Skip to content

Instantly share code, notes, and snippets.

@mweinelt

mweinelt/network.nix

Last active October 25, 2024 09:57
Show Gist options
  • Save mweinelt/b78f7046145dbaeab4e42bf55663ef44 to your computer and use it in GitHub Desktop.
Save mweinelt/b78f7046145dbaeab4e42bf55663ef44 to your computer and use it in GitHub Desktop.
Download ZIP
NixOS 22.11 Router on VDSL with IPv6 Prefix Delegation, ULA addressing, VLANs on top of Bonding.
Raw
network.nix
{ lib, ... }:
{
# Enable forwarding between all interfaces, restrictions between
# individual links are enforced by firewalling.
boot.kernel.sysctl = {
"net.ipv6.conf.all.forwarding" = lib.mkForce 1;
"net.ipv4.forward" = lib.mkForce 1;
};
systemd.network.config = {
networkConfig = {
ManageForeignRoutes = false;
};
};
systemd.network = {
netdevs = {
"10-bond0" = {
netdevConfig = {
Kind = "bond";
Name = "bond0";
};
bondConfig = {
Mode = "802.3ad";
TransmitHashPolicy = "layer3+4";
};
};
"20-vlan7" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan7";
MTUBytes = "1508";
Description = "Internet";
};
vlanConfig = {
Id = 7;
};
};
"20-vlan42" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan42";
Description = "Management";
};
vlanConfig = {
Id = 42;
};
};
"20-vlan100" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan100";
Description = "LAN Access";
};
vlanConfig = {
Id = 100;
};
};
"20-vlan101" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan101";
Description = "WLAN Access";
};
vlanConfig = {
Id = 101;
};
};
"20-vlan110" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan110";
Description = "Guest Access";
};
vlanConfig = {
Id = 110;
};
};
"20-vlan120" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan120";
Description = "Things";
};
vlanConfig = {
Id = 120;
};
};
};
networks = {
"30-enp1s0" = {
matchConfig.Name = "enp1s0";
# Allow baby jumbo frames to theoretically allow
# PPP-encapsulated packets with 1500 Bytes payload
# to pass through here.
linkConfig.MTUBytes = "1512";
vlan = [
"vlan7"
];
address = [
"192.168.1.2/24"
];
};
"30-enp2s0" = {
matchConfig.Name = "enp2s0";
networkConfig.Bond = "bond0";
};
"30-enp3s0" = {
matchConfig.Name = "enp3s0";
networkConfig.Bond = "bond0";
};
"40-bond0" = {
matchConfig.Name = "bond0";
linkConfig = {
RequiredForOnline = "carrier";
};
vlan = [
"vlan42"
"vlan100"
"vlan101"
"vlan110"
"vlan120"
];
networkConfig.LinkLocalAddressing = "no";
};
"50-vlan7" = {
matchConfig.Name = "vlan7";
linkConfig = {
RequiredForOnline = "carrier";
};
networkConfig.LinkLocalAddressing = "no";
};
"50-vlan42" = {
matchConfig.Name = "vlan42";
address = [
"192.168.42.1/24"
"fd42:23:42:b82a::1/64"
"fe80::1/64"
];
networkConfig = {
ConfigureWithoutCarrier = true;
};
linkConfig = {
RequiredForOnline = "routable";
};
};
"50-vlan100" = {
matchConfig.Name = "vlan100";
address = [
"172.23.42.65/26"
"fd42:23:42:b864::1/64"
"fe80::1/64"
];
networkConfig = {
ConfigureWithoutCarrier = true;
DHCPPrefixDelegation = true;
IPv6AcceptRA = false;
IPv6SendRA = true;
};
dhcpPrefixDelegationConfig = {
SubnetId = "64";
};
ipv6Prefixes = [ {
ipv6PrefixConfig = {
Prefix = "fd42:23:42:b864::/64";
};
} ];
ipv6SendRAConfig = {
RouterLifetimeSec = 1800;
EmitDNS = true;
DNS = "fd42:23:42:b864::1";
EmitDomains = true;
Domains = [
"lan.lossy.network"
];
};
linkConfig = {
RequiredForOnline = "routable";
};
};
"50-vlan101" = {
matchConfig.Name = "vlan101";
address = [
"172.23.42.129/26"
"fd42:23:42:b865::1/64"
"fe80::1/64"
];
networkConfig = {
ConfigureWithoutCarrier = true;
DHCPPrefixDelegation = true;
IPv6AcceptRA = false;
IPv6SendRA = true;
};
dhcpPrefixDelegationConfig = {
SubnetId = "65";
};
ipv6Prefixes = [ {
ipv6PrefixConfig = {
Prefix = "fd42:23:42:b865::/64";
};
} ];
ipv6SendRAConfig = {
RouterLifetimeSec = 1800;
EmitDNS = true;
DNS = "fd42:23:42:b865::1";
EmitDomains = true;
Domains = [
"wlan.lossy.network"
];
};
linkConfig = {
RequiredForOnline = "routable";
};
};
"50-vlan110" = {
matchConfig.Name = "vlan110";
address = [
"192.168.110.1/24"
"fe80::1/64"
];
networkConfig = {
ConfigureWithoutCarrier = true;
DHCPPrefixDelegation = true;
IPv6AcceptRA = false;
IPv6SendRA = true;
};
dhcpPrefixDelegationConfig = {
SubnetId = "6e";
};
ipv6SendRAConfig = {
RouterLifetimeSec = 1800;
EmitDNS = true;
DNS = "fe80::1";
EmitDomains = true;
Domains = [
"guest.lossy.network"
];
};
linkConfig = {
RequiredForOnline = "routable";
};
};
"50-vlan120" = {
matchConfig.Name = "vlan120";
address = [
"192.168.120.1/24"
"fd42:23:42:b878::1/64"
"fe80::1/64"
];
networkConfig = {
ConfigureWithoutCarrier = true;
IPv6AcceptRA = false;
IPv6SendRA = true;
};
ipv6Prefixes = [ {
ipv6PrefixConfig = {
Prefix = "fd42:23:42:b878::/64";
};
} ];
ipv6SendRAConfig = {
RouterLifetimeSec = 1800;
EmitDNS = true;
DNS = "fd42:23:42:b878::1";
EmitDomains = true;
Domains = [
"things.lossy.network"
];
};
linkConfig = {
RequiredForOnline = "routable";
};
};
# This interface gets provided by pppd and networkd
# will not affect its configuration, besides accepting
# RAs and set up IA-PD.
"60-ppp0" = {
matchConfig.Type = "ppp";
networkConfig = {
IPv6AcceptRA = true;
DHCP = "ipv6";
KeepConfiguration = true;
};
dhcpV6Config = {
WithoutRA = "solicit";
PrefixDelegationHint = "::/56";
};
ipv6SendRAConfig = {
Managed = true;
};
linkConfig.RequiredForOnline = "routable";
};
};
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment