]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/networking/ethernet.nix
git-crypt: remove 388FB89C12F65085160A6397DB1FCA48E58F1A7C
[julm/julm-nix.git] / hosts / aubergine / networking / ethernet.nix
1 { lib, ... }:
2 with (import ./names-and-numbers.nix);
3 {
4 networking.interfaces = {
5 ${eth1Iface} = {
6 useDHCP = false;
7 ipv4.addresses = [{ address = "${eth1IPv4}.1"; prefixLength = 24; }];
8 };
9 ${eth2Iface} = {
10 useDHCP = false;
11 ipv4.addresses = [{ address = "${eth2IPv4}.1"; prefixLength = 24; }];
12 };
13 ${eth3Iface} = {
14 useDHCP = false;
15 ipv4.addresses = [{ address = "${eth3IPv4}.1"; prefixLength = 24; }];
16 };
17 };
18 networking.networkmanager = {
19 #enable = true;
20 unmanaged = [
21 eth1Iface
22 eth2Iface
23 eth3Iface
24 ];
25 };
26 networking.nftables.ruleset = lib.mkAfter ''
27 table inet filter {
28 chain input {
29 iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
30 iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
31 }
32 chain output {
33 oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
34 oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
35 }
36 }
37 '';
38
39 systemd.services.dhcpd4.onFailure = [
40 "network-addresses-${eth1Iface}.service"
41 "network-addresses-${eth2Iface}.service"
42 "network-addresses-${eth3Iface}.service"
43 ];
44 services.dhcpd4 = {
45 enable = true;
46 interfaces = [
47 eth1Iface
48 eth2Iface
49 eth3Iface
50 ];
51 extraConfig = ''
52 subnet ${eth1IPv4}.0 netmask 255.255.255.0 {
53 range ${eth1IPv4}.100 ${eth1IPv4}.200;
54 option broadcast-address ${eth1IPv4}.255;
55 option domain-name-servers ${eth1IPv4}.1;
56 option routers ${eth1IPv4}.1;
57 option subnet-mask 255.255.255.0;
58 }
59
60 subnet ${eth2IPv4}.0 netmask 255.255.255.0 {
61 range ${eth2IPv4}.100 ${eth2IPv4}.200;
62 option broadcast-address ${eth2IPv4}.255;
63 option domain-name-servers ${eth2IPv4}.1;
64 option routers ${eth2IPv4}.1;
65 option subnet-mask 255.255.255.0;
66 }
67
68 subnet ${eth3IPv4}.0 netmask 255.255.255.0 {
69 range ${eth3IPv4}.100 ${eth3IPv4}.200;
70 option broadcast-address ${eth3IPv4}.255;
71 option domain-name-servers ${eth3IPv4}.1;
72 option routers ${eth3IPv4}.1;
73 option subnet-mask 255.255.255.0;
74 }
75 '';
76 };
77
78 }