Merge pull request #2 from dd-ix/networkd

migrating to networkd

hosts/mno001/configuration.nix

@@ -4,6 +4,7 @@
   imports = [
     ./hardware-configuration.nix
     ./network.nix
+    ./initrd_network.nix
   ];
 
   # Use the systemd-boot EFI boot loader.

hosts/mno001/initrd_network.nix

@@ -0,0 +1,16 @@
+{ pkgs, config, ... }: {
+  #boot.initrd.network.enable = true;
+  #boot.initrd.network.postCommands = ''
+  #  # TODO automatically import pools / prompt user and continue boot
+  #'';
+  #boot.initrd.network.ssh = {
+  #  enable = true;
+  #  port = 2222;
+  #  authorizedKeys = [
+  #      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NLB8EHnUgl2GO2uaojdf3p3YpsHH6px6CZleif8klhLN+ro5KeFK2OXC2SO3Vo4qgF/NySdsoInV9JEsssELZ2ttVbeKxI6f76V5dZgGI7qoSf4E0TXIgpS9n9K2AEmRKr65uC2jgkSJuo/T1mF+4/Nzyo706FT/GGVoiBktgq9umbYX0vIQkTMFAcw921NwFCWFQcMYRruaH01tLu6HIAdJ9FVG8MAt84hCr4D4PobD6b029bHXTzcixsguRtl+q4fQAl3WK3HAxT+txN91CDoP2eENo3gbmdTBprD2RcB/hz5iI6IaY3p1+8fTX2ehvI3loRA8Qjr/xzkzMUlpA/8NLKbJD4YxNGgFbauEmEnlC8Evq2vMrxdDr2SjnBAUwzZ63Nq+pUoBNYG/c+h+eO/s7bjnJVe0m2/2ZqPj1jWQp4hGoNzzU1cQmy6TdEWJcg2c8ints5068HN3o0gQKkp1EseNrdB8SuG+me/c/uIOX8dPASgo3Yjv9IGLhhx8GOGQxHEQN9QFC4QyZt/rrAyGmlX342PBNYmmStgVWHiYCcMVUWGlsG0XvG6bvGgmMeHNVsDf6WdMQuLj9luvxJzrd4FlKX6O0X/sIaqMVSkhIbD2+vvKNqrii7JdUTntUPs89L5h9DoDqQWkL13Plg1iQt4/VYeKTbUhYYz1lw== revo-xut@plank"
+  #      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHuSECgZffKGH56xoVzITe43IdRyYbAr3sef8TJOrGGH [email protected]"
+  #      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMbUizElFyULDlpEE9XHWWOca4ZXepS18ljh4Fj4YnJOAs7sbYzzhfMUiD703FIgK5YObzOlheu/PBbwUOStgcmPDuRalZWLr+0kCUYERfjLHkgliFx96xEFw9dluvII6JpbzFI/uvkEkQ3ESKapRcYAuBTk2sRoit8za+HX9sLmMueqNtN4H92sFYYm1wWy3FFgz/NN+uTh7F5nmA7SrSS/fpbmugcgBdR/Zy1YwSA8Rl1pagEvgN9/qAnP7pssvXr9pTCUNxVSQ7FlTUOHmxzG16RybYRikgevQaHtFYvmS7AuRvRDlQWhHt1drREGOIwwZPXD1smfQAsvP66J85j9aeanZdoBoJcvvFNer3071QGmi+5NHDSiG+YvoWt7qgiKLF4lOfByzjdoRRSg01uuhdQLOHHt0hbfyGS6hx//1MtjiXTElXvOOiUJ6AqfCSwOTK+72W6VKhKYcO11+Ngym1dyF3TtVcoEYN3JpUdbNq+qctMzXFMGovPEEMh7s= mel@umbreon"
+  #  ];
+  #  hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ];
+  #};
+}

hosts/mno001/network.nix

@@ -1,39 +1,101 @@
 { pkgs, ... }:
 let
-  bond_name = "bond0";
+  bond_device_name = "bond"; # name of the bond interface
+  first_device_name = "enp144s0"; # first port that should be part of the LAG
+  second_device_name = "enp144s0d1"; # second port that should be part of the LAG
 in
 {
+  networking = {
+    enableIPv6 = true;
+    useDHCP = false;
 
-  # LACP on first two ports
-  networking.bonds."${bond_name}" = {
-    interfaces = [ "eno2" "eno3" ];
-    driverOptions = {
-      mode = "802.3ad";
-      lacp_rate = "fast";
-    };
+    useNetworkd = true;
+    wireguard.enable = true;
+
+    nameservers = [
+      "212.111.228.53" # IBH 1
+      "193.36.123.53" # IBH 2
+    ];
   };
 
-  # Static IP Address
-  networking.interfaces."${bond_name}" = {
-    useDHCP = false;
-    ipv4.addresses = [
-      {
-        address = "212.111.245.178";
-        prefixLength = 29;
-      }
+  services.resolved = {
+    enable = true;
+    fallbackDns = [
+      "9.9.9.9" # QUAD 9
     ];
   };
 
-  # Default Gateway
-  networking.defaultGateway.address = "212.111.245.177";
+  systemd.network = {
+    enable = true;
+
+    netdevs."10-${bond_device_name}" = {
+      netdevConfig = {
+        Name = "${bond_device_name}";
+        Kind = "bond";
+      };
+      bondConfig = {
+        Mode = "802.3ad"; # LACP 
+        MIIMonitorSec = "250ms";
+        LACPTransmitRate = "fast";
+      };
+    };
+
+    netdevs."20-uplink" = {
+      netdevConfig = {
+        Name = "uplink";
+        Kind = "vlan";
+      };
+      vlanConfig = {
+        Id = 100;
+      };
+    };
+
+    networks."10-${bond_device_name}" = {
+      matchConfig.Name = "${bond_device_name}";
 
-  # nameservers
-  networking.nameservers = [ "212.111.228.53" "193.36.123.53" ];
+      vlan = [ "uplink" ];
+
+      networkConfig = {
+        DHCP = "no";
+      };
+    };
+
+    networks."10-uplink" = {
+      matchConfig.Name = "uplink";
+
+      address = [ "212.111.245.178/29" ];
+      routes = [
+        {
+          routeConfig.Gateway = "212.111.245.176";
+        }
+      ];
+
+      vlan = [ "uplink" ];
+
+      networkConfig = {
+        DHCP = "no";
+      };
+    };
+
+    networks."10-${first_device_name}-${bond_device_name}" = {
+      matchConfig.Name = "${first_device_name}";
+      networkConfig = {
+        Bond = "${bond_device_name}"; # Enslaving to bond 
+      };
+    };
+
+    networks."10-${second_device_name}-${bond_device_name}" = {
+      matchConfig.Name = "${second_device_name}";
+      networkConfig = {
+        Bond = "${bond_device_name}"; # Enslaving to bond
+      };
+    };
+  };
 
   # enabling and configuring firewall
   networking.firewall = {
     enable = true;
-    allowedTCPPorts = [ 80 22 443 ];
+    allowedTCPPorts = [ 80 22 443 2222 ];
     allowedUDPPorts = [ ];
   };
 }

modules/management/website.nix

@@ -2,7 +2,7 @@
 
   sops.secrets.listmonk_admin.owner = config.dd-ix.foundation.user;
   services.nginx = {
-   enable = true;
+    enable = true;
     virtualHosts = {
       "www.${config.deployment-dd-ix.domain}" = {
         enableACME = true;