nixos/home/routing: Initial working RSTP

2023-11-20 01:51:46 +00:00
parent afe124a726
commit e6ad150865
3 changed files with 89 additions and 11 deletions
--- a/nixos/boxes/home/routing-common/default.nix
+++ b/nixos/boxes/home/routing-common/default.nix
@@ -59,15 +59,27 @@ in
      let
        inherit (lib) mkIf mkMerge mkForce;
        inherit (lib.my) networkdAssignment;
+
+        # TODO: Move into nixpkgs
+        mstpd = pkgs.mstpd.overrideAttrs {
+          patches = [ ./mstpd.patch ];
+        };
      in
      {
        imports = [ (import ./dns.nix index) ];

        config = {
          environment = {
-            systemPackages = with pkgs; [
-              ethtool
+            systemPackages = [
+              pkgs.ethtool
+              mstpd
            ];
+            etc = {
+              "bridge-stp.conf".text = ''
+                MANAGE_MSTPD=n
+                MSTP_BRIDGES=lan
+              '';
+            };
          };

          services = {
@@ -82,10 +94,44 @@ in
              enable = true;
              openFirewall = true;
            };
+
+            networkd-dispatcher = {
+              enable = true;
+              rules = {
+                configure-mstpd = {
+                  onState = [ "routable" ];
+                  script = ''
+                    #!${pkgs.runtimeShell}
+                    if [ $IFACE = "lan" ]; then
+                      ${mstpd}/sbin/mstpctl setforcevers $IFACE rstp
+                    fi
+                  '';
+                };
+              };
+            };
          };

          networking.domain = "h.${pubDomain}";

+          systemd = {
+            services = {
+              mstpd = {
+                description = "MSTP daemon";
+                before = [ "network-pre.target" ];
+                serviceConfig = {
+                  Type = "forking";
+                  ExecStart = "${mstpd}/sbin/bridge-stp restart";
+                  ExecReload = "${mstpd}/sbin/bridge-stp restart_config";
+                  PIDFile = "/run/mstpd.pid";
+                  Restart = "always";
+                  PrivateTmp = true;
+                  ProtectHome = true;
+                };
+                wantedBy = [ "multi-user.target" ];
+              };
+            };
+          };
+
          systemd.network = {
            wait-online.enable = false;
            config = {
@@ -112,9 +158,15 @@ in
                  Name = "wan";
                  Kind = "bridge";
                };
-                "25-lan".netdevConfig = {
-                  Name = "lan";
-                  Kind = "bridge";
+                "25-lan" = {
+                  netdevConfig = {
+                    Name = "lan";
+                    Kind = "bridge";
+                  };
+                  extraConfig = ''
+                    [Bridge]
+                    STP=true
+                  '';
                };
              }

--- a/nixos/boxes/home/routing-common/mstpd.patch
+++ b/nixos/boxes/home/routing-common/mstpd.patch
@@ -0,0 +1,26 @@
+diff --git a/bridge-stp.in b/bridge-stp.in
+index 3807873..9c73126 100755
+--- a/bridge-stp.in
+++ b/bridge-stp.in
+@@ -31,6 +31,10 @@
+ # bridge or any associated kernel network interfaces in any code paths that are
+ # used when this script is called by the kernel.
+ 
+# Ensure that we have a sane PATH.
+PATH='/run/current-system/sw/bin'
+export PATH
+
+ # Parse arguments.
+ CalledAs="$(basename "$0")"
+ if [ "$CalledAs" = 'mstpctl_restart_config' ]; then
+@@ -62,10 +66,6 @@ fi
+ # Ensure that we have a sane umask.
+ umask 022
+ 
+-# Ensure that we have a sane PATH.
+-PATH='/sbin:/usr/sbin:/bin:/usr/bin'
+-export PATH
+-
+ # Define some relevant paths.
+ mstpctl='@mstpctlfile@'
+ mstpd='@mstpdfile@'