From dff5a4bc271f66b8757c26918d6425281dda6e07 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Sat, 8 Jul 2023 23:19:30 +0200 Subject: [PATCH 1/8] migrating to networkd --- hosts/mno001/network.nix | 78 +++++++++++++++++++++++++++++----------- 1 file changed, 58 insertions(+), 20 deletions(-) diff --git a/hosts/mno001/network.nix b/hosts/mno001/network.nix index 574516a3..dfe3d0e8 100644 --- a/hosts/mno001/network.nix +++ b/hosts/mno001/network.nix @@ -1,34 +1,72 @@ { pkgs, ... }: let - bond_name = "bond0"; + bond_name = "bond"; in { - # LACP on first two ports - networking.bonds."${bond_name}" = { - interfaces = [ "eno2" "eno3" ]; - driverOptions = { - mode = "802.3ad"; - lacp_rate = "fast"; - }; + networking = { + enableIPv6 = true; + useDHCP = false; + + useNetworkd = true; + wireguard.enable = true; }; - # Static IP Address - networking.interfaces."${bond_name}" = { - useDHCP = false; - ipv4.addresses = [ - { - address = "212.111.245.178"; - prefixLength = 29; - } + services.resolved = { + enable = true; + fallbackDns = [ + "212.111.228.53" # IBH 1 + "193.36.123.53" # IBH 2 + "9.9.9.9" # QUAD 9 ]; }; - # Default Gateway - networking.defaultGateway.address = "212.111.245.177"; + systemd.network = { + enable = true; + + netdevs."10-${bond_name}" = { + netDevConfig = { + Name = "${bond_name}"; + Kind = "bond"; + }; + bondConfig = { + Mode = "802.3ad"; # LACP + MIIMonitorSec = "250ms"; + LACPTransmitRate = "fast"; + }; + }; + + networks."10-${bond_name}" = { + matchConfig.Name = "${bond_name}"; - # nameservers - networking.nameservers = [ "212.111.228.53" "193.36.123.53" ]; + address = [ "212.111.245.178/29" ]; + routes = [ + { + routeConfig.Gateway = "212.111.245.177"; + } + ]; + + networkConfig = { + BindCarrier = [ "eno2" "eno3" ]; + DHCP = "no"; + }; + }; + + networks."10-eno2-${bond_name}" = { + matchConfig.Name = "eno2"; + networkConfig = { + Bond = "${bond_name}"; # Enslaving to bond + }; + }; + + networks."10-eno3-${bond_name}" = { + matchConfig.Name = "eno3"; + networkConfig = { + Bond = "${bond_name}"; # Enslaving to bond + }; + }; + + }; # enabling and configuring firewall networking.firewall = { From da1258e636ece8315591f286a941d921a468c458 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Mon, 10 Jul 2023 14:17:17 +0200 Subject: [PATCH 2/8] fixed dns --- hosts/mno001/network.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hosts/mno001/network.nix b/hosts/mno001/network.nix index dfe3d0e8..10a844c2 100644 --- a/hosts/mno001/network.nix +++ b/hosts/mno001/network.nix @@ -10,13 +10,16 @@ in useNetworkd = true; wireguard.enable = true; + + nameservers = [ + "212.111.228.53" # IBH 1 + "193.36.123.53" # IBH 2 + ]; }; services.resolved = { enable = true; fallbackDns = [ - "212.111.228.53" # IBH 1 - "193.36.123.53" # IBH 2 "9.9.9.9" # QUAD 9 ]; }; From e0b9309ffbe63e520b377372e9fef6cd4e2ac55c Mon Sep 17 00:00:00 2001 From: revol-xut Date: Fri, 5 Jan 2024 16:51:54 +0100 Subject: [PATCH 3/8] adding config for ssh in init-ram-fs --- hosts/mno001/network.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/hosts/mno001/network.nix b/hosts/mno001/network.nix index 10a844c2..269a2f50 100644 --- a/hosts/mno001/network.nix +++ b/hosts/mno001/network.nix @@ -3,6 +3,18 @@ let bond_name = "bond"; in { + boot.initrd.network.enable = true; + boot.initrd.network.ssh = { + enable = true; + port = 22; + shell = "/bin/cryptsetup-askpass"; + authorizedKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NLB8EHnUgl2GO2uaojdf3p3YpsHH6px6CZleif8klhLN+ro5KeFK2OXC2SO3Vo4qgF/NySdsoInV9JEsssELZ2ttVbeKxI6f76V5dZgGI7qoSf4E0TXIgpS9n9K2AEmRKr65uC2jgkSJuo/T1mF+4/Nzyo706FT/GGVoiBktgq9umbYX0vIQkTMFAcw921NwFCWFQcMYRruaH01tLu6HIAdJ9FVG8MAt84hCr4D4PobD6b029bHXTzcixsguRtl+q4fQAl3WK3HAxT+txN91CDoP2eENo3gbmdTBprD2RcB/hz5iI6IaY3p1+8fTX2ehvI3loRA8Qjr/xzkzMUlpA/8NLKbJD4YxNGgFbauEmEnlC8Evq2vMrxdDr2SjnBAUwzZ63Nq+pUoBNYG/c+h+eO/s7bjnJVe0m2/2ZqPj1jWQp4hGoNzzU1cQmy6TdEWJcg2c8ints5068HN3o0gQKkp1EseNrdB8SuG+me/c/uIOX8dPASgo3Yjv9IGLhhx8GOGQxHEQN9QFC4QyZt/rrAyGmlX342PBNYmmStgVWHiYCcMVUWGlsG0XvG6bvGgmMeHNVsDf6WdMQuLj9luvxJzrd4FlKX6O0X/sIaqMVSkhIbD2+vvKNqrii7JdUTntUPs89L5h9DoDqQWkL13Plg1iQt4/VYeKTbUhYYz1lw== revo-xut@plank" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHuSECgZffKGH56xoVzITe43IdRyYbAr3sef8TJOrGGH thomas.liske@dd-ix.net" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMbUizElFyULDlpEE9XHWWOca4ZXepS18ljh4Fj4YnJOAs7sbYzzhfMUiD703FIgK5YObzOlheu/PBbwUOStgcmPDuRalZWLr+0kCUYERfjLHkgliFx96xEFw9dluvII6JpbzFI/uvkEkQ3ESKapRcYAuBTk2sRoit8za+HX9sLmMueqNtN4H92sFYYm1wWy3FFgz/NN+uTh7F5nmA7SrSS/fpbmugcgBdR/Zy1YwSA8Rl1pagEvgN9/qAnP7pssvXr9pTCUNxVSQ7FlTUOHmxzG16RybYRikgevQaHtFYvmS7AuRvRDlQWhHt1drREGOIwwZPXD1smfQAsvP66J85j9aeanZdoBoJcvvFNer3071QGmi+5NHDSiG+YvoWt7qgiKLF4lOfByzjdoRRSg01uuhdQLOHHt0hbfyGS6hx//1MtjiXTElXvOOiUJ6AqfCSwOTK+72W6VKhKYcO11+Ngym1dyF3TtVcoEYN3JpUdbNq+qctMzXFMGovPEEMh7s= mel@umbreon" + ]; + hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ]; + }; networking = { enableIPv6 = true; From 04442a5baf88e1dab57d7cd492d5cef547da1114 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Fri, 5 Jan 2024 17:06:30 +0100 Subject: [PATCH 4/8] first only networkd --- hosts/mno001/network.nix | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/hosts/mno001/network.nix b/hosts/mno001/network.nix index 269a2f50..2d0a8bb6 100644 --- a/hosts/mno001/network.nix +++ b/hosts/mno001/network.nix @@ -3,18 +3,20 @@ let bond_name = "bond"; in { - boot.initrd.network.enable = true; - boot.initrd.network.ssh = { - enable = true; - port = 22; - shell = "/bin/cryptsetup-askpass"; - authorizedKeys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NLB8EHnUgl2GO2uaojdf3p3YpsHH6px6CZleif8klhLN+ro5KeFK2OXC2SO3Vo4qgF/NySdsoInV9JEsssELZ2ttVbeKxI6f76V5dZgGI7qoSf4E0TXIgpS9n9K2AEmRKr65uC2jgkSJuo/T1mF+4/Nzyo706FT/GGVoiBktgq9umbYX0vIQkTMFAcw921NwFCWFQcMYRruaH01tLu6HIAdJ9FVG8MAt84hCr4D4PobD6b029bHXTzcixsguRtl+q4fQAl3WK3HAxT+txN91CDoP2eENo3gbmdTBprD2RcB/hz5iI6IaY3p1+8fTX2ehvI3loRA8Qjr/xzkzMUlpA/8NLKbJD4YxNGgFbauEmEnlC8Evq2vMrxdDr2SjnBAUwzZ63Nq+pUoBNYG/c+h+eO/s7bjnJVe0m2/2ZqPj1jWQp4hGoNzzU1cQmy6TdEWJcg2c8ints5068HN3o0gQKkp1EseNrdB8SuG+me/c/uIOX8dPASgo3Yjv9IGLhhx8GOGQxHEQN9QFC4QyZt/rrAyGmlX342PBNYmmStgVWHiYCcMVUWGlsG0XvG6bvGgmMeHNVsDf6WdMQuLj9luvxJzrd4FlKX6O0X/sIaqMVSkhIbD2+vvKNqrii7JdUTntUPs89L5h9DoDqQWkL13Plg1iQt4/VYeKTbUhYYz1lw== revo-xut@plank" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHuSECgZffKGH56xoVzITe43IdRyYbAr3sef8TJOrGGH thomas.liske@dd-ix.net" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMbUizElFyULDlpEE9XHWWOca4ZXepS18ljh4Fj4YnJOAs7sbYzzhfMUiD703FIgK5YObzOlheu/PBbwUOStgcmPDuRalZWLr+0kCUYERfjLHkgliFx96xEFw9dluvII6JpbzFI/uvkEkQ3ESKapRcYAuBTk2sRoit8za+HX9sLmMueqNtN4H92sFYYm1wWy3FFgz/NN+uTh7F5nmA7SrSS/fpbmugcgBdR/Zy1YwSA8Rl1pagEvgN9/qAnP7pssvXr9pTCUNxVSQ7FlTUOHmxzG16RybYRikgevQaHtFYvmS7AuRvRDlQWhHt1drREGOIwwZPXD1smfQAsvP66J85j9aeanZdoBoJcvvFNer3071QGmi+5NHDSiG+YvoWt7qgiKLF4lOfByzjdoRRSg01uuhdQLOHHt0hbfyGS6hx//1MtjiXTElXvOOiUJ6AqfCSwOTK+72W6VKhKYcO11+Ngym1dyF3TtVcoEYN3JpUdbNq+qctMzXFMGovPEEMh7s= mel@umbreon" - ]; - hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - }; + #boot.initrd.network.enable = true; + #boot.initrd.network.postCommands = '' + # # TODO automatically import pools / prompt user and continue boot + #''; + #boot.initrd.network.ssh = { + # enable = true; + # port = 2222; + # authorizedKeys = [ + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NLB8EHnUgl2GO2uaojdf3p3YpsHH6px6CZleif8klhLN+ro5KeFK2OXC2SO3Vo4qgF/NySdsoInV9JEsssELZ2ttVbeKxI6f76V5dZgGI7qoSf4E0TXIgpS9n9K2AEmRKr65uC2jgkSJuo/T1mF+4/Nzyo706FT/GGVoiBktgq9umbYX0vIQkTMFAcw921NwFCWFQcMYRruaH01tLu6HIAdJ9FVG8MAt84hCr4D4PobD6b029bHXTzcixsguRtl+q4fQAl3WK3HAxT+txN91CDoP2eENo3gbmdTBprD2RcB/hz5iI6IaY3p1+8fTX2ehvI3loRA8Qjr/xzkzMUlpA/8NLKbJD4YxNGgFbauEmEnlC8Evq2vMrxdDr2SjnBAUwzZ63Nq+pUoBNYG/c+h+eO/s7bjnJVe0m2/2ZqPj1jWQp4hGoNzzU1cQmy6TdEWJcg2c8ints5068HN3o0gQKkp1EseNrdB8SuG+me/c/uIOX8dPASgo3Yjv9IGLhhx8GOGQxHEQN9QFC4QyZt/rrAyGmlX342PBNYmmStgVWHiYCcMVUWGlsG0XvG6bvGgmMeHNVsDf6WdMQuLj9luvxJzrd4FlKX6O0X/sIaqMVSkhIbD2+vvKNqrii7JdUTntUPs89L5h9DoDqQWkL13Plg1iQt4/VYeKTbUhYYz1lw== revo-xut@plank" + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHuSECgZffKGH56xoVzITe43IdRyYbAr3sef8TJOrGGH thomas.liske@dd-ix.net" + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMbUizElFyULDlpEE9XHWWOca4ZXepS18ljh4Fj4YnJOAs7sbYzzhfMUiD703FIgK5YObzOlheu/PBbwUOStgcmPDuRalZWLr+0kCUYERfjLHkgliFx96xEFw9dluvII6JpbzFI/uvkEkQ3ESKapRcYAuBTk2sRoit8za+HX9sLmMueqNtN4H92sFYYm1wWy3FFgz/NN+uTh7F5nmA7SrSS/fpbmugcgBdR/Zy1YwSA8Rl1pagEvgN9/qAnP7pssvXr9pTCUNxVSQ7FlTUOHmxzG16RybYRikgevQaHtFYvmS7AuRvRDlQWhHt1drREGOIwwZPXD1smfQAsvP66J85j9aeanZdoBoJcvvFNer3071QGmi+5NHDSiG+YvoWt7qgiKLF4lOfByzjdoRRSg01uuhdQLOHHt0hbfyGS6hx//1MtjiXTElXvOOiUJ6AqfCSwOTK+72W6VKhKYcO11+Ngym1dyF3TtVcoEYN3JpUdbNq+qctMzXFMGovPEEMh7s= mel@umbreon" + # ]; + # hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ]; + #}; networking = { enableIPv6 = true; From 60b38c5b423cf7eb7f68bcb6a1e010689cadbb73 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Fri, 5 Jan 2024 17:58:15 +0100 Subject: [PATCH 5/8] parameterized config --- hosts/mno001/configuration.nix | 1 + hosts/mno001/initrd_network.nix | 16 ++++++++++++ hosts/mno001/network.nix | 45 ++++++++++++--------------------- 3 files changed, 33 insertions(+), 29 deletions(-) create mode 100644 hosts/mno001/initrd_network.nix diff --git a/hosts/mno001/configuration.nix b/hosts/mno001/configuration.nix index cda32053..c8e33cb8 100644 --- a/hosts/mno001/configuration.nix +++ b/hosts/mno001/configuration.nix @@ -4,6 +4,7 @@ imports = [ ./hardware-configuration.nix ./network.nix + ./initrd_network.nix ]; # Use the systemd-boot EFI boot loader. diff --git a/hosts/mno001/initrd_network.nix b/hosts/mno001/initrd_network.nix new file mode 100644 index 00000000..38b1a7ef --- /dev/null +++ b/hosts/mno001/initrd_network.nix @@ -0,0 +1,16 @@ +{pkgs, config, ...}: { + #boot.initrd.network.enable = true; + #boot.initrd.network.postCommands = '' + # # TODO automatically import pools / prompt user and continue boot + #''; + #boot.initrd.network.ssh = { + # enable = true; + # port = 2222; + # authorizedKeys = [ + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NLB8EHnUgl2GO2uaojdf3p3YpsHH6px6CZleif8klhLN+ro5KeFK2OXC2SO3Vo4qgF/NySdsoInV9JEsssELZ2ttVbeKxI6f76V5dZgGI7qoSf4E0TXIgpS9n9K2AEmRKr65uC2jgkSJuo/T1mF+4/Nzyo706FT/GGVoiBktgq9umbYX0vIQkTMFAcw921NwFCWFQcMYRruaH01tLu6HIAdJ9FVG8MAt84hCr4D4PobD6b029bHXTzcixsguRtl+q4fQAl3WK3HAxT+txN91CDoP2eENo3gbmdTBprD2RcB/hz5iI6IaY3p1+8fTX2ehvI3loRA8Qjr/xzkzMUlpA/8NLKbJD4YxNGgFbauEmEnlC8Evq2vMrxdDr2SjnBAUwzZ63Nq+pUoBNYG/c+h+eO/s7bjnJVe0m2/2ZqPj1jWQp4hGoNzzU1cQmy6TdEWJcg2c8ints5068HN3o0gQKkp1EseNrdB8SuG+me/c/uIOX8dPASgo3Yjv9IGLhhx8GOGQxHEQN9QFC4QyZt/rrAyGmlX342PBNYmmStgVWHiYCcMVUWGlsG0XvG6bvGgmMeHNVsDf6WdMQuLj9luvxJzrd4FlKX6O0X/sIaqMVSkhIbD2+vvKNqrii7JdUTntUPs89L5h9DoDqQWkL13Plg1iQt4/VYeKTbUhYYz1lw== revo-xut@plank" + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHuSECgZffKGH56xoVzITe43IdRyYbAr3sef8TJOrGGH thomas.liske@dd-ix.net" + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMbUizElFyULDlpEE9XHWWOca4ZXepS18ljh4Fj4YnJOAs7sbYzzhfMUiD703FIgK5YObzOlheu/PBbwUOStgcmPDuRalZWLr+0kCUYERfjLHkgliFx96xEFw9dluvII6JpbzFI/uvkEkQ3ESKapRcYAuBTk2sRoit8za+HX9sLmMueqNtN4H92sFYYm1wWy3FFgz/NN+uTh7F5nmA7SrSS/fpbmugcgBdR/Zy1YwSA8Rl1pagEvgN9/qAnP7pssvXr9pTCUNxVSQ7FlTUOHmxzG16RybYRikgevQaHtFYvmS7AuRvRDlQWhHt1drREGOIwwZPXD1smfQAsvP66J85j9aeanZdoBoJcvvFNer3071QGmi+5NHDSiG+YvoWt7qgiKLF4lOfByzjdoRRSg01uuhdQLOHHt0hbfyGS6hx//1MtjiXTElXvOOiUJ6AqfCSwOTK+72W6VKhKYcO11+Ngym1dyF3TtVcoEYN3JpUdbNq+qctMzXFMGovPEEMh7s= mel@umbreon" + # ]; + # hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ]; + #}; +} diff --git a/hosts/mno001/network.nix b/hosts/mno001/network.nix index 2d0a8bb6..956cf4cd 100644 --- a/hosts/mno001/network.nix +++ b/hosts/mno001/network.nix @@ -1,24 +1,11 @@ { pkgs, ... }: let - bond_name = "bond"; + bond_device_name = "bond"; # name of the bond interface + first_device_name = "enp144s0"; # first port that should be part of the LAG + second_device_name = "enp1440d1"; # second port that should be part of the LAG in { - #boot.initrd.network.enable = true; - #boot.initrd.network.postCommands = '' - # # TODO automatically import pools / prompt user and continue boot - #''; - #boot.initrd.network.ssh = { - # enable = true; - # port = 2222; - # authorizedKeys = [ - # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NLB8EHnUgl2GO2uaojdf3p3YpsHH6px6CZleif8klhLN+ro5KeFK2OXC2SO3Vo4qgF/NySdsoInV9JEsssELZ2ttVbeKxI6f76V5dZgGI7qoSf4E0TXIgpS9n9K2AEmRKr65uC2jgkSJuo/T1mF+4/Nzyo706FT/GGVoiBktgq9umbYX0vIQkTMFAcw921NwFCWFQcMYRruaH01tLu6HIAdJ9FVG8MAt84hCr4D4PobD6b029bHXTzcixsguRtl+q4fQAl3WK3HAxT+txN91CDoP2eENo3gbmdTBprD2RcB/hz5iI6IaY3p1+8fTX2ehvI3loRA8Qjr/xzkzMUlpA/8NLKbJD4YxNGgFbauEmEnlC8Evq2vMrxdDr2SjnBAUwzZ63Nq+pUoBNYG/c+h+eO/s7bjnJVe0m2/2ZqPj1jWQp4hGoNzzU1cQmy6TdEWJcg2c8ints5068HN3o0gQKkp1EseNrdB8SuG+me/c/uIOX8dPASgo3Yjv9IGLhhx8GOGQxHEQN9QFC4QyZt/rrAyGmlX342PBNYmmStgVWHiYCcMVUWGlsG0XvG6bvGgmMeHNVsDf6WdMQuLj9luvxJzrd4FlKX6O0X/sIaqMVSkhIbD2+vvKNqrii7JdUTntUPs89L5h9DoDqQWkL13Plg1iQt4/VYeKTbUhYYz1lw== revo-xut@plank" - # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHuSECgZffKGH56xoVzITe43IdRyYbAr3sef8TJOrGGH thomas.liske@dd-ix.net" - # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMbUizElFyULDlpEE9XHWWOca4ZXepS18ljh4Fj4YnJOAs7sbYzzhfMUiD703FIgK5YObzOlheu/PBbwUOStgcmPDuRalZWLr+0kCUYERfjLHkgliFx96xEFw9dluvII6JpbzFI/uvkEkQ3ESKapRcYAuBTk2sRoit8za+HX9sLmMueqNtN4H92sFYYm1wWy3FFgz/NN+uTh7F5nmA7SrSS/fpbmugcgBdR/Zy1YwSA8Rl1pagEvgN9/qAnP7pssvXr9pTCUNxVSQ7FlTUOHmxzG16RybYRikgevQaHtFYvmS7AuRvRDlQWhHt1drREGOIwwZPXD1smfQAsvP66J85j9aeanZdoBoJcvvFNer3071QGmi+5NHDSiG+YvoWt7qgiKLF4lOfByzjdoRRSg01uuhdQLOHHt0hbfyGS6hx//1MtjiXTElXvOOiUJ6AqfCSwOTK+72W6VKhKYcO11+Ngym1dyF3TtVcoEYN3JpUdbNq+qctMzXFMGovPEEMh7s= mel@umbreon" - # ]; - # hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - #}; - - networking = { + networking = { enableIPv6 = true; useDHCP = false; @@ -41,9 +28,9 @@ in systemd.network = { enable = true; - netdevs."10-${bond_name}" = { + netdevs."10-${bond_device_name}" = { netDevConfig = { - Name = "${bond_name}"; + Name = "${bond_device_name}"; Kind = "bond"; }; bondConfig = { @@ -53,8 +40,8 @@ in }; }; - networks."10-${bond_name}" = { - matchConfig.Name = "${bond_name}"; + networks."10-${bond_device_name}" = { + matchConfig.Name = "${bond_device_name}"; address = [ "212.111.245.178/29" ]; routes = [ @@ -64,22 +51,22 @@ in ]; networkConfig = { - BindCarrier = [ "eno2" "eno3" ]; + BindCarrier = [ "${first_device_name}" "${second_device_name}" ]; DHCP = "no"; }; }; - networks."10-eno2-${bond_name}" = { - matchConfig.Name = "eno2"; + networks."10-${first_device_name}-${bond_device_name}" = { + matchConfig.Name = "${first_device_name}"; networkConfig = { - Bond = "${bond_name}"; # Enslaving to bond + Bond = "${bond_device_name}"; # Enslaving to bond }; }; - networks."10-eno3-${bond_name}" = { - matchConfig.Name = "eno3"; + networks."10-${second_device_name}-${bond_device_name}" = { + matchConfig.Name = "${second_device_name}"; networkConfig = { - Bond = "${bond_name}"; # Enslaving to bond + Bond = "${bond_device_name}"; # Enslaving to bond }; }; @@ -88,7 +75,7 @@ in # enabling and configuring firewall networking.firewall = { enable = true; - allowedTCPPorts = [ 80 22 443 ]; + allowedTCPPorts = [ 80 22 443 2222 ]; allowedUDPPorts = [ ]; }; } From 6a76da12eedb6e1d6fcaf884133b4376eafd3e5b Mon Sep 17 00:00:00 2001 From: revol-xut Date: Fri, 5 Jan 2024 18:13:10 +0100 Subject: [PATCH 6/8] using vlan flag for networks --- hosts/mno001/network.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/hosts/mno001/network.nix b/hosts/mno001/network.nix index 956cf4cd..78e07f83 100644 --- a/hosts/mno001/network.nix +++ b/hosts/mno001/network.nix @@ -2,7 +2,7 @@ let bond_device_name = "bond"; # name of the bond interface first_device_name = "enp144s0"; # first port that should be part of the LAG - second_device_name = "enp1440d1"; # second port that should be part of the LAG + second_device_name = "enp144s0d1"; # second port that should be part of the LAG in { networking = { @@ -40,6 +40,16 @@ in }; }; + #netdevs."20-${bond_device_name}-vlan" = { + # netDevConfig = { + # Name = "${bond_device_name}-vlan"; + # Kind = "vlan"; + # }; + # vlanConfig = { + # Id = 100; + # }; + #}; + networks."10-${bond_device_name}" = { matchConfig.Name = "${bond_device_name}"; @@ -50,6 +60,8 @@ in } ]; + vlan = [ 100 ]; + networkConfig = { BindCarrier = [ "${first_device_name}" "${second_device_name}" ]; DHCP = "no"; From 671cdbd99584260d69b3dd54f4f13d2acfdf68cf Mon Sep 17 00:00:00 2001 From: revol-xut Date: Fri, 5 Jan 2024 20:35:00 +0100 Subject: [PATCH 7/8] deployed network config --- hosts/mno001/network.nix | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/hosts/mno001/network.nix b/hosts/mno001/network.nix index 78e07f83..216e1800 100644 --- a/hosts/mno001/network.nix +++ b/hosts/mno001/network.nix @@ -29,7 +29,7 @@ in enable = true; netdevs."10-${bond_device_name}" = { - netDevConfig = { + netdevConfig = { Name = "${bond_device_name}"; Kind = "bond"; }; @@ -40,30 +40,39 @@ in }; }; - #netdevs."20-${bond_device_name}-vlan" = { - # netDevConfig = { - # Name = "${bond_device_name}-vlan"; - # Kind = "vlan"; - # }; - # vlanConfig = { - # Id = 100; - # }; - #}; + netdevs."20-uplink" = { + netdevConfig = { + Name = "uplink"; + Kind = "vlan"; + }; + vlanConfig = { + Id = 100; + }; + }; networks."10-${bond_device_name}" = { matchConfig.Name = "${bond_device_name}"; + vlan = [ "uplink" ]; + + networkConfig = { + DHCP = "no"; + }; + }; + + networks."10-uplink" = { + matchConfig.Name = "uplink"; + address = [ "212.111.245.178/29" ]; routes = [ { - routeConfig.Gateway = "212.111.245.177"; + routeConfig.Gateway = "212.111.245.176"; } ]; - vlan = [ 100 ]; + vlan = [ "uplink" ]; networkConfig = { - BindCarrier = [ "${first_device_name}" "${second_device_name}" ]; DHCP = "no"; }; }; @@ -81,7 +90,6 @@ in Bond = "${bond_device_name}"; # Enslaving to bond }; }; - }; # enabling and configuring firewall From d02dbc738773ee78f71df336b649fd50942dffaa Mon Sep 17 00:00:00 2001 From: revol-xut Date: Fri, 5 Jan 2024 20:41:52 +0100 Subject: [PATCH 8/8] nixpkgs format --- hosts/mno001/initrd_network.nix | 2 +- hosts/mno001/network.nix | 2 +- modules/management/website.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/mno001/initrd_network.nix b/hosts/mno001/initrd_network.nix index 38b1a7ef..eda9b1b5 100644 --- a/hosts/mno001/initrd_network.nix +++ b/hosts/mno001/initrd_network.nix @@ -1,4 +1,4 @@ -{pkgs, config, ...}: { +{ pkgs, config, ... }: { #boot.initrd.network.enable = true; #boot.initrd.network.postCommands = '' # # TODO automatically import pools / prompt user and continue boot diff --git a/hosts/mno001/network.nix b/hosts/mno001/network.nix index 216e1800..a64434b5 100644 --- a/hosts/mno001/network.nix +++ b/hosts/mno001/network.nix @@ -5,7 +5,7 @@ let second_device_name = "enp144s0d1"; # second port that should be part of the LAG in { - networking = { + networking = { enableIPv6 = true; useDHCP = false; diff --git a/modules/management/website.nix b/modules/management/website.nix index 1d7d1022..b7995d3f 100644 --- a/modules/management/website.nix +++ b/modules/management/website.nix @@ -2,7 +2,7 @@ sops.secrets.listmonk_admin.owner = config.dd-ix.foundation.user; services.nginx = { - enable = true; + enable = true; virtualHosts = { "www.${config.deployment-dd-ix.domain}" = { enableACME = true;