hosts/aubergine/networking/ethernet.nix

   1 { lib, ... }:
   2 with (import ./names-and-numbers.nix);
   3 with (import ./names-and-numbers.nix.clear);
   4 {
   5   systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
   6   systemd.network.enable = true;
   7   systemd.network.wait-online = {
   8     enable = false;
   9   };
  10   systemd.network.networks = {
  11     "10-${eth1Iface}" = {
  12       name = eth1Iface;
  13       networkConfig = {
  14         Address = "${eth1IPv4}.1/24";
  15         DHCPServer = true;
  16       };
  17       dhcpServerConfig = {
  18         DNS = "${eth1IPv4}.1";
  19         EmitDNS = true;
  20         PoolOffset = 100;
  21         PoolSize = 20;
  22       };
  23       linkConfig = {
  24         RequiredForOnline = "no";
  25       };
  26     };
  27     "10-${eth2Iface}" = {
  28       name = eth2Iface;
  29       networkConfig = {
  30         Address = "${eth2IPv4}.1/24";
  31         DHCPServer = true;
  32       };
  33       dhcpServerConfig = {
  34         DNS = "${eth2IPv4}.1";
  35         EmitDNS = true;
  36         PoolOffset = 100;
  37         PoolSize = 20;
  38       };
  39       linkConfig = {
  40         RequiredForOnline = "no";
  41       };
  42     };
  43     "10-${eth3Iface}" = {
  44       name = eth3Iface;
  45       networkConfig = {
  46         Address = "${eth3IPv4}.1/24";
  47         DHCPServer = true;
  48       };
  49       dhcpServerConfig = {
  50         DNS = "${eth3IPv4}.1";
  51         EmitDNS = true;
  52         PoolOffset = 100;
  53         PoolSize = 20;
  54       };
  55       linkConfig = {
  56         RequiredForOnline = "no";
  57       };
  58     };
  59   };
  60   networking.networkmanager = {
  61     unmanaged = [
  62       eth1Iface
  63       eth2Iface
  64       eth3Iface
  65     ];
  66   };
  67
  68   networking.nftables.ruleset = lib.mkAfter ''
  69     table inet filter {
  70       chain input {
  71         iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
  72         iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
  73       }
  74       chain output {
  75         oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
  76         oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
  77       }
  78       chain forward-to-lan { }
  79       chain forward {
  80         iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname  { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-to-lan
  81       }
  82     }
  83   '';
  84 }