From 297d19fa0c56400f461407c3bce5f8b2a539a683 Mon Sep 17 00:00:00 2001 From: oddlama Date: Fri, 20 Dec 2024 01:05:17 +0100 Subject: [PATCH] feat: finish vlan setup --- flake.lock | 66 +++++++++++++++--------------- globals.nix | 25 +++++------ hosts/sire/default.nix | 6 ++- hosts/sire/guests/grafana.nix | 30 +++++++------- hosts/sire/guests/immich.nix | 4 +- hosts/sire/guests/paperless.nix | 4 +- hosts/sire/guests/samba.nix | 7 ++-- hosts/sire/net.nix | 14 +++---- hosts/ward/default.nix | 6 ++- hosts/ward/guests/adguardhome.nix | 6 +-- hosts/ward/guests/web-proxy.nix | 6 +-- hosts/ward/kea.nix | 8 +++- hosts/ward/net.nix | 18 ++++---- hosts/zackbiene/home-assistant.nix | 8 ++-- hosts/zackbiene/net.nix | 6 +-- nix/globals.nix | 1 + 16 files changed, 115 insertions(+), 100 deletions(-) diff --git a/flake.lock b/flake.lock index a232c50..3801f97 100644 --- a/flake.lock +++ b/flake.lock @@ -901,11 +901,11 @@ ] }, "locked": { - "lastModified": 1734279981, - "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", + "lastModified": 1734425854, + "narHash": "sha256-nzE5UbJ41aPEKf8R2ZFYtLkqPmF7EIUbNEdHMBLg0Ig=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", + "rev": "0ddd26d0925f618c3a5d85a4fa5eb1e23a09491d", "type": "github" }, "original": { @@ -1113,11 +1113,11 @@ ] }, "locked": { - "lastModified": 1734344598, - "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", + "lastModified": 1734622215, + "narHash": "sha256-OOfI0XhSJGHblfdNDhfnn8QnZxng63rWk9eeJ2tCbiI=", "owner": "nix-community", "repo": "home-manager", - "rev": "83ecd50915a09dca928971139d3a102377a8d242", + "rev": "1395379a7a36e40f2a76e7b9936cc52950baa1be", "type": "github" }, "original": { @@ -1134,11 +1134,11 @@ ] }, "locked": { - "lastModified": 1734093295, - "narHash": "sha256-hSwgGpcZtdDsk1dnzA0xj5cNaHgN9A99hRF/mxMtwS4=", + "lastModified": 1734344598, + "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", "owner": "nix-community", "repo": "home-manager", - "rev": "66c5d8b62818ec4c1edb3e941f55ef78df8141a8", + "rev": "83ecd50915a09dca928971139d3a102377a8d242", "type": "github" }, "original": { @@ -1387,11 +1387,11 @@ "pre-commit-hooks": "pre-commit-hooks_4" }, "locked": { - "lastModified": 1734266385, - "narHash": "sha256-k9P9Sa6jw/Xre8UDp7Ukk75h4Tcq8ZrK+nz6A2MC1IM=", + "lastModified": 1734639503, + "narHash": "sha256-Z58HeNQpfbi94Cw8VxdF1GtU1S5AoWO0hfJTxA6wu78=", "owner": "oddlama", "repo": "nix-topology", - "rev": "ba6f61e594a85eabebf1c8f373923b59b3b07448", + "rev": "d6edd49bac68dc70e19b5e91617b9f04e8ac1c43", "type": "github" }, "original": { @@ -1426,11 +1426,11 @@ "pre-commit-hooks": "pre-commit-hooks_5" }, "locked": { - "lastModified": 1734380133, - "narHash": "sha256-gvbWJGjTpGJwyvK72Rf+z0aMVgKzpu+UWxbh7naZtvY=", + "lastModified": 1734643696, + "narHash": "sha256-W5JSWhhThI9erzhZmpHy1gZGwSxEGPKYmOUBEXH/WGA=", "owner": "oddlama", "repo": "nixos-extra-modules", - "rev": "558954ebb2959ea47bfa593f6a74ce54a21bfafd", + "rev": "6a4736e0773a1852b0b6c5f71cbe96dd39c3caf1", "type": "github" }, "original": { @@ -1447,11 +1447,11 @@ ] }, "locked": { - "lastModified": 1734311693, - "narHash": "sha256-ODRrnbaUsOe3e4kp+uHl+iJxey5zE3kqiBqJWQxrlnY=", + "lastModified": 1734570415, + "narHash": "sha256-kcsDNcEr4hYuDc8l+ox41FvEPpmQTV3/3hgdx3tuxHw=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "a5278f7c326205681f1f42a90fa46a75a13627eb", + "rev": "b8f266f26bb757e7aec18adeee6919db6666c4f6", "type": "github" }, "original": { @@ -1498,11 +1498,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734119587, - "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", + "lastModified": 1734424634, + "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", + "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", "type": "github" }, "original": { @@ -1711,11 +1711,11 @@ "treefmt-nix": "treefmt-nix_4" }, "locked": { - "lastModified": 1734368549, - "narHash": "sha256-D8LYUU+IWbpmyjOAKEnKVOhd7Qfe7q+DvUNZTYoitKY=", + "lastModified": 1734567959, + "narHash": "sha256-ghNQlnI/r6cnknY58x60695sFrYnI6ZUMg65bmoNGqw=", "owner": "nix-community", "repo": "nixvim", - "rev": "6c30476a4d5f761149945a65e74179f4492b1ea6", + "rev": "37608b462772e35220e02bfbd9045d0946564436", "type": "github" }, "original": { @@ -1928,11 +1928,11 @@ "nixpkgs-stable": "nixpkgs-stable_5" }, "locked": { - "lastModified": 1734379367, - "narHash": "sha256-Keu8z5VgT5gnCF4pmB+g7XZFftHpfl4qOn7nqBcywdE=", + "lastModified": 1734425854, + "narHash": "sha256-nzE5UbJ41aPEKf8R2ZFYtLkqPmF7EIUbNEdHMBLg0Ig=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "0bb4be58f21ff38fc3cdbd6c778eb67db97f0b99", + "rev": "0ddd26d0925f618c3a5d85a4fa5eb1e23a09491d", "type": "github" }, "original": { @@ -2223,11 +2223,11 @@ "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1734110168, - "narHash": "sha256-Q0eeLYn45ErXlqGQyXmLLHGe1mqnUiK0Y9wZRa1SNFI=", + "lastModified": 1734531336, + "narHash": "sha256-BWwJTAiWmZudUdUbyets7e3zQfjvZYtkU51blBnUBjw=", "owner": "danth", "repo": "stylix", - "rev": "a9e3779949925ef22f5a215c5f49cf520dea30b1", + "rev": "a2d66f25478103ac9b4adc6d6713794f7005221e", "type": "github" }, "original": { @@ -2519,11 +2519,11 @@ ] }, "locked": { - "lastModified": 1733761991, - "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", + "lastModified": 1734543842, + "narHash": "sha256-/QceWozrNg915Db9x/Ie5k67n9wKgGdTFng+Z1Qw0kE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", + "rev": "76159fc74eeac0599c3618e3601ac2b980a29263", "type": "github" }, "original": { diff --git a/globals.nix b/globals.nix index 96060b3..59f315c 100644 --- a/globals.nix +++ b/globals.nix @@ -2,6 +2,7 @@ inputs, config, lib, + nodes, ... }: let @@ -29,15 +30,8 @@ in home-lan = { vlans = { - personal = { - id = 10; - cidrv4 = "192.168.10.0/24"; - cidrv6 = "fd10::/64"; - hosts.ward.id = 1; - hosts.ward-adguardhome.id = 3; - }; services = { - id = 20; + id = 5; cidrv4 = "192.168.20.0/24"; cidrv6 = "fd20::/64"; hosts.ward.id = 1; @@ -52,11 +46,18 @@ in }; hosts.sire-samba = { id = 10; - inherit (nodes.sire-samba.config.lib.microvm.interfaces.vlan-services) mac; + inherit (nodes.sire-samba.config.lib.microvm.interfaces.lan) mac; }; }; + home = { + id = 10; + cidrv4 = "192.168.10.0/24"; + cidrv6 = "fd10::/64"; + hosts.ward.id = 1; + hosts.ward-adguardhome.id = 3; + }; devices = { - id = 30; + id = 20; cidrv4 = "192.168.30.0/24"; cidrv6 = "fd30::/64"; hosts.ward.id = 1; @@ -71,14 +72,14 @@ in }; }; iot = { - id = 40; + id = 30; cidrv4 = "192.168.40.0/24"; cidrv6 = "fd40::/64"; hosts.ward.id = 1; hosts.ward-adguardhome.id = 3; }; guests = { - id = 50; + id = 40; cidrv4 = "192.168.50.0/24"; cidrv6 = "fd50::/64"; hosts.ward.id = 1; diff --git a/hosts/sire/default.nix b/hosts/sire/default.nix index c734122..58ace3c 100644 --- a/hosts/sire/default.nix +++ b/hosts/sire/default.nix @@ -95,7 +95,9 @@ { node.secretsDir = ./secrets/${guestName}; networking.nftables.firewall = { - zones.untrusted.interfaces = [ config.guests.${guestName}.networking.mainLinkName ]; + zones.untrusted.interfaces = lib.mkIf ( + lib.length config.guests.${guestName}.networking.links == 1 + ) config.guests.${guestName}.networking.links; }; } ]; @@ -106,8 +108,8 @@ backend = "microvm"; microvm = { system = "x86_64-linux"; - macvtap = "lan"; baseMac = config.repo.secrets.local.networking.interfaces.lan.mac; + interfaces.lan = { }; }; extraSpecialArgs = { inherit (inputs.self) nodes globals; diff --git a/hosts/sire/guests/grafana.nix b/hosts/sire/guests/grafana.nix index cc7779e..5fac840 100644 --- a/hosts/sire/guests/grafana.nix +++ b/hosts/sire/guests/grafana.nix @@ -65,12 +65,13 @@ in group = "influxdb2"; }; - services.influxdb2.provision.organizations.machines.auths."grafana machines:telegraf (${config.node.name})" = { - readBuckets = [ "telegraf" ]; - writeBuckets = [ "telegraf" ]; - tokenFile = - nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-machines-${config.node.name}".path; - }; + services.influxdb2.provision.organizations.machines.auths."grafana machines:telegraf (${config.node.name})" = + { + readBuckets = [ "telegraf" ]; + writeBuckets = [ "telegraf" ]; + tokenFile = + nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-machines-${config.node.name}".path; + }; age.secrets."grafana-influxdb-token-home-${config.node.name}" = { inherit (config.age.secrets.grafana-influxdb-token-home) rekeyFile; @@ -78,12 +79,13 @@ in group = "influxdb2"; }; - services.influxdb2.provision.organizations.home.auths."grafana home:home_assistant (${config.node.name})" = { - readBuckets = [ "home_assistant" ]; - writeBuckets = [ "home_assistant" ]; - tokenFile = - nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-home-${config.node.name}".path; - }; + services.influxdb2.provision.organizations.home.auths."grafana home:home_assistant (${config.node.name})" = + { + readBuckets = [ "home_assistant" ]; + writeBuckets = [ "home_assistant" ]; + tokenFile = + nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-home-${config.node.name}".path; + }; }; globals.services.grafana.domain = grafanaDomain; @@ -144,8 +146,8 @@ in proxyWebsockets = true; }; extraConfig = '' - allow ${globals.net.home-lan.cidrv4}; - allow ${globals.net.home-lan.cidrv6}; + allow ${globals.net.home-lan.vlans.services.cidrv4}; + allow ${globals.net.home-lan.vlans.services.cidrv6}; deny all; ''; }; diff --git a/hosts/sire/guests/immich.nix b/hosts/sire/guests/immich.nix index 7c72484..5eb143e 100644 --- a/hosts/sire/guests/immich.nix +++ b/hosts/sire/guests/immich.nix @@ -249,8 +249,8 @@ in proxy_read_timeout 600s; proxy_send_timeout 600s; send_timeout 600s; - allow ${globals.net.home-lan.cidrv4}; - allow ${globals.net.home-lan.cidrv6}; + allow ${globals.net.home-lan.vlans.services.cidrv4}; + allow ${globals.net.home-lan.vlans.services.cidrv6}; deny all; ''; }; diff --git a/hosts/sire/guests/paperless.nix b/hosts/sire/guests/paperless.nix index 512d5bf..6292984 100644 --- a/hosts/sire/guests/paperless.nix +++ b/hosts/sire/guests/paperless.nix @@ -79,8 +79,8 @@ in useACMEWildcardHost = true; extraConfig = '' client_max_body_size 512M; - allow ${globals.net.home-lan.cidrv4}; - allow ${globals.net.home-lan.cidrv6}; + allow ${globals.net.home-lan.vlans.services.cidrv4}; + allow ${globals.net.home-lan.vlans.services.cidrv6}; deny all; ''; locations."/" = { diff --git a/hosts/sire/guests/samba.nix b/hosts/sire/guests/samba.nix index 8ea12c2..31f7560 100644 --- a/hosts/sire/guests/samba.nix +++ b/hosts/sire/guests/samba.nix @@ -148,9 +148,9 @@ in }; globals.monitoring.tcp.samba = { - host = globals.net.home-lan.hosts.sire-samba.ipv4; + host = globals.net.home-lan.vlans.services.hosts.sire-samba.ipv4; port = 445; - network = "home-lan"; + network = "home-lan.vlans.services"; }; services.samba = { @@ -179,7 +179,8 @@ in # Deny access to all hosts by default. "hosts deny" = "0.0.0.0/0"; # Allow access to local network and TODO: wireguard - "hosts allow" = "${globals.net.home-lan.cidrv4} ${globals.net.home-lan.cidrv6}"; + "hosts allow" = + "${globals.net.home-lan.vlans.services.cidrv4} ${globals.net.home-lan.vlans.services.cidrv6}"; # Don't advertise inaccessible shares to users "access based share enum" = "yes"; diff --git a/hosts/sire/net.nix b/hosts/sire/net.nix index 1659799..175ae87 100644 --- a/hosts/sire/net.nix +++ b/hosts/sire/net.nix @@ -8,16 +8,16 @@ networking.hostId = config.repo.secrets.local.networking.hostId; globals.monitoring.ping.sire = { - hostv4 = lib.net.cidr.ip globals.net.home-lan.hosts.sire.cidrv4; - hostv6 = lib.net.cidr.ip globals.net.home-lan.hosts.sire.cidrv6; - network = "home-lan"; + hostv4 = lib.net.cidr.ip globals.net.home-lan.vlans.services.hosts.sire.cidrv4; + hostv6 = lib.net.cidr.ip globals.net.home-lan.vlans.services.hosts.sire.cidrv6; + network = "home-lan.vlans.services"; }; boot.initrd.systemd.network = { enable = true; networks."10-lan" = { - address = [ globals.net.home-lan.hosts.sire.cidrv4 ]; - gateway = [ globals.net.home-lan.hosts.ward.ipv4 ]; + address = [ globals.net.home-lan.vlans.services.hosts.sire.cidrv4 ]; + gateway = [ globals.net.home-lan.vlans.services.hosts.ward.ipv4 ]; matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan.mac; networkConfig = { IPv6PrivacyExtensions = "yes"; @@ -54,8 +54,8 @@ ''; }; "20-lan-self" = { - address = [ globals.net.home-lan.hosts.sire.cidrv4 ]; - gateway = [ globals.net.home-lan.hosts.ward.ipv4 ]; + address = [ globals.net.home-lan.vlans.services.hosts.sire.cidrv4 ]; + gateway = [ globals.net.home-lan.vlans.services.hosts.ward.ipv4 ]; matchConfig.Name = "lan-self"; networkConfig = { IPv6PrivacyExtensions = "yes"; diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix index bb119d6..b93fa05 100644 --- a/hosts/ward/default.nix +++ b/hosts/ward/default.nix @@ -79,7 +79,9 @@ { node.secretsDir = ./secrets/${guestName}; networking.nftables.firewall = { - zones.untrusted.interfaces = [ config.guests.${guestName}.networking.mainLinkName ]; + zones.untrusted.interfaces = lib.mkIf ( + lib.length config.guests.${guestName}.networking.links == 1 + ) config.guests.${guestName}.networking.links; }; } ]; @@ -90,8 +92,8 @@ backend = "microvm"; microvm = { system = "x86_64-linux"; - macvtap = "lan"; baseMac = config.repo.secrets.local.networking.interfaces.lan.mac; + interfaces.vlan-services = { }; }; extraSpecialArgs = { inherit (inputs.self) nodes globals; diff --git a/hosts/ward/guests/adguardhome.nix b/hosts/ward/guests/adguardhome.nix index 0a36bf6..8a258e7 100644 --- a/hosts/ward/guests/adguardhome.nix +++ b/hosts/ward/guests/adguardhome.nix @@ -16,9 +16,9 @@ in globals.services.adguardhome.domain = adguardhomeDomain; globals.monitoring.dns.adguardhome = { - server = globals.net.home-lan.hosts.ward-adguardhome.ipv4; + server = globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv4; domain = "."; - network = "home-lan"; + network = "home-lan.vlans.services"; }; nodes.sentinel = { @@ -99,7 +99,7 @@ in map (domain: { inherit domain; - answer = globals.net.home-lan.hosts.ward-web-proxy.ipv4; + answer = globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv4; }) [ # FIXME: dont hardcode, filter global service domains by internal state diff --git a/hosts/ward/guests/web-proxy.nix b/hosts/ward/guests/web-proxy.nix index 23a2580..47bf2ec 100644 --- a/hosts/ward/guests/web-proxy.nix +++ b/hosts/ward/guests/web-proxy.nix @@ -22,7 +22,7 @@ in meta.telegraf.availableMonitoringNetworks = [ "internet" "home-wan" - "home-lan" + "home-lan.vlans.services" ]; age.secrets.acme-cloudflare-dns-token = { @@ -70,8 +70,8 @@ in # is over TLS. extraConfig = '' proxy_ssl_verify off; - allow ${globals.net.home-lan.cidrv4}; - allow ${globals.net.home-lan.cidrv6}; + allow ${globals.net.home-lan.vlans.services.cidrv4}; + allow ${globals.net.home-lan.vlans.services.cidrv6}; deny all; ''; }; diff --git a/hosts/ward/kea.nix b/hosts/ward/kea.nix index df354de..09cc4e0 100644 --- a/hosts/ward/kea.nix +++ b/hosts/ward/kea.nix @@ -5,7 +5,11 @@ ... }: let - inherit (lib) net; + inherit (lib) + flip + mapAttrsToList + net + ; in { environment.persistence."/persist".directories = [ @@ -32,7 +36,7 @@ in interfaces = map (name: "me-${name}") (builtins.attrNames globals.net.home-lan.vlans); service-sockets-max-retries = -1; }; - subnet4 = lib.mapAttrsToList globals.net.home-lan.vlans ( + subnet4 = flip mapAttrsToList globals.net.home-lan.vlans ( vlanName: vlanCfg: [ { inherit (vlanCfg) id; diff --git a/hosts/ward/net.nix b/hosts/ward/net.nix index 8fc78e7..40fe659 100644 --- a/hosts/ward/net.nix +++ b/hosts/ward/net.nix @@ -9,9 +9,9 @@ networking.hostId = config.repo.secrets.local.networking.hostId; globals.monitoring.ping.ward = { - hostv4 = lib.net.cidr.ip globals.net.home-lan.hosts.ward.cidrv4; - hostv6 = lib.net.cidr.ip globals.net.home-lan.hosts.ward.cidrv6; - network = "home-lan.vlans.devices"; + hostv4 = lib.net.cidr.ip globals.net.home-lan.vlans.services.hosts.ward.cidrv4; + hostv6 = lib.net.cidr.ip globals.net.home-lan.vlans.services.hosts.ward.cidrv6; + network = "home-lan.vlans.services"; }; boot.initrd.availableKernelModules = [ "8021q" ]; @@ -43,8 +43,8 @@ }; "30-vlan-home" = { address = [ - globals.net.home-lan.hosts.ward.cidrv4 - globals.net.home-lan.hosts.ward.cidrv6 + globals.net.home-lan.vlans.home.hosts.ward.cidrv4 + globals.net.home-lan.vlans.home.hosts.ward.cidrv6 ]; matchConfig.Name = "vlan-home"; networkConfig = { @@ -157,7 +157,7 @@ # ipv6SendRAConfig = { # Managed = true; # EmitDNS = true; - # FIXME: this is not the true ipv6 of adguardhome DNS = globals.net.home-lan.hosts.ward-adguardhome.ipv6; + # FIXME: this is not the true ipv6 of adguardhome DNS = globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv6; # FIXME: todo assign static additional to reservation in kea # }; linkConfig.RequiredForOnline = "routable"; @@ -178,15 +178,15 @@ } // lib.flip lib.concatMapAttrs globals.net.home-lan.vlans ( vlanName: _: { - "me-${vlanName}".interfaces = [ "me-${vlanName}" ]; + "vlan-${vlanName}".interfaces = [ "me-${vlanName}" ]; } ); rules = { masquerade-internet = { from = [ - "vlan-home" "vlan-services" + "vlan-home" "vlan-devices" "vlan-guests" ]; @@ -222,7 +222,7 @@ #}; wireguard.proxy-home.server = { - host = globals.net.home-lan.hosts.ward.ipv4; + host = globals.net.home-lan.vlans.services.hosts.ward.ipv4; port = 51444; reservedAddresses = [ globals.net.proxy-home.cidrv4 diff --git a/hosts/zackbiene/home-assistant.nix b/hosts/zackbiene/home-assistant.nix index 4319dc5..e2638df 100644 --- a/hosts/zackbiene/home-assistant.nix +++ b/hosts/zackbiene/home-assistant.nix @@ -154,7 +154,9 @@ in }; # Connect to fritzbox via https proxy (to ensure valid cert) - networking.hosts.${globals.net.home-lan.hosts.ward-web-proxy.ipv4} = [ fritzboxDomain ]; + networking.hosts.${globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv4} = [ + fritzboxDomain + ]; nodes.ward-web-proxy = { services.nginx = { @@ -174,8 +176,8 @@ in proxyWebsockets = true; }; extraConfig = '' - allow ${globals.net.home-lan.cidrv4}; - allow ${globals.net.home-lan.cidrv6}; + allow ${globals.net.home-lan.vlans.services.cidrv4}; + allow ${globals.net.home-lan.vlans.services.cidrv6}; deny all; ''; }; diff --git a/hosts/zackbiene/net.nix b/hosts/zackbiene/net.nix index 7a89d37..0c44fdf 100644 --- a/hosts/zackbiene/net.nix +++ b/hosts/zackbiene/net.nix @@ -14,7 +14,7 @@ in globals.monitoring.ping.zackbiene = { hostv4 = "zackbiene.local"; hostv6 = "zackbiene.local"; - network = "home-lan"; + network = "home-lan.vlans.services"; }; wireguard.proxy-home.client.via = "ward"; @@ -70,8 +70,8 @@ in lan-interface.interfaces = [ "lan1" ]; lan = { parent = "lan-interface"; - ipv4Addresses = [ globals.net.home-lan.cidrv4 ]; - ipv6Addresses = [ globals.net.home-lan.cidrv6 ]; + ipv4Addresses = [ globals.net.home-lan.vlans.services.cidrv4 ]; + ipv6Addresses = [ globals.net.home-lan.vlans.services.cidrv6 ]; }; iot.interfaces = [ "wlan1" ]; }; diff --git a/nix/globals.nix b/nix/globals.nix index 9b7cc9b..35a85c1 100644 --- a/nix/globals.nix +++ b/nix/globals.nix @@ -14,6 +14,7 @@ specialArgs = { inherit (inputs.self.pkgs.x86_64-linux) lib; inherit inputs; + inherit (config) nodes; }; modules = [ ../modules/globals.nix