Update from updated-inputs-2024-08-24-01-03

2024-08-24 03:03:05 +02:00
parent 1a410dfaa1 1dce42c252
commit cbed65a601
5 changed files with 81 additions and 1 deletions
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@@ -12,6 +12,7 @@
      ./net-heimnetz.nix
      ./net-iot.nix
      ./net-lte.nix
+      ./net-mgmt.nix
      ./net-voip.nix
      ./ntp.nix
      ./ppp.nix
@@ -64,6 +65,13 @@
    ];
  };

+  systemd.services."system-reboot" = {
+    script = ''
+      ${pkgs.systemd}/bin/reboot
+    '';
+    startAt = "*-*-* 1/3:13:14";
+  };
+
  clerie.firewall.enable = true;

  clerie.monitoring = {
--- a/hosts/carbon/net-mgmt.nix
+++ b/hosts/carbon/net-mgmt.nix
@@ -0,0 +1,62 @@
+{ ... }:
+
+{
+
+  networking.vlans."enp1s0.203" = {
+    id = 203;
+    interface = "enp1s0";
+  };
+  networking.bridges."net-mgmt".interfaces = [
+    "enp1s0.203"
+  ];
+  networking.interfaces."net-mgmt".ipv6.addresses = [
+    { address = "fe80::1"; prefixLength = 64; }
+    { address = "fd00:152:152:203::1"; prefixLength = 64; }
+  ];
+  networking.interfaces."net-mgmt".ipv4.addresses = [
+    { address = "10.152.203.1"; prefixLength = 24; }
+  ];
+
+  services.radvd.config = ''
+    interface net-mgmt {
+      AdvSendAdvert on;
+      prefix ::/64 {
+        AdvValidLifetime 60;
+        AdvPreferredLifetime 30;
+      };
+    };
+  '';
+
+  services.kea.dhcp4 = {
+    settings = {
+      interfaces-config = {
+        interfaces = [ "net-mgmt" ];
+      };
+      subnet4 = [
+        {
+          id = 203;
+          subnet = "10.152.203.0/24";
+          pools = [
+            {
+              pool = "10.152.203.100 - 10.152.203.240";
+            }
+          ];
+          option-data = [
+            {
+              name = "routers";
+              data = "10.152.203.1";
+            }
+          ];
+        }
+      ];
+    };
+  };
+
+  clerie.firewall.extraForwardFilterCommands = ''
+    # Allow access from Heimnetz to MGMT network
+    ip46tables -A forward-filter -i net-heimnetz -o net-mgmt -j ACCEPT
+    ip46tables -A forward-filter -i net-mgmt -j DROP
+    ip46tables -A forward-filter -o net-mgmt -j DROP
+  '';
+
+}
--- a/hosts/krypton/android.nix
+++ b/hosts/krypton/android.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+
+{
+
+  services.udev.packages = [
+    pkgs.android-udev-rules
+  ];
+
+}
--- a/hosts/krypton/configuration.nix
+++ b/hosts/krypton/configuration.nix
@@ -7,6 +7,7 @@

      ../../configuration/desktop

+      ./android.nix
      ./backup.nix
      #./initrd.nix
      ./network.nix
--- a/hosts/monitoring-3/grafana.nix
+++ b/hosts/monitoring-3/grafana.nix
@@ -7,7 +7,7 @@
        domain = "grafana.monitoring.clerie.de";
        root_url = "https://grafana.monitoring.clerie.de";
        http_port = 3001;
-        http_addr = "[::1]";
+        http_addr = "::1";
      };
      "auth.anonymous" = {
        enabled = true;