From 6cfaf825358fcd92dcefd488a20a1b7aa5f73bab Mon Sep 17 00:00:00 2001 From: arcnmx Date: Fri, 10 May 2024 16:24:44 -0700 Subject: [PATCH] fix(kasen): networking config --- ci/systems.json | 6 +++++- docs/network.adoc | 1 + nixos/reisen-ct/proxmox.nix | 2 +- systems/kasen/default.nix | 7 ++++++- systems/kasen/nixos.nix | 36 ++++++++++++++++++++++++++++++++---- tf/cloudflare_records.tf | 10 ++++++++++ 6 files changed, 55 insertions(+), 7 deletions(-) diff --git a/ci/systems.json b/ci/systems.json index 3f0368a4..cce6e282 100644 --- a/ci/systems.json +++ b/ci/systems.json @@ -104,7 +104,11 @@ "hostName": "kasen", "networks": { "int": null, - "local": null, + "local": { + "address4": "10.1.1.49", + "address6": "fd0a::ba27:ebff:fe7e:e241", + "macAddress": "b8:27:eb:7e:e2:41" + }, "tail": null } } diff --git a/docs/network.adoc b/docs/network.adoc index dd65aaa8..2ae4f450 100644 --- a/docs/network.adoc +++ b/docs/network.adoc @@ -30,6 +30,7 @@ reimu:: `10.1.1.45` idp:: `10.1.1.46` aya:: `10.1.1.47` keycloak:: `10.1.1.48` +kasen:: `10.1.1.49` nue:: `10.1.1.62` koishi:: `10.1.1.63` diff --git a/nixos/reisen-ct/proxmox.nix b/nixos/reisen-ct/proxmox.nix index 4cfe4993..1824a505 100644 --- a/nixos/reisen-ct/proxmox.nix +++ b/nixos/reisen-ct/proxmox.nix @@ -34,7 +34,7 @@ in { inherit (proxmox.network) internal local; conditions = coalesce [ (mapNullable (interface: [ "iifname ${interface.name}" ]) internal.interface) - (mapNullable (interface: config.networking.interfaces.local.nftables.conditions) local.interface) + (mapNullable (interface: config.networking.firewall.interfaces.local.nftables.conditions) local.interface) ]; in mkIf (conditions != null) { nftables = { diff --git a/systems/kasen/default.nix b/systems/kasen/default.nix index f4757105..bb24c1c2 100644 --- a/systems/kasen/default.nix +++ b/systems/kasen/default.nix @@ -1,7 +1,6 @@ _: { imports = [ ]; - deploy.hostname = "10.1.1.139"; # TODO: get an aarch64-linux builder on aya! ci.enable = false; arch = "aarch64"; @@ -15,4 +14,10 @@ _: { sshd.enable = true; }; }; + network.networks = { + local = { + macAddress = "b8:27:eb:7e:e2:41"; + address4 = "10.1.1.49"; + }; + }; } diff --git a/systems/kasen/nixos.nix b/systems/kasen/nixos.nix index 7e6b41d4..8f2e43e9 100644 --- a/systems/kasen/nixos.nix +++ b/systems/kasen/nixos.nix @@ -19,8 +19,6 @@ in { boot.loader.grub.enable = false; boot.loader.generic-extlinux-compatible.enable = true; - networking.interfaces.enu1u1.useDHCP = true; - hardware.rtl-sdr.enable = true; services.openwebrx = { @@ -42,7 +40,7 @@ in { }; users.groups.openwebrx = {}; - networking.firewall.allowedTCPPorts = [ + networking.firewall.interfaces.local.allowedTCPPorts = [ 8073 ]; @@ -53,5 +51,35 @@ in { fsType = "ext4"; }; + networking.useNetworkd = true; + systemd.network = { + networks."40-enu1u1" = { + inherit (config.systemd.network.links.enu1u1) matchConfig; + address = ["10.1.1.49/24"]; + gateway = ["10.1.1.1"]; + DHCP = "no"; + networkConfig = { + IPv6AcceptRA = true; + }; + linkConfig = { + Multicast = true; + }; + }; + links.enu1u1 = { + matchConfig = { + Type = "ether"; + MACAddress = "b8:27:eb:7e:e2:41"; + }; + linkConfig = { + WakeOnLan = "magic"; + }; + }; + }; + networking.firewall.interfaces.lan = { + nftables = { + conditions = config.networking.firewall.interfaces.local.nftables.conditions; + }; + }; + system.stateVersion = "24.05"; -} \ No newline at end of file +} diff --git a/tf/cloudflare_records.tf b/tf/cloudflare_records.tf index dea3ce34..4f58d942 100644 --- a/tf/cloudflare_records.tf +++ b/tf/cloudflare_records.tf @@ -95,6 +95,16 @@ module "mediabox_system_records" { ] } +module "kasen_system_records" { + source = "./system/records" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + net_data = local.systems.kasen.network + local_subdomains = [ + "rtlsdr", + ] +} + module "litterbox_system_records" { source = "./system/records" zone_id = cloudflare_zone.gensokyo-zone_zone.id