hosts/aubergine/networking/ethernet.nix

   1 { lib, ... }:
   2 with (import ./names-and-numbers.nix);
   3 with (import ./names-and-numbers.nix.clear);
   4 {
   5   systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
   6   systemd.network.enable = true;
   7   systemd.network.wait-online = {
   8     enable = false;
   9   };
  10   systemd.network.networks = {
  11     "10-${eth1Iface}" = {
  12       name = eth1Iface;
  13       networkConfig = {
  14         Address = "${eth1IPv4}.1/24";
  15         DHCPServer = true;
  16       };
  17       dhcpServerConfig = {
  18         DNS = "${eth1IPv4}.1";
  19         EmitDNS = true;
  20         PoolOffset = 100;
  21         PoolSize = 20;
  22       };
  23       linkConfig = {
  24         RequiredForOnline = "no";
  25       };
  26     };
  27     "10-${eth2Iface}" = {
  28       name = eth2Iface;
  29       networkConfig = {
  30         Address = "${eth2IPv4}.1/24";
  31         DHCPServer = true;
  32       };
  33       dhcpServerConfig = {
  34         DNS = "${eth2IPv4}.1";
  35         EmitDNS = true;
  36         PoolOffset = 100;
  37         PoolSize = 20;
  38       };
  39       linkConfig = {
  40         RequiredForOnline = "no";
  41       };
  42     };
  43     "10-${eth3Iface}" = {
  44       name = eth3Iface;
  45       networkConfig = {
  46         Address = "${eth3IPv4}.1/24";
  47         DHCPServer = true;
  48       };
  49       dhcpServerConfig = {
  50         DNS = "${eth3IPv4}.1";
  51         EmitDNS = true;
  52         PoolOffset = 100;
  53         PoolSize = 20;
  54         #BootServerAddress="${eth3IPv4}.1";
  55       };
  56       linkConfig = {
  57         RequiredForOnline = "no";
  58       };
  59     };
  60   };
  61   networking.networkmanager = {
  62     unmanaged = [
  63       eth1Iface
  64       eth2Iface
  65       eth3Iface
  66     ];
  67   };
  68
  69   networking.nftables.ruleset = lib.mkAfter ''
  70     table inet filter {
  71       chain input {
  72         iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
  73         iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
  74       }
  75       chain output {
  76         oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
  77         oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
  78       }
  79       chain forward-to-lan { }
  80       chain forward {
  81         iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname  { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-to-lan
  82       }
  83     }
  84   '';
  85 }