tomate: configure ifsr-apb network

hosts/tomate/configuration.nix

@@ -8,6 +8,7 @@
   imports =
     [
       # Include the results of the hardware scan.
+      ./network.nix
       ./hardware-configuration.nix
     ];
 
@@ -15,8 +16,6 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.hostName = "tomate"; # Define your hostname.
-  networking.nftables.enable = true;
 
   nix = {
     settings = {
@@ -29,8 +28,6 @@
     };
   };
 
-  # Enable networking
-  networking.networkmanager.enable = true;
 
   # Set your time zone.
   time.timeZone = "Europe/Berlin";

hosts/tomate/network.nix

@@ -0,0 +1,40 @@
+{ config, ... }:
+{
+  sops.secrets.ifsr-apb-auth = { };
+  networking = {
+    domain = "ifsr.de";
+    hostName = "tomate";
+    useNetworkd = true;
+    nftables.enable = true;
+    # Radius authentification
+    supplicant."enp3s0" = {
+      driver = "wired";
+      configFile.path = config.sops.secrets.ifsr-apb-auth.path;
+    };
+  };
+
+  services.resolved = {
+    enable = true;
+    fallbackDns = [ "9.9.9.9" ];
+  };
+
+  systemd.network = {
+    enable = true;
+
+    networks."10-wired-default" = {
+      matchConfig.Name = "enp3s0";
+
+      address = [ "141.30.86.196/26" ];
+      routes = [
+        {
+          routeConfig.Gateway = "141.30.86.193";
+        }
+      ];
+      networkConfig = {
+        DNS = "141.30.1.1";
+        LLDP = true;
+        EmitLLDP = "nearest-bridge";
+      };
+    };
+  };
+}

secrets/tomate.yaml

@@ -4,6 +4,7 @@ print:
     smtp-password: ENC[AES256_GCM,data:XoaLiEpqAdKapeS9YoBfh2w7HFuTCV9rHIciH+qUbhHcdsgVpnPMsSlC,iv:WxfP5d2K9soJPoRPuS6O6PbNvo4TBQjPGiV0e+a501Q=,tag:ZsTdR+b/oYFAYz/MN73PFg==,type:str]
 sssd:
     env: ENC[AES256_GCM,data:9IbU7uaElmemQHVUvsM88hcyNl3WFehgQeLZPtUxt2Sd0IECm8qNkQhWJ4kuvoBnQsdsUrFm/0QuW7AfDFOeE7FxMxg0,iv:dyzsYHlqClWbfzsoJ36iYjaXWpidB1ZqHXI7RP7js2Y=,tag:97FMOeVwAEy8Ka79uZKC8Q==,type:str]
+ifsr-apb-auth: ENC[AES256_GCM,data:hxJOvRbgjB//YU3wy04P7yrQbV0Ggoi18wQxwy4hHgbXizTHbmlfiZ/MstITrZQ6qEPVBEW41/iGU3DO2Cg2ofpWvFU5Gr8FM1AC9DKq8SppLGqzel1mEejPfrh4RbQUMe0zZlc/YfhCah5sM0oPnBQNg8bPpveEO+5/bRq5S24jkkv7w6/AAS8tGvjALVf/g95jsCrQO2MYg9jCCEkdhORU0bowGD8cjTr6wnPkNhwzn5tiKoPn6eH6TFBkqNC+Q/5E+os10i9F1c3z/sv8Snrcl7V5higqrQekhEvGRDmax/4lE8Yb3AoxC/2M4/+9x+OPi0JUkkhC6rghETXpmYkuaD7E8+eEtLeSbiJPlPijq2HTtbtsHcSoMUdoGO8644TVe/jDxaEe54p9OWEFjRRpONijQKsfH3wENlUXmqDQDLfMSpoANxIHMh+RmRzktGIvTgvs6rlKXsWp7/gggFVxdM/5QPbE3pUvGr+JPWz4,iv:6c1HxYGrItPwKzAnQ0zUvO3TSejVZ/aWF9zs99ufzl4=,tag:fELOskceJWKmkm74MCsfoA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -19,8 +20,8 @@ sops:
             TXVrMHZCNU5zOG5hVnNkdEoxcTZqWXMKA9eG1zM6HeLAAOpIo8Z5+5KD4Z5P3rdc
             kE8sUXHD3d8SMmSKcTYe6gGVzFuw0xxnMb/AmjAQosvDFTQsWy1sTw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-29T13:36:12Z"
-    mac: ENC[AES256_GCM,data:CnoH4KmYy72E0L+X7SHYXrFH6z0KhRhfYXmIO8HnPlkYnwKXDeAYezv4kL3ItZG+8pnmbFdoyHxxVMT6rWtV//x16YPMI0zhwIEBs67ZxM+gzeei4fniktolydKmlXUgbtWw3/y3OtxzAn9Dne2LPz7CwN/imGOTgrWFYGWRhtU=,iv:gcurHYWPSijYRlt9FoutrGInWDOfSkjrNqwU6jxiHDk=,tag:qWhpQ9vLuuihOzJeOGYEog==,type:str]
+    lastmodified: "2024-04-16T08:58:21Z"
+    mac: ENC[AES256_GCM,data:2aOOVZK7kshJFBWphvW/BqRUXht4p80Q15nGJNA1EbjT05f3tYdrr8QuM5Xd1vJO07rgmokWv4XwbzodRIwqidEXD5xuJ1v+kHC/jJnO3yrBKY7kVMHkia2Wq00bcN/iwdW6G6AP5D4HQbmFNo+rLHyjIVwPvtu9jutKpz12NH0=,iv:YCBX2gSEmiUa6HrHi0VEcRGWDJrXGajD8ZbOZcppFnM=,tag:FK2E4hukl8oL5aZNTCQESA==,type:str]
     pgp:
         - created_at: "2024-02-29T15:23:28Z"
           enc: |-