qo.is/infrastructure
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Activity Actions
infrastructure/nixos-configurations/cyprianspitz/networking.nix
Fabian Hauser 0ec9c63058
All checks were successful
CI / build (push) Successful in 2m52s
Details
Make cyprianspitz ip static
2024-12-11 15:25:47 +02:00

80 lines
2 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
let
meta = config.qois.meta;
getNetV4Ip = net: {
address = net.hosts.cyprianspitz.v4.ip;
prefixLength = net.v4.prefixLength;
};
in
{
networking.hostName = meta.hosts.cyprianspitz.hostName;
networking.useDHCP = false;
networking.interfaces.enp0s31f6.ipv4.addresses = [
(getNetV4Ip meta.network.physical.plessur-lan)
];
networking.interfaces.enp2s0.useDHCP = true;
# Virtualization
networking.interfaces.vms-nat.useDHCP = false;
networking.interfaces.vms-nat.ipv4.addresses = [
(getNetV4Ip meta.network.virtual.cyprianspitz-vms-nat)
];
networking.bridges.vms-nat.interfaces = [ ];
networking.nat = {
enable = true;
internalInterfaces = [ "vms-nat" ];
internalIPs = with meta.network.virtual.cyprianspitz-vms-nat.v4; [
"${id}/${builtins.toString prefixLength}"
];
externalInterface = "enp0s31f6";
};
services.dnsmasq =
let
netConfig = meta.network.virtual.cyprianspitz-vms-nat;
in
{
enable = true;
resolveLocalQueries = true;
settings = {
interface = "vms-nat";
bind-interfaces = true;
domain-needed = true;
domain = netConfig.domain;
dhcp-range = [ "10.248.0.2,10.248.0.253" ];
dhcp-option = [
"option:router,${netConfig.hosts.cyprianspitz.v4.ip}"
"option:domain-search,${netConfig.domain}"
];
dhcp-authoritative = true;
};
};
systemd.services.dnsmasq.bindsTo = [ "network-addresses-vms-nat.service" ];
networking.firewall.interfaces.vms-nat = {
allowedUDPPorts = [
53
67
];
allowedTCPPorts = [ 53 ];
};
# Boot
boot.initrd.network.udhcpc.enable = true;
services.qois.luks-ssh = {
enable = true;
interface = "eth0";
sshPort = 2222;
sshHostKey = "/secrets/system/initrd-ssh-key";
# TODO Solve sops dependency porblem: config.sops.secrets."system/initrd-ssh-key".path;
};
qois.backplane-net.enable = true;
# Configure this node to be used as an vpn exit node
qois.vpn-exit-node.enable = true;
}
Reference in a new issue View git blame Copy permalink