133 lines
3 KiB
Nix
133 lines
3 KiB
Nix
{
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
renameLink = macAddr: newName: {
|
|
matchConfig = {
|
|
MACAddress = macAddr;
|
|
Type = "ether";
|
|
};
|
|
linkConfig = {
|
|
Name = newName;
|
|
};
|
|
};
|
|
in
|
|
{
|
|
imports = [ ];
|
|
|
|
boot.kernel.sysctl = {
|
|
"net.ipv4.ip_forward" = "1";
|
|
"net.ipv6.conf.all.forwarding" = "1";
|
|
};
|
|
|
|
networking.useDHCP = false;
|
|
networking.nftables.enable = true;
|
|
systemd.network = {
|
|
enable = true;
|
|
links = {
|
|
"10-ethUpstream" = renameLink "BC:24:11:D2:69:8D" "ethUpstream";
|
|
"10-ethMgmt" = renameLink "BC:24:11:A3:38:4E" "ethMgmt";
|
|
"10-ethPubUser" = renameLink "BC:24:11:8F:B3:83" "ethPubUsr";
|
|
};
|
|
networks = {
|
|
"10-ethUpstream" = {
|
|
matchConfig.Name = "ethUpstream";
|
|
address = [ "10.31.245.2/24" ];
|
|
gateway = [ "10.31.245.1" ];
|
|
};
|
|
"10-ethMgmt" = {
|
|
matchConfig.Name = "ethMgmt";
|
|
address = [ "10.20.25.2/24" ];
|
|
};
|
|
"10-ethPubUsr" = {
|
|
matchConfig.Name = "ethPubUsr";
|
|
address = [ "10.0.0.1/24" ];
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.nat = {
|
|
enable = true;
|
|
externalInterface = "ethUpstream";
|
|
internalIPs = [
|
|
"10.20.25.0/24"
|
|
"10.0.0.0/24"
|
|
];
|
|
};
|
|
|
|
services.kea.dhcp4 = {
|
|
enable = true;
|
|
settings = {
|
|
interfaces-config = {
|
|
interfaces = [
|
|
"ethMgmt"
|
|
"ethPubUsr"
|
|
];
|
|
};
|
|
lease-database = {
|
|
name = "/var/lib/kea/dhcp4.leases";
|
|
persist = true;
|
|
type = "memfile";
|
|
};
|
|
rebind-timer = 2000;
|
|
renew-timer = 1000;
|
|
valid-lifetime = 4000;
|
|
authoritative = true;
|
|
shared-networks = [
|
|
{
|
|
name = "mgmtNet";
|
|
interface = "ethMgmt";
|
|
option-data = [
|
|
{
|
|
name = "domain-name-servers";
|
|
data = "10.20.25.5";
|
|
}
|
|
{
|
|
name = "domain-search";
|
|
data = "noc.eh22.intern.";
|
|
}
|
|
{
|
|
name = "routers";
|
|
data = "10.20.25.2";
|
|
}
|
|
];
|
|
subnet4 = [
|
|
{
|
|
id = 300;
|
|
subnet = "10.20.25.0/24";
|
|
pools = [ { pool = "10.20.25.100 - 10.20.25.254"; } ];
|
|
}
|
|
];
|
|
}
|
|
|
|
{
|
|
name = "tempPublicUser";
|
|
interface = "ethPubUsr";
|
|
option-data = [
|
|
{
|
|
name = "routers";
|
|
data = "10.0.0.1";
|
|
}
|
|
{
|
|
name = "domain-name-servers";
|
|
data = "10.0.0.2";
|
|
}
|
|
];
|
|
subnet4 = [
|
|
{
|
|
id = 999;
|
|
subnet = "10.0.0.0/24";
|
|
pools = [ { pool = "10.0.0.100 - 10.0.0.254"; } ];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
# DO NOT CHANGE
|
|
# this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
|
|
home-manager.users.noc.home.stateVersion = "24.11";
|
|
system.stateVersion = "24.11";
|
|
}
|