bind network interfaces II
This commit is contained in:
@@ -2,3 +2,4 @@ vars.nix
|
||||
ssh
|
||||
hardware-configuration.nix
|
||||
tmp
|
||||
result
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
{ pkgs, ... }: {
|
||||
boot.kernelModules = [ "bonding" ];
|
||||
|
||||
networking.bonds.bond0 = {
|
||||
interfaces = [ "enp1s0" "enp2s0" ];
|
||||
driverOptions = {
|
||||
mode = "802.3ad";
|
||||
miimon = "100";
|
||||
lacp_rate = "fast";
|
||||
xmit_hash_policy = "layer3+4";
|
||||
};
|
||||
};
|
||||
|
||||
networking.interfaces.enp1s0.useDHCP = false;
|
||||
networking.interfaces.enp2s0.useDHCP = false;
|
||||
networking.interfaces.bond0.useDHCP = true;
|
||||
}
|
||||
|
||||
@@ -47,40 +47,6 @@
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = config.vars.hostname;
|
||||
hostId = config.vars.hostid;
|
||||
|
||||
# Enable IPv6 Stack
|
||||
enableIPv6 = true;
|
||||
|
||||
interfaces = let
|
||||
primaryInterface = lib.head config.vars.interfaces;
|
||||
secondaryInterfaces = lib.tail config.vars.interfaces;
|
||||
in
|
||||
lib.foldr (name: acc: acc // {
|
||||
# Secondary interfaces can keep using DHCP
|
||||
${name}.useDHCP = true;
|
||||
}) (
|
||||
{ ${primaryInterface} = {
|
||||
# PRIMARY INTERFACE: STATIC IPV4 ONLY
|
||||
ipv4.addresses = [{
|
||||
address = config.vars.local_ip;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
|
||||
};
|
||||
}
|
||||
) secondaryInterfaces;
|
||||
|
||||
defaultGateway = {
|
||||
address = "192.168.178.1";
|
||||
interface = lib.head config.vars.interfaces;
|
||||
};
|
||||
nameservers = [ "192.168.178.10" "9.9.9.9" ];
|
||||
};
|
||||
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{ pkgs, ... }: {
|
||||
systemd.services.force-gigabit-speed = {
|
||||
description = "Force 1Gbps link speed on enp1s0";
|
||||
# This service should run before the network is considered "up"
|
||||
wantedBy = [ "network-pre.target" ];
|
||||
before = [ "network-pre.target" ];
|
||||
|
||||
# The command to execute
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.ethtool}/bin/ethtool -s enp1s0 speed 1000 duplex full autoneg on";
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -0,0 +1,57 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
# Filter interfaces that have a specific speed set
|
||||
speedInterfaces = lib.filter (i: i.speed != null) config.vars.interfaces;
|
||||
|
||||
# Find the interface designated as the "primary" (first one with an IP) for the gateway
|
||||
# If none have IPs, we just pick the first interface in the list
|
||||
primaryInterface = lib.findFirst (i: i.ip != null) (lib.head config.vars.interfaces) config.vars.interfaces;
|
||||
|
||||
in
|
||||
{
|
||||
networking.hostName = config.vars.hostname;
|
||||
networking.hostId = config.vars.hostid;
|
||||
|
||||
# Global DNS settings
|
||||
networking.nameservers = [ "192.168.178.10" "9.9.9.9" ];
|
||||
|
||||
# Default Gateway
|
||||
networking.defaultGateway = {
|
||||
address = "192.168.178.1";
|
||||
# interface = primaryInterface.name;
|
||||
interface = "bond0";
|
||||
};
|
||||
|
||||
# 1. Generate Static IP Configurations
|
||||
networking.interfaces = lib.listToAttrs (map (iface: {
|
||||
name = iface.name;
|
||||
value = {
|
||||
# If an IP is provided, use it. Otherwise empty list.
|
||||
ipv4.addresses = if iface.ip != null then [{
|
||||
address = iface.ip;
|
||||
prefixLength = iface.prefixLength;
|
||||
}] else [];
|
||||
|
||||
# Logic: If we have a static IP, disable DHCP. If no IP, enable DHCP.
|
||||
useDHCP = (iface.ip == null);
|
||||
};
|
||||
}) config.vars.interfaces);
|
||||
|
||||
|
||||
# 2. Systemd Service for Link Speed
|
||||
systemd.services.force-interface-speeds = lib.mkIf (speedInterfaces != []) {
|
||||
description = "Force link speed on configured interfaces";
|
||||
wantedBy = [ "network-pre.target" ];
|
||||
before = [ "network-pre.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = pkgs.writeShellScript "force-interface-speeds" (
|
||||
lib.concatMapStringsSep "\n" (iface: ''
|
||||
${pkgs.ethtool}/bin/ethtool -s ${iface.name} speed ${toString iface.speed} duplex full autoneg on
|
||||
${pkgs.ethtool}/bin/ethtool --set-eee ${iface.name} eee off || true
|
||||
'') speedInterfaces
|
||||
);
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -0,0 +1,35 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
boot.kernelModules = [ "bonding" ];
|
||||
|
||||
networking.bonds.bond0 = {
|
||||
interfaces = map (i: i.name) config.vars.interfaces;
|
||||
driverOptions = {
|
||||
mode = "802.3ad";
|
||||
miimon = "100";
|
||||
lacp_rate = "fast";
|
||||
xmit_hash_policy = "layer2+3";
|
||||
};
|
||||
};
|
||||
|
||||
# 1. Generate the physical interfaces config (slaves)
|
||||
# 2. Merge it with the bond0 config
|
||||
networking.interfaces = lib.listToAttrs (map (iface: {
|
||||
name = iface.name;
|
||||
value = {
|
||||
useDHCP = lib.mkForce false;
|
||||
ipv4.addresses = lib.mkForce [];
|
||||
};
|
||||
}) config.vars.interfaces) // {
|
||||
|
||||
# Bond Interface Configuration
|
||||
bond0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [{
|
||||
address = "192.168.178.8";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
};
|
||||
}
|
||||
+33
-2
@@ -1,9 +1,40 @@
|
||||
{ lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
interfaceSubmodule = types.submodule {
|
||||
options = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
description = "Name of the network interface (e.g., enp1s0)";
|
||||
};
|
||||
ip = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = "Static IP address (optional). If null, no static IP is assigned.";
|
||||
};
|
||||
speed = mkOption {
|
||||
type = types.nullOr types.int;
|
||||
default = null;
|
||||
description = "Link speed in Mbps (optional). If null, auto-negotiation is used.";
|
||||
};
|
||||
prefixLength = mkOption {
|
||||
type = types.int;
|
||||
default = 24;
|
||||
description = "Subnet prefix length (default 24).";
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options.vars = {
|
||||
|
||||
# WIREGUARD
|
||||
wg_interface = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
wg_local_ip = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
wg_adress = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
@@ -46,9 +77,9 @@ with lib;
|
||||
type = types.str;
|
||||
};
|
||||
interfaces = mkOption {
|
||||
type = types.listOf types.str;
|
||||
type = types.listOf interfaceSubmodule;
|
||||
default = [];
|
||||
};
|
||||
|
||||
# KEEPALIVED
|
||||
ka_addr_v4 = mkOption {
|
||||
type = types.str;
|
||||
|
||||
+4
-4
@@ -1,8 +1,8 @@
|
||||
{ config, lib, pkgs, ... }: {
|
||||
|
||||
networking.nat.enable = true;
|
||||
networking.nat.externalInterface = lib.head config.vars.interfaces;
|
||||
networking.nat.internalInterfaces = [ "wg0" ] ++ config.vars.interfaces;
|
||||
networking.nat.externalInterface = (lib.head config.vars.interfaces).name;
|
||||
networking.nat.internalInterfaces = [ "wg0" ] ++ (map (i: i.name) config.vars.interfaces);
|
||||
|
||||
networking.wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
@@ -11,10 +11,10 @@
|
||||
autostart = true;
|
||||
postUp = ''
|
||||
${pkgs.procps}/bin/sysctl -w net.ipv4.conf.wg0.rp_filter=2
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wg0 -d ${config.vars.wg_range} -j SNAT --to-source ${config.vars.local_ip}
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wg0 -d ${config.vars.wg_range} -j SNAT --to-source ${config.vars.wg_local_ip}
|
||||
'';
|
||||
postDown = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o wg0 -d ${config.vars.wg_range} -j SNAT --to-source ${config.vars.local_ip}
|
||||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o wg0 -d ${config.vars.wg_range} -j SNAT --to-source ${config.vars.wg_local_ip}
|
||||
'';
|
||||
privateKey = config.vars.wg_privateKey;
|
||||
peers = [{
|
||||
|
||||
Reference in New Issue
Block a user