{
pkgs,
...
}:
{
imports = [ ];
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = "1";
"net.ipv6.conf.all.forwarding" = "1";
};
networking.useDHCP = false;
networking.nftables.enable = true;
systemd.network = {
enable = true;
networks = {
"10-ethUpstream" = {
matchConfig.MACAddress = "BC:24:11:D2:69:8D";
address = [ "10.31.245.2/24" ];
gateway = [ "10.31.245.1" ];
};
"10-ethMgmt" = {
matchConfig.MACAddress = "BC:24:11:A3:38:4E";
address = [ "10.20.25.2/24" ];
};
};
};
networking.nat = {
enable = true;
externalInterface = "ens18";
internalIPs = [ "10.20.25.0/24" ];
};
services.kea.dhcp4 = {
enable = true;
settings = {
interfaces-config = {
interfaces = [
"ens19"
];
};
lease-database = {
name = "/var/lib/kea/dhcp4.leases";
persist = true;
type = "memfile";
};
rebind-timer = 2000;
renew-timer = 1000;
valid-lifetime = 4000;
authoritative = true;
option-data = [
{
name = "domain-name-servers";
data = "9.9.9.9";
}
{
name = "routers";
data = "10.20.25.2";
}
];
shared-networks = [
{
name = "mgmtNet";
interface = "ens19";
subnet4 = [
{
id = 300;
subnet = "10.20.25.0/24";
pools = [ { pool = "10.20.25.100 - 10.20.25.254"; } ];
reservations = [
{
hw-address = "bc:24:11:c1:8a:a4";
ip-address = "10.20.25.3";
}
];
}
];
}
];
};
};
# DO NOT CHANGE
# this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
home-manager.users.noc.home.stateVersion = "24.11";
system.stateVersion = "24.11";
}