From c368680c5967980a3bcecea714da92df24da1fab Mon Sep 17 00:00:00 2001 From: Lauren Lagarde Date: Sun, 27 Jul 2025 16:53:55 -0500 Subject: [PATCH] Significantly improve blockhouse network configuration --- systems/blockhouse/configuration.nix | 98 +++++++++++++++++++++++----- 1 file changed, 81 insertions(+), 17 deletions(-) diff --git a/systems/blockhouse/configuration.nix b/systems/blockhouse/configuration.nix index c5bd11b..ed0711e 100755 --- a/systems/blockhouse/configuration.nix +++ b/systems/blockhouse/configuration.nix @@ -29,7 +29,7 @@ # Blockhouse Features ../../nixos/tweaks/aarch64-crosscompile.nix ../../nixos/features/gpu/nvidia.nix - ../../nixos/features/networking/networkd-br0.nix + #../../nixos/features/networking/networkd-br0.nix ../../nixos/features/virtualization/dockge.nix ../../nixos/features/virtualization/docker.nix ../../nixos/features/virtualization/libvirt-host.nix @@ -150,7 +150,7 @@ enable = true; configText = '' UPSTYPE net - DEVICE bastion:3551 + DEVICE bastion.mlaga97.space:3551 BATTERYLEVEL 50 MINUTES 10 ''; @@ -199,24 +199,88 @@ networking.enableIPv6 = false; boot.kernel.sysctl."net.ipv6.conf.all.disable_ipv6" = true; - systemd.network.networks = { - "30-eno1" = { - matchConfig.Name = "eno1"; - networkConfig.Bridge = "br0"; - linkConfig.RequiredForOnline = "enslaved"; + networking.useNetworkd = true; + systemd.network = { + enable = true; + + # Configure Physical Interfaces + links."10-mobo0" = { + linkConfig.Name = "mobo0"; + matchConfig.PermanentMACAddress = "94:cc:04:11:30:b8"; # Builtin NIC }; - "30-enp37s0" = { - matchConfig.Name = "enp37s0"; - networkConfig.Bridge = "br0"; - linkConfig.RequiredForOnline = "enslaved"; - }; - "30-enp40s0" = { - matchConfig.Name = "enp40s0"; - networkConfig.Bridge = "br0"; - linkConfig.RequiredForOnline = "enslaved"; + links."10-card0" = { + linkConfig.Name = "card0"; + matchConfig.PermanentMACAddress = "6c:92:bf:42:51:c6"; # 10Gb SFP+ NIC }; - "90-tinc" = { + # Declare VLAN Interfaces + netdevs."10-card0-vlan-wan" = { + netdevConfig = { + Kind = "vlan"; + Name = "card0-wan"; + }; + vlanConfig.Id = 288; + }; + netdevs."10-card0-vlan-cams" = { + netdevConfig = { + Kind = "vlan"; + Name = "card0-cams"; + }; + vlanConfig.Id = 100; + }; + + # Declare Bridge Interfaces + netdevs."10-br-lan".netdevConfig = { + Kind = "bridge"; + Name = "br-lan"; + MACAddress = "96:9b:28:22:1f:fa"; + }; + netdevs."10-br-wan".netdevConfig = { + Kind = "bridge"; + Name = "br-wan"; + }; + netdevs."10-br-cams".netdevConfig = { + Kind = "bridge"; + Name = "br-cams"; + }; + + # Add Bridge Members + networks."20-mobo0" = { + matchConfig.Name = "mobo0"; + networkConfig.Bridge = "br-lan"; + linkConfig.RequiredForOnline = "enslaved"; + }; + networks."20-card0" = { + matchConfig.Name = "card0"; + networkConfig = { + VLAN = [ + "card0-wan" + "card0-cams" + ]; + Bridge = "br-lan"; + }; + linkConfig.RequiredForOnline = "enslaved"; + }; + networks."20-card0-wan" = { + matchConfig.Name = "card0-wan"; + networkConfig.Bridge = "br-wan"; + }; + networks."20-card0-cams" = { + matchConfig.Name = "card0-cams"; + networkConfig.Bridge = "br-cams"; + }; + + # Actual Network Configs + networks."30-br-lan" = { + matchConfig.Name = "br-lan"; + address = [ "192.168.2.50/24" ]; + routes = [ { Gateway = "192.168.2.1"; } ]; + networkConfig.IPv6AcceptRA = true; + linkConfig.RequiredForOnline = "routable"; + }; + + # VPNs and Overlays + networks."90-tinc" = { matchConfig.Name = "tinc.dotspace"; address = [ "10.86.84.104/32" ]; routes = [ { Destination = "10.86.84.0/24"; } ];