diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-27 16:04:46 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-27 16:04:46 +0100 |
| commit | a41f4b9b648f9bb5bc09c7725e6d3db612744b8d (patch) | |
| tree | df7d482ba9d4ba88a7876f3f6f46f0282c953f5e | |
| parent | a84bd212e3951953d0b3a73d0f8909986be284f9 (diff) | |
| download | nixos-a41f4b9b648f9bb5bc09c7725e6d3db612744b8d.tar nixos-a41f4b9b648f9bb5bc09c7725e6d3db612744b8d.tar.gz nixos-a41f4b9b648f9bb5bc09c7725e6d3db612744b8d.tar.bz2 nixos-a41f4b9b648f9bb5bc09c7725e6d3db612744b8d.tar.xz nixos-a41f4b9b648f9bb5bc09c7725e6d3db612744b8d.zip | |
vidhar: mgmt
| -rw-r--r-- | hosts/vidhar/default.nix | 20 | ||||
| -rw-r--r-- | hosts/vidhar/ruleset.nft | 2 |
2 files changed, 21 insertions, 1 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index a7b3bc8d..901065e8 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix | |||
| @@ -77,6 +77,18 @@ | |||
| 77 | { address = "10.141.0.1"; prefixLength = 24; } | 77 | { address = "10.141.0.1"; prefixLength = 24; } |
| 78 | ]; | 78 | ]; |
| 79 | }; | 79 | }; |
| 80 | interfaces."mgmt" = { | ||
| 81 | ipv4.addresses = [ | ||
| 82 | { address = "10.141.1.1"; prefixLength = 24; } | ||
| 83 | ]; | ||
| 84 | }; | ||
| 85 | |||
| 86 | vlans = { | ||
| 87 | mgmt = { | ||
| 88 | id = 2; | ||
| 89 | interface = "eno2"; | ||
| 90 | }; | ||
| 91 | }; | ||
| 80 | 92 | ||
| 81 | firewall.enable = false; | 93 | firewall.enable = false; |
| 82 | nftables = { | 94 | nftables = { |
| @@ -91,7 +103,7 @@ | |||
| 91 | 103 | ||
| 92 | services.dhcpd4 = { | 104 | services.dhcpd4 = { |
| 93 | enable = true; | 105 | enable = true; |
| 94 | interfaces = [ "eno1" ]; | 106 | interfaces = [ "eno1" "mgmt" ]; |
| 95 | extraConfig = '' | 107 | extraConfig = '' |
| 96 | subnet 10.141.0.0 netmask 255.255.255.0 { | 108 | subnet 10.141.0.0 netmask 255.255.255.0 { |
| 97 | range 10.141.0.128 10.141.0.254; | 109 | range 10.141.0.128 10.141.0.254; |
| @@ -100,6 +112,10 @@ | |||
| 100 | option routers 10.141.0.1; | 112 | option routers 10.141.0.1; |
| 101 | option domain-name "yggdrasil"; | 113 | option domain-name "yggdrasil"; |
| 102 | } | 114 | } |
| 115 | |||
| 116 | subnet 10.141.1.0 netmask 255.255.255.0 { | ||
| 117 | range 10.141.0.128 10.141.0.254; | ||
| 118 | } | ||
| 103 | ''; | 119 | ''; |
| 104 | machines = [ | 120 | machines = [ |
| 105 | { | 121 | { |
| @@ -227,6 +243,8 @@ | |||
| 227 | enable = true; | 243 | enable = true; |
| 228 | servers = []; | 244 | servers = []; |
| 229 | extraConfig = '' | 245 | extraConfig = '' |
| 246 | allow 10.141.1.0/24 | ||
| 247 | |||
| 230 | pool time.cloudflare.com iburst nts | 248 | pool time.cloudflare.com iburst nts |
| 231 | pool nts.ntp.se iburst nts | 249 | pool nts.ntp.se iburst nts |
| 232 | server nts.sth1.ntp.se iburst nts | 250 | server nts.sth1.ntp.se iburst nts |
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index 520bfd6a..a2e01c58 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft | |||
| @@ -100,6 +100,8 @@ table inet filter { | |||
| 100 | 100 | ||
| 101 | iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter accept | 101 | iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter accept |
| 102 | 102 | ||
| 103 | iifname mgmt udp dport 123 counter accept | ||
| 104 | |||
| 103 | ct state {established, related} counter accept | 105 | ct state {established, related} counter accept |
| 104 | 106 | ||
| 105 | 107 | ||