapAttrs' mkNetwork vlans); netdevs = mapAttrs' mkNetdev vlans; }; systemd.services.ethtoolConfig = { wantedBy = [ "systemd-networkd.service" ]; after = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ]; bindsTo = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ]; script = '' ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rxvlan off ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 txvlan off ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rx-vlan-filter off ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 rx-vlan-offload off ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 tx-vlan-offload off ${lib.getExe pkgs.ethtool} -K enp67s0f0np0 tx-vlan-stag-hw-insert off echo "Hardware for enp67s0f0np0 configured" ''; }; networking.firewall.allowedUDPPorts = [ 67 ]; }