]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/networking/ethernet.nix
nebula: enable service
[julm/julm-nix.git] / hosts / aubergine / networking / ethernet.nix
1 { lib, ... }:
2 with (import ./names-and-numbers.nix);
3 with (import ./names-and-numbers.nix.clear);
4 {
5 systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
6 systemd.network.enable = true;
7 systemd.network.wait-online = {
8 enable = false;
9 };
10 systemd.network.networks = {
11 "10-${eth1Iface}" = {
12 name = eth1Iface;
13 networkConfig = {
14 Address = "${eth1IPv4}.1/24";
15 DHCPServer = true;
16 };
17 dhcpServerConfig = {
18 DNS = "${eth1IPv4}.1";
19 EmitDNS = true;
20 PoolOffset = 100;
21 PoolSize = 20;
22 };
23 linkConfig = {
24 RequiredForOnline = "no";
25 };
26 };
27 "10-${eth2Iface}" = {
28 name = eth2Iface;
29 networkConfig = {
30 Address = "${eth2IPv4}.1/24";
31 DHCPServer = true;
32 };
33 dhcpServerConfig = {
34 DNS = "${eth2IPv4}.1";
35 EmitDNS = true;
36 PoolOffset = 100;
37 PoolSize = 20;
38 };
39 linkConfig = {
40 RequiredForOnline = "no";
41 };
42 };
43 "10-${eth3Iface}" = {
44 name = eth3Iface;
45 networkConfig = {
46 Address = "${eth3IPv4}.1/24";
47 DHCPServer = true;
48 };
49 dhcpServerConfig = {
50 DNS = "${eth3IPv4}.1";
51 EmitDNS = true;
52 PoolOffset = 100;
53 PoolSize = 20;
54 };
55 linkConfig = {
56 RequiredForOnline = "no";
57 };
58 };
59 };
60 networking.networkmanager = {
61 unmanaged = [
62 eth1Iface
63 eth2Iface
64 eth3Iface
65 ];
66 };
67
68 networking.nftables.ruleset = lib.mkAfter ''
69 table inet filter {
70 chain input {
71 iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
72 iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
73 }
74 chain output {
75 oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
76 oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
77 }
78 chain forward-to-lan { }
79 chain forward {
80 iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-to-lan
81 }
82 }
83 '';
84 }