Significantly improve bastion network configuration

2025-07-27 17:59:44 -05:00 · 2025-07-27 17:59:44 -05:00 · a625ba6f41
commit a625ba6f41
parent c368680c59
2 changed files with 62 additions and 19 deletions
--- a/systems/bastion/configuration.nix
+++ b/systems/bastion/configuration.nix
@ -34,7 +34,6 @@
    # Bastion Features
    ../../nixos/features/hardware/yubikey.nix
    ../../nixos/features/networking/networkd-br0.nix
    ../../nixos/features/virtualization/dockge.nix
    ../../nixos/features/virtualization/docker.nix
    ../../nixos/features/virtualization/libvirt-host.nix
@ -193,19 +192,67 @@
  ##############################################################################
  # Networking
-  systemd.network.networks = {
+  networking.useNetworkd = true;
-    "30-eno1" = {
+  systemd.network = {
-      matchConfig.Name = "eno1";
+    enable = true;
-      networkConfig.Bridge = "br0";
+
-      linkConfig.RequiredForOnline = "enslaved";
+    # Configure Physical Interfaces
-    };
+    links."10-usb0" = {
-    "30-enp0s20f0u8" = {
+      linkConfig.Name = "usb0";
-      matchConfig.Name = "enp0s20f0u8";
+      matchConfig.PermanentMACAddress = "8c:ae:4c:dd:f7:aa"; # 2.5Gb USB NIC
      networkConfig.Bridge = "br0";
      linkConfig.RequiredForOnline = "enslaved";
    };
-    "90-tinc" = {
+    # Declare VLAN Interfaces
    netdevs."10-usb0-vlan-wan" = {
      netdevConfig = {
        Kind = "vlan";
        Name = "usb0";
      };
      vlanConfig.Id = 288;
    };
    # Declare Bridge Interfaces
    netdevs."10-br-lan".netdevConfig = {
      Kind = "bridge";
      Name = "br-lan";
      MACAddress = "56:66:4b:dd:9b:0e";
    };
    netdevs."10-br-wan".netdevConfig = {
      Kind = "bridge";
      Name = "br-wan";
    };
    # Add Bridge Members
    networks."20-eno0" = {
      matchConfig.Name = "eno0";
      networkConfig.Bridge = "br-lan";
      linkConfig.RequiredForOnline = "enslaved";
    };
    networks."20-usb0" = {
      matchConfig.Name = "usb0";
      networkConfig = {
        VLAN = [
          "usb0-wan"
        ];
        Bridge = "br-lan";
      };
      linkConfig.RequiredForOnline = "enslaved";
    };
    networks."20-usb0-wan" = {
      matchConfig.Name = "usb0-wan";
      networkConfig.Bridge = "br-wan";
    };
    # Actual Network Configs
    networks."30-br-lan" = {
      matchConfig.Name = "br-lan";
      address = [ "192.168.2.51/24" ];
      routes = [ { Gateway = "192.168.2.1"; } ];
      networkConfig.IPv6AcceptRA = true;
      linkConfig.RequiredForOnline = "routable";
    };
    networks."90-tinc" = {
      matchConfig.Name = "tinc.dotspace";
      address = [ "10.86.84.105/32" ];
      routes = [ { Destination = "10.86.84.0/24"; } ];
--- a/systems/blockhouse/configuration.nix
+++ b/systems/blockhouse/configuration.nix
@ -193,7 +193,7 @@
  ##############################################################################
  ##############################################################################
  ##############################################################################
-  # Network
+  # Networking
  # Disable IPv6?
  networking.enableIPv6 = false;
@ -204,10 +204,6 @@
    enable = true;
    # Configure Physical Interfaces
    links."10-mobo0" = {
      linkConfig.Name = "mobo0";
      matchConfig.PermanentMACAddress = "94:cc:04:11:30:b8"; # Builtin NIC
    };
    links."10-card0" = {
      linkConfig.Name = "card0";
      matchConfig.PermanentMACAddress = "6c:92:bf:42:51:c6"; # 10Gb SFP+ NIC
@ -245,8 +241,8 @@
    };
    # Add Bridge Members
-    networks."20-mobo0" = {
+    networks."20-eno0" = {
-      matchConfig.Name = "mobo0";
+      matchConfig.Name = "eno0";
      networkConfig.Bridge = "br-lan";
      linkConfig.RequiredForOnline = "enslaved";
    };