{ pkgs, ... }: let renameLink = macAddr: newName: { matchConfig = { MACAddress = macAddr; Type = "ether"; }; linkConfig = { Name = newName; }; }; in { imports = [ ]; boot.kernel.sysctl = { "net.ipv4.ip_forward" = "1"; "net.ipv6.conf.all.forwarding" = "1"; }; networking.nftables.enable = true; systemd.network = { enable = true; links = { "10-ethUpstream" = renameLink "BC:24:11:D2:69:8D" "ethUpstream"; "10-ethMgmt" = renameLink "BC:24:11:A3:38:4E" "ethMgmt"; "10-ethPubUser" = renameLink "BC:24:11:8F:B3:83" "ethPubUsr"; }; networks = { "10-ethUpstream" = { matchConfig.Name = "ethUpstream"; address = [ "10.31.245.2/24" ]; gateway = [ "10.31.245.1" ]; }; "10-ethMgmt" = { matchConfig.Name = "ethMgmt"; address = [ "94.45.255.2/24" ]; }; "10-ethPubUsr" = { matchConfig.Name = "ethPubUsr"; address = [ "94.45.248.254/24" "94.45.224.1/20" # wifi "94.45.240.1/21" # wired "94.45.254.1/24" # public services subnet ]; # TODO: Add jool routes }; }; }; networking.nat = { enable = true; externalInterface = "ethUpstream"; internalIPs = [ "94.45.224.0/19" # cccv event space, TODO: remove once we are at the event ]; }; services.kea.dhcp4 = { enable = true; settings = { interfaces-config = { interfaces = [ "ethMgmt" "ethPubUsr" ]; }; lease-database = { name = "/var/lib/kea/dhcp4.leases"; persist = true; type = "memfile"; }; rebind-timer = 2000; renew-timer = 1000; valid-lifetime = 4000; authoritative = true; option-data = [ { name = "domain-name-servers"; data = "94.45.254.2"; } { name = "cookie-servers"; data = "94.45.254.3"; always-send = true; } ]; shared-networks = [ { # management network name = "mgmtNet"; interface = "ethMgmt"; option-data = [ { name = "domain-search"; data = "noc.eh22.intern."; } { name = "routers"; data = "94.45.255.2"; } ]; subnet4 = [ { id = 255; subnet = "94.45.255.0/24"; pools = [ { pool = "94.45.255.200 - 94.45.255.254"; } ]; reservations = [ { # auth-dns hw-address = "BC:24:11:C1:8A:A4"; ip-address = "94.45.255.3"; } { # monitoring hw-address = "BC:24:11:FC:C2:26"; ip-address = "94.45.255.4"; } ]; } ]; } { # public network name = "public"; interface = "ethPubUsr"; subnet4 = [ { # public services id = 254; subnet = "94.45.254.0/24"; pools = [ ]; option-data = [ { name = "routers"; data = "94.45.254.1"; } ]; reservations = [ { # resolv-dns hw-address = "BC:24:11:AD:52:B1"; ip-address = "94.45.254.2"; } { # cookies hw-address = "BC:24:11:41:E1:61"; ip-address = "94.45.254.3"; } { # nat64 hw-address = "BC:24:11:21:7F:AF"; ip-address = "94.45.254.4"; } ]; } { # wifi id = 224; subnet = "94.45.224.0/20"; pools = [ { pool = "94.45.224.10 - 94.45.239.254"; } ]; option-data = [ { name = "routers"; data = "94.45.224.1"; } ]; } { # wired id = 240; subnet = "94.45.240.0/21"; pools = [ { pool = "94.45.240.10 - 94.45.240.254"; } ]; option-data = [ { name = "routers"; data = "94.45.240.1"; } ]; } ]; } ]; }; }; # DO NOT CHANGE # this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible home-manager.users.noc.home.stateVersion = "24.11"; system.stateVersion = "24.11"; }