tomate: configure ifsr-apb network

This commit is contained in:
Rouven Seifert 2024-04-16 10:58:35 +02:00
parent 83db5399d7
commit 5b95918c29
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
3 changed files with 44 additions and 6 deletions

View file

@ -8,6 +8,7 @@
imports =
[
# Include the results of the hardware scan.
./network.nix
./hardware-configuration.nix
];
@ -15,8 +16,6 @@
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "tomate"; # Define your hostname.
networking.nftables.enable = true;
nix = {
settings = {
@ -29,8 +28,6 @@
};
};
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";

40
hosts/tomate/network.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, ... }:
{
sops.secrets.ifsr-apb-auth = { };
networking = {
domain = "ifsr.de";
hostName = "tomate";
useNetworkd = true;
nftables.enable = true;
# Radius authentification
supplicant."enp3s0" = {
driver = "wired";
configFile.path = config.sops.secrets.ifsr-apb-auth.path;
};
};
services.resolved = {
enable = true;
fallbackDns = [ "9.9.9.9" ];
};
systemd.network = {
enable = true;
networks."10-wired-default" = {
matchConfig.Name = "enp3s0";
address = [ "141.30.86.196/26" ];
routes = [
{
routeConfig.Gateway = "141.30.86.193";
}
];
networkConfig = {
DNS = "141.30.1.1";
LLDP = true;
EmitLLDP = "nearest-bridge";
};
};
};
}

View file

@ -4,6 +4,7 @@ print:
smtp-password: ENC[AES256_GCM,data:XoaLiEpqAdKapeS9YoBfh2w7HFuTCV9rHIciH+qUbhHcdsgVpnPMsSlC,iv:WxfP5d2K9soJPoRPuS6O6PbNvo4TBQjPGiV0e+a501Q=,tag:ZsTdR+b/oYFAYz/MN73PFg==,type:str]
sssd:
env: ENC[AES256_GCM,data:9IbU7uaElmemQHVUvsM88hcyNl3WFehgQeLZPtUxt2Sd0IECm8qNkQhWJ4kuvoBnQsdsUrFm/0QuW7AfDFOeE7FxMxg0,iv:dyzsYHlqClWbfzsoJ36iYjaXWpidB1ZqHXI7RP7js2Y=,tag:97FMOeVwAEy8Ka79uZKC8Q==,type:str]
ifsr-apb-auth: ENC[AES256_GCM,data:hxJOvRbgjB//YU3wy04P7yrQbV0Ggoi18wQxwy4hHgbXizTHbmlfiZ/MstITrZQ6qEPVBEW41/iGU3DO2Cg2ofpWvFU5Gr8FM1AC9DKq8SppLGqzel1mEejPfrh4RbQUMe0zZlc/YfhCah5sM0oPnBQNg8bPpveEO+5/bRq5S24jkkv7w6/AAS8tGvjALVf/g95jsCrQO2MYg9jCCEkdhORU0bowGD8cjTr6wnPkNhwzn5tiKoPn6eH6TFBkqNC+Q/5E+os10i9F1c3z/sv8Snrcl7V5higqrQekhEvGRDmax/4lE8Yb3AoxC/2M4/+9x+OPi0JUkkhC6rghETXpmYkuaD7E8+eEtLeSbiJPlPijq2HTtbtsHcSoMUdoGO8644TVe/jDxaEe54p9OWEFjRRpONijQKsfH3wENlUXmqDQDLfMSpoANxIHMh+RmRzktGIvTgvs6rlKXsWp7/gggFVxdM/5QPbE3pUvGr+JPWz4,iv:6c1HxYGrItPwKzAnQ0zUvO3TSejVZ/aWF9zs99ufzl4=,tag:fELOskceJWKmkm74MCsfoA==,type:str]
sops:
kms: []
gcp_kms: []
@ -19,8 +20,8 @@ sops:
TXVrMHZCNU5zOG5hVnNkdEoxcTZqWXMKA9eG1zM6HeLAAOpIo8Z5+5KD4Z5P3rdc
kE8sUXHD3d8SMmSKcTYe6gGVzFuw0xxnMb/AmjAQosvDFTQsWy1sTw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-29T13:36:12Z"
mac: ENC[AES256_GCM,data:CnoH4KmYy72E0L+X7SHYXrFH6z0KhRhfYXmIO8HnPlkYnwKXDeAYezv4kL3ItZG+8pnmbFdoyHxxVMT6rWtV//x16YPMI0zhwIEBs67ZxM+gzeei4fniktolydKmlXUgbtWw3/y3OtxzAn9Dne2LPz7CwN/imGOTgrWFYGWRhtU=,iv:gcurHYWPSijYRlt9FoutrGInWDOfSkjrNqwU6jxiHDk=,tag:qWhpQ9vLuuihOzJeOGYEog==,type:str]
lastmodified: "2024-04-16T08:58:21Z"
mac: ENC[AES256_GCM,data:2aOOVZK7kshJFBWphvW/BqRUXht4p80Q15nGJNA1EbjT05f3tYdrr8QuM5Xd1vJO07rgmokWv4XwbzodRIwqidEXD5xuJ1v+kHC/jJnO3yrBKY7kVMHkia2Wq00bcN/iwdW6G6AP5D4HQbmFNo+rLHyjIVwPvtu9jutKpz12NH0=,iv:YCBX2gSEmiUa6HrHi0VEcRGWDJrXGajD8ZbOZcppFnM=,tag:FK2E4hukl8oL5aZNTCQESA==,type:str]
pgp:
- created_at: "2024-02-29T15:23:28Z"
enc: |-