{ lib, ... }: { ###### Hardware ###### boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "sd_mod" "sdhci_pci" ]; boot.kernelModules = [ "kvm-amd" ]; boot.loader.grub.device = "/dev/sda"; fileSystems."/" = { device = "/dev/disk/by-uuid/58688a5c-e3ce-4868-804b-4e34d1370f36"; fsType = "f2fs"; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/38caa628-3b6d-4fb4-8767-beee09a196a6"; fsType = "ext2"; }; nixpkgs.hostPlatform = "x86_64-linux"; hardware.cpu.amd.updateMicrocode = true; # Enable serial output boot.loader.grub.extraConfig = '' serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 terminal_input serial terminal_output serial ''; boot.kernelParams = [ "console=ttyS0,115200" "console=tty1" ]; ###### Config ####### boot.initrd.systemd.enable = true; networking.useNetworkd = true; systemd.network = { netdevs = { "40-uplink" = { netdevConfig = { Kind = "bond"; Name = "uplink"; }; bondConfig = { Mode = "802.3ad"; TransmitHashPolicy = "layer3+4"; }; }; "40-oob" = { netdevConfig = { Kind = "bond"; Name = "oob"; }; bondConfig = { Mode = "802.3ad"; TransmitHashPolicy = "layer3+4"; }; }; }; networks = { "40-enp1s0" = { name = "enp1s0"; bond = [ "uplink" ]; }; "40-enp2s0" = { name = "enp2s0"; bond = [ "uplink" ]; }; "40-enp3s0" = { name = "enp3s0"; bond = [ "oob" ]; }; "40-enp4s0" = { name = "enp4s0"; bond = [ "oob" ]; }; } // lib.listToAttrs (map (x: lib.nameValuePair "40-bmc${toString x}" { name = "bmc${toString x}"; address = [ "192.168.1.${toString (x*4 + 1)}/30" ]; #address = [ "192.168.${toString x}.1/24" ]; networkConfig.DHCPServer = true; }) (lib.genList lib.id 12)); }; networking.nftables.enable = true; networking.firewall.extraInputRules = '' iifname { "bmc*" } meta nfproto ipv4 udp dport 67 accept comment "DHCP server" ''; networking.vlans = lib.listToAttrs (map (x: lib.nameValuePair "bmc${toString x}" { interface = "oob"; id = 101 + x; }) (lib.genList lib.id 12)); networking.interfaces = { uplink = { ipv6.addresses = [ { address = "2a01:584:11::2"; prefixLength = 64; } ]; }; }; networking.defaultGateway6 = { interface = "uplink"; address = "2a01:584:11::1"; }; networking.hostName = "vpn-gw"; networking.domain = "wob01.infra.forkos.org"; deployment.targetHost = "2a01:584:11::2"; bagel.sysadmin.enable = true; system.stateVersion = "24.05"; }