hosts/aubergine/networking/ethernet.nix

   1 { lib, ... }:
   2 with (import ./names-and-numbers.nix);
   3 with (import ./names-and-numbers.nix.clear);
   4 {
   5   networking.interfaces = {
   6     ${eth1Iface} = {
   7       useDHCP = false;
   8       ipv4.addresses = [{ address = "${eth1IPv4}.1"; prefixLength = 24; }];
   9     };
  10     ${eth2Iface} = {
  11       useDHCP = false;
  12       ipv4.addresses = [{ address = "${eth2IPv4}.1"; prefixLength = 24; }];
  13     };
  14     ${eth3Iface} = {
  15       useDHCP = false;
  16       ipv4.addresses = [{ address = "${eth3IPv4}.1"; prefixLength = 24; }];
  17     };
  18   };
  19   networking.networkmanager = {
  20     unmanaged = [
  21       eth1Iface
  22       eth2Iface
  23       eth3Iface
  24     ];
  25   };
  26   networking.nftables.ruleset = lib.mkAfter ''
  27     table inet filter {
  28       chain input {
  29         iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
  30         iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
  31       }
  32       chain output {
  33         oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
  34         oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
  35       }
  36       chain forward-to-lan { }
  37       chain forward {
  38         iifname { "enp2s0", "enp3s0", "enp4s0", "wlp5s0" } oifname  { "enp2s0", "enp3s0", "enp4s0", "wlp5s0" } goto forward-to-lan
  39       }
  40     }
  41   '';
  42
  43   systemd.services.dhcpd4.onFailure = [
  44     "network-addresses-${eth1Iface}.service"
  45     "network-addresses-${eth2Iface}.service"
  46     "network-addresses-${eth3Iface}.service"
  47   ];
  48   services.dhcpd4 = {
  49     enable = true;
  50     interfaces = [
  51       eth1Iface
  52       eth2Iface
  53       eth3Iface
  54     ];
  55     extraConfig = ''
  56       subnet ${eth1IPv4}.0 netmask 255.255.255.0 {
  57         range ${eth1IPv4}.100 ${eth1IPv4}.200;
  58         option broadcast-address ${eth1IPv4}.255;
  59         option domain-name-servers ${eth1IPv4}.1;
  60         option routers ${eth1IPv4}.1;
  61         option subnet-mask 255.255.255.0;
  62         group {
  63           host patate1 {
  64             hardware ethernet ${patateMAC};
  65             fixed-address ${eth1IPv4}.3;
  66           }
  67         }
  68       }
  69
  70       subnet ${eth2IPv4}.0 netmask 255.255.255.0 {
  71         range ${eth2IPv4}.100 ${eth2IPv4}.200;
  72         option broadcast-address ${eth2IPv4}.255;
  73         option domain-name-servers ${eth2IPv4}.1;
  74         option routers ${eth2IPv4}.1;
  75         option subnet-mask 255.255.255.0;
  76         group {
  77           host patate2 {
  78             hardware ethernet ${patateMAC};
  79             fixed-address ${eth2IPv4}.3;
  80           }
  81         }
  82       }
  83
  84       subnet ${eth3IPv4}.0 netmask 255.255.255.0 {
  85         range ${eth3IPv4}.100 ${eth3IPv4}.200;
  86         option broadcast-address ${eth3IPv4}.255;
  87         option domain-name-servers ${eth3IPv4}.1;
  88         option routers ${eth3IPv4}.1;
  89         option subnet-mask 255.255.255.0;
  90         group {
  91           host patate3 {
  92             hardware ethernet ${patateMAC};
  93             fixed-address ${eth3IPv4}.3;
  94           }
  95         }
  96       }
  97     '';
  98   };
  99
 100 }