nixos-servers/nixos/modules/networking/default.nix

93 lines
2.2 KiB
Nix
Raw Normal View History

{ lib, config, ... }:
let cfg = config.lab.networking;
in {
2024-01-07 22:06:27 +00:00
imports = [ ./dmz ];
options.lab.networking = {
allowDMZConnectivity = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to create a networking interface on the DMZ bridge.
'';
};
staticDMZIpv4Address = lib.mkOption {
default = "";
type = lib.types.str;
description = ''
Assign a static IPv4 on the DMZ interface.
'';
};
2023-12-30 14:20:16 +00:00
};
config = {
networking = {
domain = "hyp";
# TODO: Enabling the firewall makes connectivity of LAN -> DMZ impossible...
firewall.enable = false;
useDHCP = false;
};
systemd.network = {
enable = true;
2023-12-30 14:20:16 +00:00
netdevs = {
"20-vlandmz" = {
vlanConfig.Id = 30;
2023-12-30 14:20:16 +00:00
netdevConfig = {
Kind = "vlan";
Name = "vlandmz";
};
2023-12-30 14:20:16 +00:00
};
"20-bridgedmz" = {
netdevConfig = {
Kind = "bridge";
Name = "bridgedmz";
# TODO: This does not seem to work? Unsure what the problem is.
# We don't necessary need this though: we simply use DNS as the host.
# MACAddress = lib.mkIf cfg.allowDMZConnectivity "CA:FE:C0:FF:EE:0A";
# MACAddress = "ca:fe:c0:ff:ee:0a";
};
2023-12-30 14:20:16 +00:00
};
};
networks = {
"30-main-nic" = {
matchConfig.Name = "en*";
vlan = [ "vlandmz" ];
2023-12-30 14:20:16 +00:00
networkConfig = {
DHCP = "yes";
};
2023-12-30 14:20:16 +00:00
};
"40-vlandmz" = {
matchConfig.Name = "vlandmz";
linkConfig.RequiredForOnline = "enslaved";
2023-12-30 14:20:16 +00:00
networkConfig = {
IPv6AcceptRA = false;
LinkLocalAddressing = "no";
Bridge = "bridgedmz";
};
2023-12-30 14:20:16 +00:00
};
"40-bridgedmz" = {
matchConfig.Name = "bridgedmz";
linkConfig.RequiredForOnline = "carrier";
2023-12-30 14:20:16 +00:00
networkConfig = {
IPv6AcceptRA = false;
LinkLocalAddressing = "no";
DHCP = lib.mkIf cfg.allowDMZConnectivity "yes";
Address = lib.mkIf (cfg.staticDMZIpv4Address != "") cfg.staticDMZIpv4Address;
};
2023-12-30 14:20:16 +00:00
};
};
};
};
}