hosts/aubergine/networking/ethernet.nix

   1 { lib, ... }:
   2 with (import ./names-and-numbers.nix);
   3 {
   4   networking.interfaces = {
   5     ${eth1Iface} = {
   6       useDHCP = false;
   7       ipv4.addresses = [{ address = "${eth1IPv4}.1"; prefixLength = 24; }];
   8     };
   9     ${eth2Iface} = {
  10       useDHCP = false;
  11       ipv4.addresses = [{ address = "${eth2IPv4}.1"; prefixLength = 24; }];
  12     };
  13     ${eth3Iface} = {
  14       useDHCP = false;
  15       ipv4.addresses = [{ address = "${eth3IPv4}.1"; prefixLength = 24; }];
  16     };
  17   };
  18   networking.networkmanager = {
  19     #enable = true;
  20     unmanaged = [
  21       eth1Iface
  22       eth2Iface
  23       eth3Iface
  24     ];
  25   };
  26   networking.nftables.ruleset = lib.mkAfter ''
  27     table inet filter {
  28       chain input {
  29         iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
  30         iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
  31       }
  32       chain output {
  33         oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
  34         oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
  35       }
  36     }
  37   '';
  38
  39   systemd.services.dhcpd4.onFailure = [
  40     "network-addresses-${eth1Iface}.service"
  41     "network-addresses-${eth2Iface}.service"
  42     "network-addresses-${eth3Iface}.service"
  43   ];
  44   services.dhcpd4 = {
  45     enable = true;
  46     interfaces = [
  47       eth1Iface
  48       eth2Iface
  49       eth3Iface
  50     ];
  51     extraConfig = ''
  52       subnet ${eth1IPv4}.0 netmask 255.255.255.0 {
  53         range ${eth1IPv4}.100 ${eth1IPv4}.200;
  54         option broadcast-address ${eth1IPv4}.255;
  55         option domain-name-servers ${eth1IPv4}.1;
  56         option routers ${eth1IPv4}.1;
  57         option subnet-mask 255.255.255.0;
  58       }
  59
  60       subnet ${eth2IPv4}.0 netmask 255.255.255.0 {
  61         range ${eth2IPv4}.100 ${eth2IPv4}.200;
  62         option broadcast-address ${eth2IPv4}.255;
  63         option domain-name-servers ${eth2IPv4}.1;
  64         option routers ${eth2IPv4}.1;
  65         option subnet-mask 255.255.255.0;
  66       }
  67
  68       subnet ${eth3IPv4}.0 netmask 255.255.255.0 {
  69         range ${eth3IPv4}.100 ${eth3IPv4}.200;
  70         option broadcast-address ${eth3IPv4}.255;
  71         option domain-name-servers ${eth3IPv4}.1;
  72         option routers ${eth3IPv4}.1;
  73         option subnet-mask 255.255.255.0;
  74       }
  75     '';
  76   };
  77
  78 }