From 006877c4ae9d0cbe3b1623eb3048d6340a15ff0d Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Wed, 19 Mar 2025 20:07:37 +0100
Subject: [PATCH] hosts/astatine,hosts/beryllium,hosts/tungsten: Migrate to
systemd-networkd
Policy routing clashed with the fallback dhcp on any interface module
for some unknown reason, therefore wg-clerie is disabled on all of these
devices
---
hosts/astatine/configuration.nix | 16 ++++--
hosts/beryllium/configuration.nix | 67 ++++++++++++----------
hosts/tungsten/configuration.nix | 14 +++--
profiles/default.nix | 1 +
profiles/network-fallback-dhcp/default.nix | 22 +++++++
5 files changed, 79 insertions(+), 41 deletions(-)
create mode 100644 profiles/network-fallback-dhcp/default.nix
diff --git a/hosts/astatine/configuration.nix b/hosts/astatine/configuration.nix
index 1540759..ea8cac3 100644
--- a/hosts/astatine/configuration.nix
+++ b/hosts/astatine/configuration.nix
@@ -6,6 +6,8 @@
./hardware-configuration.nix
];
+ profiles.clerie.network-fallback-dhcp.enable = true;
+
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.loader.grub.enable = true;
@@ -16,11 +18,15 @@
terminal_output serial
";
- services.wg-clerie = {
- enable = true;
- ipv6s = [ "2a01:4f8:c0c:15f1::8108/128" ];
- ipv4s = [ "10.20.30.108/32" ];
- };
+ networking.useDHCP = false;
+
+ systemd.network.enable = true;
+
+ #services.wg-clerie = {
+ # enable = true;
+ # ipv6s = [ "2a01:4f8:c0c:15f1::8108/128" ];
+ # ipv4s = [ "10.20.30.108/32" ];
+ #};
clerie.monitoring = {
enable = true;
diff --git a/hosts/beryllium/configuration.nix b/hosts/beryllium/configuration.nix
index d053311..15235da 100644
--- a/hosts/beryllium/configuration.nix
+++ b/hosts/beryllium/configuration.nix
@@ -6,6 +6,8 @@
./hardware-configuration.nix
];
+ profiles.clerie.network-fallback-dhcp.enable = true;
+
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.loader.grub.enable = true;
@@ -18,42 +20,45 @@
networking.hostName = "beryllium";
+ networking.useDHCP = false;
+ systemd.network.enable = true;
+
networking.firewall.enable = false;
- networking.iproute2.enable = true;
- networking.iproute2.rttablesExtraConfig = ''
- 200 wg-clerie
- '';
+ #networking.iproute2.enable = true;
+ #networking.iproute2.rttablesExtraConfig = ''
+ # 200 wg-clerie
+ #'';
- petabyte.policyrouting = {
- enable = true;
- rules6 = [
- { rule = "from 2a01:4f8:c0c:15f1::8107/128 lookup wg-clerie"; prio = 20000; }
- { rule = "from 2a01:4f8:c0c:15f1::8107/128 unreachable"; prio = 20001; }
- ];
- rules4 = [
- { rule = "from 10.20.30.107/32 lookup wg-clerie"; prio = 20000; }
- { rule = "from 10.20.30.107/32 unreachable"; prio = 20001; }
- ];
- };
+ #petabyte.policyrouting = {
+ # enable = true;
+ # rules6 = [
+ # { rule = "from 2a01:4f8:c0c:15f1::8107/128 lookup wg-clerie"; prio = 20000; }
+ # { rule = "from 2a01:4f8:c0c:15f1::8107/128 unreachable"; prio = 20001; }
+ # ];
+ # rules4 = [
+ # { rule = "from 10.20.30.107/32 lookup wg-clerie"; prio = 20000; }
+ # { rule = "from 10.20.30.107/32 unreachable"; prio = 20001; }
+ # ];
+ #};
- networking.wireguard.enable = true;
- networking.wireguard.interfaces = {
- wg-clerie = {
- ips = [ "2a01:4f8:c0c:15f1::8107/128" "10.20.30.107/32" ];
- table = "wg-clerie";
- peers = [
- {
- endpoint = "vpn.clerie.de:51820";
- persistentKeepalive = 25;
- allowedIPs = [ "0.0.0.0/0" "::/0" "10.20.30.0/24" "2a01:4f8:c0c:15f1::/113" ];
- publicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=";
- }
- ];
- privateKeyFile = "/var/src/secrets/wireguard/wg-clerie";
- };
- };
+ #networking.wireguard.enable = true;
+ #networking.wireguard.interfaces = {
+ # wg-clerie = {
+ # ips = [ "2a01:4f8:c0c:15f1::8107/128" "10.20.30.107/32" ];
+ # table = "wg-clerie";
+ # peers = [
+ # {
+ # endpoint = "vpn.clerie.de:51820";
+ # persistentKeepalive = 25;
+ # allowedIPs = [ "0.0.0.0/0" "::/0" "10.20.30.0/24" "2a01:4f8:c0c:15f1::/113" ];
+ # publicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=";
+ # }
+ # ];
+ # privateKeyFile = "/var/src/secrets/wireguard/wg-clerie";
+ # };
+ #};
clerie.monitoring = {
enable = true;
diff --git a/hosts/tungsten/configuration.nix b/hosts/tungsten/configuration.nix
index d9b954e..f1028db 100644
--- a/hosts/tungsten/configuration.nix
+++ b/hosts/tungsten/configuration.nix
@@ -6,6 +6,8 @@
./hardware-configuration.nix
];
+ profiles.clerie.network-fallback-dhcp.enable = true;
+
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.loader.grub.enable = true;
@@ -16,14 +18,16 @@
terminal_output serial
";
+ networking.useDHCP = false;
+ systemd.network.enable = true;
networking.hostName = "tungsten";
- services.wg-clerie = {
- enable = true;
- ipv6s = [ "2a01:4f8:c0c:15f1::8112/128" ];
- ipv4s = [ "10.20.30.112/32" ];
- };
+ #services.wg-clerie = {
+ # enable = true;
+ # ipv6s = [ "2a01:4f8:c0c:15f1::8112/128" ];
+ # ipv4s = [ "10.20.30.112/32" ];
+ #};
clerie.monitoring = {
enable = true;
diff --git a/profiles/default.nix b/profiles/default.nix
index 6192023..04aecfb 100644
--- a/profiles/default.nix
+++ b/profiles/default.nix
@@ -8,6 +8,7 @@
./hetzner-cloud
./mercury-vm
./netcup
+ ./network-fallback-dhcp
];
}
diff --git a/profiles/network-fallback-dhcp/default.nix b/profiles/network-fallback-dhcp/default.nix
new file mode 100644
index 0000000..1d1402c
--- /dev/null
+++ b/profiles/network-fallback-dhcp/default.nix
@@ -0,0 +1,22 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+
+ options.profiles.clerie.network-fallback-dhcp = {
+ enable = mkEnableOption "Profile for systemd-network falling back to DHCP on all interfaces";
+ };
+
+ config = mkIf config.profiles.clerie.network-fallback-dhcp.enable {
+
+ systemd.network.wait-online.anyInterface = true;
+
+ systemd.network.networks."90-lan-dhcp" = {
+ matchConfig.Type = "ether";
+ networkConfig.DHCP = true;
+ linkConfig.RequiredForOnline = "routable";
+ };
+
+ };
+}