infra/hosts/wob-vpn-gw/default.nix

146 lines
3 KiB
Nix
Raw Normal View History

2024-07-10 14:36:09 +00:00
{ pkgs, lib, ... }:
2024-07-09 09:26:10 +00:00
{
2024-08-09 15:46:56 +00:00
imports = [ ./netboot.nix ];
2024-08-01 20:16:48 +00:00
2024-07-09 09:26:10 +00:00
###### Hardware ######
2024-08-09 15:46:56 +00:00
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"sd_mod"
"sdhci_pci"
];
2024-07-09 09:26:10 +00:00
boot.kernelModules = [ "kvm-amd" ];
boot.loader.grub.device = "/dev/sda";
2024-08-09 15:46:56 +00:00
fileSystems."/" = {
device = "/dev/disk/by-uuid/58688a5c-e3ce-4868-804b-4e34d1370f36";
fsType = "f2fs";
};
2024-07-09 09:26:10 +00:00
2024-08-09 15:46:56 +00:00
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/38caa628-3b6d-4fb4-8767-beee09a196a6";
fsType = "ext2";
};
2024-07-09 09:26:10 +00:00
nixpkgs.hostPlatform = "x86_64-linux";
hardware.cpu.amd.updateMicrocode = true;
# Enable serial output
boot.loader.grub.extraConfig = ''
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
terminal_input serial
terminal_output serial
'';
boot.kernelParams = [
"console=ttyS0,115200"
"console=tty1"
];
###### Config #######
boot.initrd.systemd.enable = true;
networking.useNetworkd = true;
systemd.network = {
netdevs = {
"40-uplink" = {
netdevConfig = {
Kind = "bond";
Name = "uplink";
};
bondConfig = {
Mode = "802.3ad";
TransmitHashPolicy = "layer3+4";
};
};
"40-oob" = {
netdevConfig = {
Kind = "bond";
Name = "oob";
};
bondConfig = {
Mode = "802.3ad";
TransmitHashPolicy = "layer3+4";
};
};
};
2024-08-09 15:46:56 +00:00
networks =
{
"40-enp1s0" = {
name = "enp1s0";
bond = [ "uplink" ];
};
"40-enp2s0" = {
name = "enp2s0";
bond = [ "uplink" ];
};
"40-enp3s0" = {
name = "enp3s0";
bond = [ "oob" ];
};
"40-enp4s0" = {
name = "enp4s0";
bond = [ "oob" ];
};
}
// lib.listToAttrs (
map (
x:
lib.nameValuePair "40-bmc${toString x}" {
name = "bmc${toString x}";
address = [ "192.168.1.${toString (x * 4 + 1)}/30" ];
#address = [ "192.168.${toString x}.1/24" ];
networkConfig.DHCPServer = true;
}
) (lib.genList lib.id 12)
);
2024-07-09 09:26:10 +00:00
};
2024-07-10 13:45:16 +00:00
networking.nftables.enable = true;
networking.firewall.extraInputRules = ''
iifname { "bmc*" } meta nfproto ipv4 udp dport 67 accept comment "DHCP server"
'';
2024-08-09 15:46:56 +00:00
networking.vlans = lib.listToAttrs (
map (
x:
lib.nameValuePair "bmc${toString x}" {
interface = "oob";
id = 101 + x;
}
) (lib.genList lib.id 12)
);
2024-07-09 09:26:10 +00:00
networking.interfaces = {
uplink = {
ipv6.addresses = [
{
address = "2a01:584:11::2";
prefixLength = 64;
}
];
};
};
2024-08-09 15:46:56 +00:00
networking.defaultGateway6 = {
interface = "uplink";
address = "2a01:584:11::1";
};
2024-07-09 09:26:10 +00:00
2024-07-10 12:34:05 +00:00
networking.hostName = "vpn-gw";
networking.domain = "wob01.infra.forkos.org";
2024-07-09 09:26:10 +00:00
deployment.targetHost = "2a01:584:11::2";
bagel.sysadmin.enable = true;
2024-07-10 14:36:09 +00:00
environment.systemPackages = [ pkgs.ipmitool ];
2024-07-09 09:26:10 +00:00
system.stateVersion = "24.05";
}