aubergine: sftp: do not bind on off2

[julm/julm-nix.git] / hosts / aubergine / networking / ethernet.nix

diff --git a/hosts/aubergine/networking/ethernet.nix b/hosts/aubergine/networking/ethernet.nix
index 3906c28b5bd8f81ccd5bc5b0d9db133d6010559a..c6cf99e132c28fdc94541ce3678c567fd4af5410 100644 (file)
--- a/hosts/aubergine/networking/ethernet.nix
+++ b/hosts/aubergine/networking/ethernet.nix
@@ -1,88 +1,84 @@
-{ config, pkgs, lib, hostName, ... }:
+{ lib, ... }:
 with (import ./names-and-numbers.nix);
+with (import ./names-and-numbers.nix.clear);
 {
-services.dnscrypt-proxy2.settings.listen_addresses = [
-  "${eth1IPv4}.1:53"
-  "${eth2IPv4}.1:53"
-  "${eth3IPv4}.1:53"
-];
-networking.interfaces = {
-  ${eth1Iface} = {
-    useDHCP = false;
-    ipv4.addresses = [ { address = "${eth1IPv4}.1"; prefixLength = 24; } ];
+  systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
+  systemd.network.enable = true;
+  systemd.network.wait-online = {
+    enable = false;
   };
-  ${eth2Iface} = {
-    useDHCP = false;
-    ipv4.addresses = [ { address = "${eth2IPv4}.1"; prefixLength = 24; } ];
+  systemd.network.networks = {
+    "10-${eth1Iface}" = {
+      name = eth1Iface;
+      networkConfig = {
+        Address = "${eth1IPv4}.1/24";
+        DHCPServer = true;
+      };
+      dhcpServerConfig = {
+        DNS = "${eth1IPv4}.1";
+        EmitDNS = true;
+        PoolOffset = 100;
+        PoolSize = 20;
+      };
+      linkConfig = {
+        RequiredForOnline = "no";
+      };
+    };
+    "10-${eth2Iface}" = {
+      name = eth2Iface;
+      networkConfig = {
+        Address = "${eth2IPv4}.1/24";
+        DHCPServer = true;
+      };
+      dhcpServerConfig = {
+        DNS = "${eth2IPv4}.1";
+        EmitDNS = true;
+        PoolOffset = 100;
+        PoolSize = 20;
+      };
+      linkConfig = {
+        RequiredForOnline = "no";
+      };
+    };
+    "10-${eth3Iface}" = {
+      name = eth3Iface;
+      networkConfig = {
+        Address = "${eth3IPv4}.1/24";
+        DHCPServer = true;
+      };
+      dhcpServerConfig = {
+        DNS = "${eth3IPv4}.1";
+        EmitDNS = true;
+        PoolOffset = 100;
+        PoolSize = 20;
+      };
+      linkConfig = {
+        RequiredForOnline = "no";
+      };
+    };
   };
-  ${eth3Iface} = {
-    useDHCP = false;
-    ipv4.addresses = [ { address = "${eth3IPv4}.1"; prefixLength = 24; } ];
+  networking.networkmanager = {
+    unmanaged = [
+      eth1Iface
+      eth2Iface
+      eth3Iface
+    ];
   };
-};
-networking.networkmanager = {
-  #enable = true;
-  unmanaged = [
-    eth1Iface
-    eth2Iface
-    eth3Iface
-  ];
-};
-networking.nftables.ruleset = lib.mkAfter ''
-  table inet filter {
-    chain input {
-      iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
-      iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
-    }
-    chain output {
-      oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
-      oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
-    }
-  }
-'';
-
-systemd.services.dhcpd4.onFailure = [
-  "network-addresses-${eth1Iface}.service"
-  "network-addresses-${eth2Iface}.service"
-  "network-addresses-${eth3Iface}.service"
-];
-services.dhcpd4 = {
-  enable = true;
-  interfaces = [
-    eth1Iface
-    eth2Iface
-    eth3Iface
-  ];
-  extraConfig = ''
-    subnet ${eth1IPv4}.0 netmask 255.255.255.0 {
-      range ${eth1IPv4}.100 ${eth1IPv4}.200;
-      option broadcast-address ${eth1IPv4}.255;
-      option domain-name-servers ${eth1IPv4}.1;
-      option routers ${eth1IPv4}.1;
-      option subnet-mask 255.255.255.0;
-    }
 
-    subnet ${eth2IPv4}.0 netmask 255.255.255.0 {
-      range ${eth2IPv4}.100 ${eth2IPv4}.200;
-      option broadcast-address ${eth2IPv4}.255;
-      option domain-name-servers ${eth2IPv4}.1;
-      option routers ${eth2IPv4}.1;
-      option subnet-mask 255.255.255.0;
-    }
-
-    subnet ${eth3IPv4}.0 netmask 255.255.255.0 {
-      range ${eth3IPv4}.100 ${eth3IPv4}.200;
-      option broadcast-address ${eth3IPv4}.255;
-      option domain-name-servers ${eth3IPv4}.1;
-      option routers ${eth3IPv4}.1;
-      option subnet-mask 255.255.255.0;
+  networking.nftables.ruleset = lib.mkAfter ''
+    table inet filter {
+      chain input {
+        iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
+        iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
+      }
+      chain output {
+        oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
+        oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
+      }
+      chain forward-to-lan { }
+      chain forward {
+        iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname  { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-to-lan
+      }
     }
   '';
-};
-
-services.openssh.listenAddresses = [
-  { addr = "${eth1IPv4}.1"; port = 22; }
-  { addr = "${eth2IPv4}.1"; port = 22; }
-  { addr = "${eth3IPv4}.1"; port = 22; }
-];
 }