mlaga97/mlaga97-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Significantly improve blockhouse network configuration

Browse source
This commit is contained in:
Lauren Lagarde 2025-07-27 16:53:55 -05:00
parent 1c3dcc5a01
commit c368680c59
1 changed files with 81 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

98
systems/blockhouse/configuration.nix
View file

@ -29,7 +29,7 @@
# Blockhouse Features # Blockhouse Features
../../nixos/tweaks/aarch64-crosscompile.nix ../../nixos/tweaks/aarch64-crosscompile.nix
../../nixos/features/gpu/nvidia.nix ../../nixos/features/gpu/nvidia.nix
../../nixos/features/networking/networkd-br0.nix #../../nixos/features/networking/networkd-br0.nix
../../nixos/features/virtualization/dockge.nix ../../nixos/features/virtualization/dockge.nix
../../nixos/features/virtualization/docker.nix ../../nixos/features/virtualization/docker.nix
../../nixos/features/virtualization/libvirt-host.nix ../../nixos/features/virtualization/libvirt-host.nix
@ -150,7 +150,7 @@
enable = true; enable = true;
configText = '' configText = ''
UPSTYPE net UPSTYPE net
DEVICE bastion:3551 DEVICE bastion.mlaga97.space:3551
BATTERYLEVEL 50 BATTERYLEVEL 50
MINUTES 10 MINUTES 10
''; '';
@ -199,24 +199,88 @@
networking.enableIPv6 = false; networking.enableIPv6 = false;
boot.kernel.sysctl."net.ipv6.conf.all.disable_ipv6" = true; boot.kernel.sysctl."net.ipv6.conf.all.disable_ipv6" = true;
systemd.network.networks = { networking.useNetworkd = true;
"30-eno1" = { systemd.network = {
matchConfig.Name = "eno1"; enable = true;
networkConfig.Bridge = "br0";
linkConfig.RequiredForOnline = "enslaved"; # Configure Physical Interfaces
links."10-mobo0" = {
linkConfig.Name = "mobo0";
matchConfig.PermanentMACAddress = "94:cc:04:11:30:b8"; # Builtin NIC
}; };
"30-enp37s0" = { links."10-card0" = {
matchConfig.Name = "enp37s0"; linkConfig.Name = "card0";
networkConfig.Bridge = "br0"; matchConfig.PermanentMACAddress = "6c:92:bf:42:51:c6"; # 10Gb SFP+ NIC
linkConfig.RequiredForOnline = "enslaved";
};
"30-enp40s0" = {
matchConfig.Name = "enp40s0";
networkConfig.Bridge = "br0";
linkConfig.RequiredForOnline = "enslaved";
}; };
"90-tinc" = { # Declare VLAN Interfaces
netdevs."10-card0-vlan-wan" = {
netdevConfig = {
Kind = "vlan";
Name = "card0-wan";
};
vlanConfig.Id = 288;
};
netdevs."10-card0-vlan-cams" = {
netdevConfig = {
Kind = "vlan";
Name = "card0-cams";
};
vlanConfig.Id = 100;
};
# Declare Bridge Interfaces
netdevs."10-br-lan".netdevConfig = {
Kind = "bridge";
Name = "br-lan";
MACAddress = "96:9b:28:22:1f:fa";
};
netdevs."10-br-wan".netdevConfig = {
Kind = "bridge";
Name = "br-wan";
};
netdevs."10-br-cams".netdevConfig = {
Kind = "bridge";
Name = "br-cams";
};
# Add Bridge Members
networks."20-mobo0" = {
matchConfig.Name = "mobo0";
networkConfig.Bridge = "br-lan";
linkConfig.RequiredForOnline = "enslaved";
};
networks."20-card0" = {
matchConfig.Name = "card0";
networkConfig = {
VLAN = [
"card0-wan"
"card0-cams"
];
Bridge = "br-lan";
};
linkConfig.RequiredForOnline = "enslaved";
};
networks."20-card0-wan" = {
matchConfig.Name = "card0-wan";
networkConfig.Bridge = "br-wan";
};
networks."20-card0-cams" = {
matchConfig.Name = "card0-cams";
networkConfig.Bridge = "br-cams";
};
# Actual Network Configs
networks."30-br-lan" = {
matchConfig.Name = "br-lan";
address = [ "192.168.2.50/24" ];
routes = [ { Gateway = "192.168.2.1"; } ];
networkConfig.IPv6AcceptRA = true;
linkConfig.RequiredForOnline = "routable";
};
# VPNs and Overlays
networks."90-tinc" = {
matchConfig.Name = "tinc.dotspace"; matchConfig.Name = "tinc.dotspace";
address = [ "10.86.84.104/32" ]; address = [ "10.86.84.104/32" ];
routes = [ { Destination = "10.86.84.0/24"; } ]; routes = [ { Destination = "10.86.84.0/24"; } ];