From 5b95918c299b5c9648762e1f66298f12053903a6 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Tue, 16 Apr 2024 10:58:35 +0200 Subject: [PATCH] tomate: configure ifsr-apb network --- hosts/tomate/configuration.nix | 5 +---- hosts/tomate/network.nix | 40 ++++++++++++++++++++++++++++++++++ secrets/tomate.yaml | 5 +++-- 3 files changed, 44 insertions(+), 6 deletions(-) create mode 100644 hosts/tomate/network.nix diff --git a/hosts/tomate/configuration.nix b/hosts/tomate/configuration.nix index f3f3ceb..58a4c85 100644 --- a/hosts/tomate/configuration.nix +++ b/hosts/tomate/configuration.nix @@ -8,6 +8,7 @@ imports = [ # Include the results of the hardware scan. + ./network.nix ./hardware-configuration.nix ]; @@ -15,8 +16,6 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "tomate"; # Define your hostname. - networking.nftables.enable = true; nix = { settings = { @@ -29,8 +28,6 @@ }; }; - # Enable networking - networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "Europe/Berlin"; diff --git a/hosts/tomate/network.nix b/hosts/tomate/network.nix new file mode 100644 index 0000000..32e98ca --- /dev/null +++ b/hosts/tomate/network.nix @@ -0,0 +1,40 @@ +{ config, ... }: +{ + sops.secrets.ifsr-apb-auth = { }; + networking = { + domain = "ifsr.de"; + hostName = "tomate"; + useNetworkd = true; + nftables.enable = true; + # Radius authentification + supplicant."enp3s0" = { + driver = "wired"; + configFile.path = config.sops.secrets.ifsr-apb-auth.path; + }; + }; + + services.resolved = { + enable = true; + fallbackDns = [ "9.9.9.9" ]; + }; + + systemd.network = { + enable = true; + + networks."10-wired-default" = { + matchConfig.Name = "enp3s0"; + + address = [ "141.30.86.196/26" ]; + routes = [ + { + routeConfig.Gateway = "141.30.86.193"; + } + ]; + networkConfig = { + DNS = "141.30.1.1"; + LLDP = true; + EmitLLDP = "nearest-bridge"; + }; + }; + }; +} diff --git a/secrets/tomate.yaml b/secrets/tomate.yaml index ae1f78c..01caa04 100644 --- a/secrets/tomate.yaml +++ b/secrets/tomate.yaml @@ -4,6 +4,7 @@ print: smtp-password: ENC[AES256_GCM,data:XoaLiEpqAdKapeS9YoBfh2w7HFuTCV9rHIciH+qUbhHcdsgVpnPMsSlC,iv:WxfP5d2K9soJPoRPuS6O6PbNvo4TBQjPGiV0e+a501Q=,tag:ZsTdR+b/oYFAYz/MN73PFg==,type:str] sssd: env: ENC[AES256_GCM,data:9IbU7uaElmemQHVUvsM88hcyNl3WFehgQeLZPtUxt2Sd0IECm8qNkQhWJ4kuvoBnQsdsUrFm/0QuW7AfDFOeE7FxMxg0,iv:dyzsYHlqClWbfzsoJ36iYjaXWpidB1ZqHXI7RP7js2Y=,tag:97FMOeVwAEy8Ka79uZKC8Q==,type:str] +ifsr-apb-auth: ENC[AES256_GCM,data:hxJOvRbgjB//YU3wy04P7yrQbV0Ggoi18wQxwy4hHgbXizTHbmlfiZ/MstITrZQ6qEPVBEW41/iGU3DO2Cg2ofpWvFU5Gr8FM1AC9DKq8SppLGqzel1mEejPfrh4RbQUMe0zZlc/YfhCah5sM0oPnBQNg8bPpveEO+5/bRq5S24jkkv7w6/AAS8tGvjALVf/g95jsCrQO2MYg9jCCEkdhORU0bowGD8cjTr6wnPkNhwzn5tiKoPn6eH6TFBkqNC+Q/5E+os10i9F1c3z/sv8Snrcl7V5higqrQekhEvGRDmax/4lE8Yb3AoxC/2M4/+9x+OPi0JUkkhC6rghETXpmYkuaD7E8+eEtLeSbiJPlPijq2HTtbtsHcSoMUdoGO8644TVe/jDxaEe54p9OWEFjRRpONijQKsfH3wENlUXmqDQDLfMSpoANxIHMh+RmRzktGIvTgvs6rlKXsWp7/gggFVxdM/5QPbE3pUvGr+JPWz4,iv:6c1HxYGrItPwKzAnQ0zUvO3TSejVZ/aWF9zs99ufzl4=,tag:fELOskceJWKmkm74MCsfoA==,type:str] sops: kms: [] gcp_kms: [] @@ -19,8 +20,8 @@ sops: TXVrMHZCNU5zOG5hVnNkdEoxcTZqWXMKA9eG1zM6HeLAAOpIo8Z5+5KD4Z5P3rdc kE8sUXHD3d8SMmSKcTYe6gGVzFuw0xxnMb/AmjAQosvDFTQsWy1sTw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-29T13:36:12Z" - mac: ENC[AES256_GCM,data:CnoH4KmYy72E0L+X7SHYXrFH6z0KhRhfYXmIO8HnPlkYnwKXDeAYezv4kL3ItZG+8pnmbFdoyHxxVMT6rWtV//x16YPMI0zhwIEBs67ZxM+gzeei4fniktolydKmlXUgbtWw3/y3OtxzAn9Dne2LPz7CwN/imGOTgrWFYGWRhtU=,iv:gcurHYWPSijYRlt9FoutrGInWDOfSkjrNqwU6jxiHDk=,tag:qWhpQ9vLuuihOzJeOGYEog==,type:str] + lastmodified: "2024-04-16T08:58:21Z" + mac: ENC[AES256_GCM,data:2aOOVZK7kshJFBWphvW/BqRUXht4p80Q15nGJNA1EbjT05f3tYdrr8QuM5Xd1vJO07rgmokWv4XwbzodRIwqidEXD5xuJ1v+kHC/jJnO3yrBKY7kVMHkia2Wq00bcN/iwdW6G6AP5D4HQbmFNo+rLHyjIVwPvtu9jutKpz12NH0=,iv:YCBX2gSEmiUa6HrHi0VEcRGWDJrXGajD8ZbOZcppFnM=,tag:FK2E4hukl8oL5aZNTCQESA==,type:str] pgp: - created_at: "2024-02-29T15:23:28Z" enc: |-