From 95a89d01a5c3afd9856b4b5c600f904e0f2912ee Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Tue, 18 Feb 2025 22:44:53 +0100
Subject: [PATCH] define sketchy-router

---
 systems/default.nix                        |  3 ++
 systems/sketchy-router.noc.eh22.intern.nix | 34 ++++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 systems/sketchy-router.noc.eh22.intern.nix

diff --git a/systems/default.nix b/systems/default.nix
index d1780bd..161bbda 100644
--- a/systems/default.nix
+++ b/systems/default.nix
@@ -40,6 +40,9 @@ in
   # prod hosts
   "auth-dns.noc.eh22.intern" = mkSystem "x86_64-linux" "auth-dns.noc.eh22.intern";
 
+  # staging temp infra
+  "sketchy-router.noc.eh22.intern" = mkSystem "x86_64-linux" "sketchy-router.noc.eh22.intern";
+
   # misc hosts
   "test.eh22.intern" = mkSystem "x86_64-linux" "test.eh22.intern";
   "installer" = mkSystem "x86_64-linux" "installer";
diff --git a/systems/sketchy-router.noc.eh22.intern.nix b/systems/sketchy-router.noc.eh22.intern.nix
new file mode 100644
index 0000000..96bfeaa
--- /dev/null
+++ b/systems/sketchy-router.noc.eh22.intern.nix
@@ -0,0 +1,34 @@
+{
+  pkgs,
+  ...
+}:
+{
+  imports = [ ];
+
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = "1";
+    "net.ipv6.conf.all.forwarding" = "1";
+  };
+
+  networking.useDHCP = false;
+  networking.nftables.enable = true;
+  systemd.network = {
+    enable = true;
+    networks = {
+      "10-ethUpstream" = {
+        matchConfig.MACAddress = "BC:24:11:D2:69:8D";
+        address = [ "10.31.245.2/24" ];
+        gateway = [ "10.31.245.1" ];
+      };
+      "10-ethMgmt" = {
+        matchConfig.MACAddress = "BC:24:11:A3:38:4E";
+        address = [ "10.20.24.1/24" ];
+      };
+    };
+  };
+
+  # DO NOT CHANGE
+  # this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
+  home-manager.users.noc.home.stateVersion = "24.11";
+  system.stateVersion = "24.11";
+}