Significantly improve blockhouse network configuration

2025-07-27 16:53:55 -05:00 · 2025-07-27 16:53:55 -05:00 · c368680c59
commit c368680c59
parent 1c3dcc5a01
1 changed files with 81 additions and 17 deletions
--- a/systems/blockhouse/configuration.nix
+++ b/systems/blockhouse/configuration.nix
@ -29,7 +29,7 @@
    # Blockhouse Features
    ../../nixos/tweaks/aarch64-crosscompile.nix
    ../../nixos/features/gpu/nvidia.nix
-    ../../nixos/features/networking/networkd-br0.nix
+    #../../nixos/features/networking/networkd-br0.nix
    ../../nixos/features/virtualization/dockge.nix
    ../../nixos/features/virtualization/docker.nix
    ../../nixos/features/virtualization/libvirt-host.nix
@ -150,7 +150,7 @@
    enable = true;
    configText = ''
      UPSTYPE net
-      DEVICE bastion:3551
+      DEVICE bastion.mlaga97.space:3551
      BATTERYLEVEL 50
      MINUTES 10
    '';
@ -199,24 +199,88 @@
  networking.enableIPv6 = false;
  boot.kernel.sysctl."net.ipv6.conf.all.disable_ipv6" = true;

-  systemd.network.networks = {
-    "30-eno1" = {
-      matchConfig.Name = "eno1";
-      networkConfig.Bridge = "br0";
-      linkConfig.RequiredForOnline = "enslaved";
+  networking.useNetworkd = true;
+  systemd.network = {
+    enable = true;
+
+    # Configure Physical Interfaces
+    links."10-mobo0" = {
+      linkConfig.Name = "mobo0";
+      matchConfig.PermanentMACAddress = "94:cc:04:11:30:b8"; # Builtin NIC
    };
-    "30-enp37s0" = {
-      matchConfig.Name = "enp37s0";
-      networkConfig.Bridge = "br0";
-      linkConfig.RequiredForOnline = "enslaved";
-    };
-    "30-enp40s0" = {
-      matchConfig.Name = "enp40s0";
-      networkConfig.Bridge = "br0";
-      linkConfig.RequiredForOnline = "enslaved";
+    links."10-card0" = {
+      linkConfig.Name = "card0";
+      matchConfig.PermanentMACAddress = "6c:92:bf:42:51:c6"; # 10Gb SFP+ NIC
    };

-    "90-tinc" = {
+    # Declare VLAN Interfaces
+    netdevs."10-card0-vlan-wan" = {
+      netdevConfig = {
+        Kind = "vlan";
+        Name = "card0-wan";
+      };
+      vlanConfig.Id = 288;
+    };
+    netdevs."10-card0-vlan-cams" = {
+      netdevConfig = {
+        Kind = "vlan";
+        Name = "card0-cams";
+      };
+      vlanConfig.Id = 100;
+    };
+
+    # Declare Bridge Interfaces
+    netdevs."10-br-lan".netdevConfig = {
+      Kind = "bridge";
+      Name = "br-lan";
+      MACAddress = "96:9b:28:22:1f:fa";
+    };
+    netdevs."10-br-wan".netdevConfig = {
+      Kind = "bridge";
+      Name = "br-wan";
+    };
+    netdevs."10-br-cams".netdevConfig = {
+      Kind = "bridge";
+      Name = "br-cams";
+    };
+
+    # Add Bridge Members
+    networks."20-mobo0" = {
+      matchConfig.Name = "mobo0";
+      networkConfig.Bridge = "br-lan";
+      linkConfig.RequiredForOnline = "enslaved";
+    };
+    networks."20-card0" = {
+      matchConfig.Name = "card0";
+      networkConfig = {
+        VLAN = [
+          "card0-wan"
+          "card0-cams"
+        ];
+        Bridge = "br-lan";
+      };
+      linkConfig.RequiredForOnline = "enslaved";
+    };
+    networks."20-card0-wan" = {
+      matchConfig.Name = "card0-wan";
+      networkConfig.Bridge = "br-wan";
+    };
+    networks."20-card0-cams" = {
+      matchConfig.Name = "card0-cams";
+      networkConfig.Bridge = "br-cams";
+    };
+
+    # Actual Network Configs
+    networks."30-br-lan" = {
+      matchConfig.Name = "br-lan";
+      address = [ "192.168.2.50/24" ];
+      routes = [ { Gateway = "192.168.2.1"; } ];
+      networkConfig.IPv6AcceptRA = true;
+      linkConfig.RequiredForOnline = "routable";
+    };
+
+    # VPNs and Overlays
+    networks."90-tinc" = {
      matchConfig.Name = "tinc.dotspace";
      address = [ "10.86.84.104/32" ];
      routes = [ { Destination = "10.86.84.0/24"; } ];