diff --git a/flake.lock b/flake.lock index 27357fa..9f9c01a 100644 --- a/flake.lock +++ b/flake.lock @@ -560,11 +560,11 @@ }, "nixpkgs-mine": { "locked": { - "lastModified": 1698758299, - "narHash": "sha256-J5Ljnna3fmtSRXvYOo0fm+65+lsP6FO1DXNp+fnSFA8=", + "lastModified": 1700347575, + "narHash": "sha256-wHdY7YFRepLNtPRh7gBP8EDJRbqC/hwYWupxTof7PQ8=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "aebb3f35c0cb5270052dd4a1ac511cca5607a65e", + "rev": "72cc1ce8a7e476a724de861bbd066a1cb700e39b", "type": "github" }, "original": { @@ -576,11 +576,11 @@ }, "nixpkgs-mine-stable": { "locked": { - "lastModified": 1698758314, - "narHash": "sha256-n5lkK0deuU/yHN6c+d1IeGFWW0DIOXDe2ZQK0OdMyY4=", + "lastModified": 1700347610, + "narHash": "sha256-NLRu2yPRc6BRIIcI0KG9csLGiAhmZG2JXLrJI+gLJQk=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "2e412711696ca846a039eafcc7a23e80d85de1e3", + "rev": "8b2769b59113858ecf4cf24ddae9ab1b8dd7920d", "type": "github" }, "original": { diff --git a/nixos/boxes/home/routing-common/default.nix b/nixos/boxes/home/routing-common/default.nix index 6244b4c..1f49487 100644 --- a/nixos/boxes/home/routing-common/default.nix +++ b/nixos/boxes/home/routing-common/default.nix @@ -59,15 +59,27 @@ in let inherit (lib) mkIf mkMerge mkForce; inherit (lib.my) networkdAssignment; + + # TODO: Move into nixpkgs + mstpd = pkgs.mstpd.overrideAttrs { + patches = [ ./mstpd.patch ]; + }; in { imports = [ (import ./dns.nix index) ]; config = { environment = { - systemPackages = with pkgs; [ - ethtool + systemPackages = [ + pkgs.ethtool + mstpd ]; + etc = { + "bridge-stp.conf".text = '' + MANAGE_MSTPD=n + MSTP_BRIDGES=lan + ''; + }; }; services = { @@ -82,10 +94,44 @@ in enable = true; openFirewall = true; }; + + networkd-dispatcher = { + enable = true; + rules = { + configure-mstpd = { + onState = [ "routable" ]; + script = '' + #!${pkgs.runtimeShell} + if [ $IFACE = "lan" ]; then + ${mstpd}/sbin/mstpctl setforcevers $IFACE rstp + fi + ''; + }; + }; + }; }; networking.domain = "h.${pubDomain}"; + systemd = { + services = { + mstpd = { + description = "MSTP daemon"; + before = [ "network-pre.target" ]; + serviceConfig = { + Type = "forking"; + ExecStart = "${mstpd}/sbin/bridge-stp restart"; + ExecReload = "${mstpd}/sbin/bridge-stp restart_config"; + PIDFile = "/run/mstpd.pid"; + Restart = "always"; + PrivateTmp = true; + ProtectHome = true; + }; + wantedBy = [ "multi-user.target" ]; + }; + }; + }; + systemd.network = { wait-online.enable = false; config = { @@ -112,9 +158,15 @@ in Name = "wan"; Kind = "bridge"; }; - "25-lan".netdevConfig = { - Name = "lan"; - Kind = "bridge"; + "25-lan" = { + netdevConfig = { + Name = "lan"; + Kind = "bridge"; + }; + extraConfig = '' + [Bridge] + STP=true + ''; }; } diff --git a/nixos/boxes/home/routing-common/mstpd.patch b/nixos/boxes/home/routing-common/mstpd.patch new file mode 100644 index 0000000..9fbf18c --- /dev/null +++ b/nixos/boxes/home/routing-common/mstpd.patch @@ -0,0 +1,26 @@ +diff --git a/bridge-stp.in b/bridge-stp.in +index 3807873..9c73126 100755 +--- a/bridge-stp.in ++++ b/bridge-stp.in +@@ -31,6 +31,10 @@ + # bridge or any associated kernel network interfaces in any code paths that are + # used when this script is called by the kernel. + ++# Ensure that we have a sane PATH. ++PATH='/run/current-system/sw/bin' ++export PATH ++ + # Parse arguments. + CalledAs="$(basename "$0")" + if [ "$CalledAs" = 'mstpctl_restart_config' ]; then +@@ -62,10 +66,6 @@ fi + # Ensure that we have a sane umask. + umask 022 + +-# Ensure that we have a sane PATH. +-PATH='/sbin:/usr/sbin:/bin:/usr/bin' +-export PATH +- + # Define some relevant paths. + mstpctl='@mstpctlfile@' + mstpd='@mstpdfile@'