From 974b62495efa98b9b640189988a9baf659bb1773 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Sun, 15 Jan 2023 02:28:40 +0100 Subject: [PATCH] initial systemd-networkd conf, has problems --- hosts/thinkpad/modules/networks/default.nix | 93 +++++++++++++++++---- 1 file changed, 75 insertions(+), 18 deletions(-) diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index 5a01e96..dcf6a0e 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -4,10 +4,15 @@ sops.secrets = { "wireless-env" = { }; - "wireguard/dorm/private" = { }; - "wireguard/dorm/preshared" = { }; + "wireguard/dorm/private" = { + owner = config.users.users.systemd-network.name; + }; + "wireguard/dorm/preshared" = { + owner = config.users.users.systemd-network.name; + }; }; networking = { + useNetworkd = true; hostName = "thinkpad"; firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; # open ports for kde connect firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; @@ -23,26 +28,78 @@ "@DORM_SSID@" = { psk = "@DORM_PSK@"; authProtocols = [ "WPA-PSK" ]; - extraConfig = "disabled=1"; }; }; }; - wg-quick.interfaces = { - Dorm = { - address = [ "10.10.10.3/32" ]; - privateKeyFile = config.sops.secrets."wireguard/dorm/private".path; - listenPort = 51820; - dns = [ "192.168.10.1" ]; - autostart = false; - peers = [ - { - publicKey = "vUmworuJFHjB4KUdkucQ+nzqO2ysARLomq4UuK1n430="; - presharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path; - allowedIPs = [ "0.0.0.0/0" ]; - endpoint = "dorm.vpn.rfive.de:51820"; - } - ]; + }; + systemd.network = { + enable = true; + wait-online.anyInterface = true; + netdevs."20-bond0" = { + netdevConfig = { + Name = "bond0"; + Kind = "bond"; + }; + bondConfig = { + Mode = "active-backup"; + PrimaryReselectPolicy = "always"; }; }; + networks = { + "20-ethernet-bond0" = { + matchConfig.Name = "enp0s31f6"; + networkConfig = { + Bond = "bond0"; + PrimarySlave = true; + }; + }; + "20-wireless-bond0" = { + matchConfig.Name = "wlp9s0"; + networkConfig = { + Bond = "bond0"; + #IgnoreCarrierLoss = "3s"; + DHCP = "yes"; + }; + }; + "20-bond0" = { + matchConfig.Name = "bond0"; + networkConfig = { + #DHCP = "yes"; + }; + }; + }; + + # some wireguard interfaces + #netdevs."30-dorm" = { + #netdevConfig = { + #Kind = "wireguard"; + #Name = "dorm"; + #Description = "WireGuard to my Dorm Infra"; + #}; + #wireguardConfig = { + #PrivateKeyFile = config.sops.secrets."wireguard/dorm/private".path; + #ListenPort = 51820; + #}; + #wireguardPeers = [ + #{ + #wireguardPeerConfig = { + #PublicKey = "vUmworuJFHjB4KUdkucQ+nzqO2ysARLomq4UuK1n430="; + #PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path; + #AllowedIPs = [ "10.10.10.0/24" ]; + ##Endpoint = "dorm.vpn.rfive.de:51820"; + #Endpoint = "141.30.227.6:51820"; + #}; + #} + #]; + #}; + #networks."30-dorm" = { + #matchConfig.Name = "dorm"; + #networkConfig = { + #Address = "10.10.10.3/32"; + #}; + #routes = [ + #{ routeConfig = { Gateway = "10.10.10.1"; Destination = "10.10.10.0/24"; }; } + #]; + #}; }; }