From a41f4b9b648f9bb5bc09c7725e6d3db612744b8d Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 27 Dec 2021 16:04:46 +0100 Subject: vidhar: mgmt --- hosts/vidhar/default.nix | 20 +++++++++++++++++++- hosts/vidhar/ruleset.nft | 2 ++ 2 files changed, 21 insertions(+), 1 deletion(-) (limited to 'hosts') diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index a7b3bc8d..901065e8 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix @@ -77,6 +77,18 @@ { address = "10.141.0.1"; prefixLength = 24; } ]; }; + interfaces."mgmt" = { + ipv4.addresses = [ + { address = "10.141.1.1"; prefixLength = 24; } + ]; + }; + + vlans = { + mgmt = { + id = 2; + interface = "eno2"; + }; + }; firewall.enable = false; nftables = { @@ -91,7 +103,7 @@ services.dhcpd4 = { enable = true; - interfaces = [ "eno1" ]; + interfaces = [ "eno1" "mgmt" ]; extraConfig = '' subnet 10.141.0.0 netmask 255.255.255.0 { range 10.141.0.128 10.141.0.254; @@ -100,6 +112,10 @@ option routers 10.141.0.1; option domain-name "yggdrasil"; } + + subnet 10.141.1.0 netmask 255.255.255.0 { + range 10.141.0.128 10.141.0.254; + } ''; machines = [ { @@ -227,6 +243,8 @@ enable = true; servers = []; extraConfig = '' + allow 10.141.1.0/24 + pool time.cloudflare.com iburst nts pool nts.ntp.se iburst nts server nts.sth1.ntp.se iburst nts diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index 520bfd6a..a2e01c58 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft @@ -100,6 +100,8 @@ table inet filter { iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter accept + iifname mgmt udp dport 123 counter accept + ct state {established, related} counter accept -- cgit v1.2.3