nixos/home/routing: Initial working RSTP
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 15m33s
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 15m33s
This commit is contained in:
12
flake.lock
generated
12
flake.lock
generated
@@ -560,11 +560,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs-mine": {
|
"nixpkgs-mine": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1698758299,
|
"lastModified": 1700347575,
|
||||||
"narHash": "sha256-J5Ljnna3fmtSRXvYOo0fm+65+lsP6FO1DXNp+fnSFA8=",
|
"narHash": "sha256-wHdY7YFRepLNtPRh7gBP8EDJRbqC/hwYWupxTof7PQ8=",
|
||||||
"owner": "devplayer0",
|
"owner": "devplayer0",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "aebb3f35c0cb5270052dd4a1ac511cca5607a65e",
|
"rev": "72cc1ce8a7e476a724de861bbd066a1cb700e39b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -576,11 +576,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs-mine-stable": {
|
"nixpkgs-mine-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1698758314,
|
"lastModified": 1700347610,
|
||||||
"narHash": "sha256-n5lkK0deuU/yHN6c+d1IeGFWW0DIOXDe2ZQK0OdMyY4=",
|
"narHash": "sha256-NLRu2yPRc6BRIIcI0KG9csLGiAhmZG2JXLrJI+gLJQk=",
|
||||||
"owner": "devplayer0",
|
"owner": "devplayer0",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "2e412711696ca846a039eafcc7a23e80d85de1e3",
|
"rev": "8b2769b59113858ecf4cf24ddae9ab1b8dd7920d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|||||||
@@ -59,15 +59,27 @@ in
|
|||||||
let
|
let
|
||||||
inherit (lib) mkIf mkMerge mkForce;
|
inherit (lib) mkIf mkMerge mkForce;
|
||||||
inherit (lib.my) networkdAssignment;
|
inherit (lib.my) networkdAssignment;
|
||||||
|
|
||||||
|
# TODO: Move into nixpkgs
|
||||||
|
mstpd = pkgs.mstpd.overrideAttrs {
|
||||||
|
patches = [ ./mstpd.patch ];
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [ (import ./dns.nix index) ];
|
imports = [ (import ./dns.nix index) ];
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
environment = {
|
environment = {
|
||||||
systemPackages = with pkgs; [
|
systemPackages = [
|
||||||
ethtool
|
pkgs.ethtool
|
||||||
|
mstpd
|
||||||
];
|
];
|
||||||
|
etc = {
|
||||||
|
"bridge-stp.conf".text = ''
|
||||||
|
MANAGE_MSTPD=n
|
||||||
|
MSTP_BRIDGES=lan
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
@@ -82,10 +94,44 @@ in
|
|||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networkd-dispatcher = {
|
||||||
|
enable = true;
|
||||||
|
rules = {
|
||||||
|
configure-mstpd = {
|
||||||
|
onState = [ "routable" ];
|
||||||
|
script = ''
|
||||||
|
#!${pkgs.runtimeShell}
|
||||||
|
if [ $IFACE = "lan" ]; then
|
||||||
|
${mstpd}/sbin/mstpctl setforcevers $IFACE rstp
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.domain = "h.${pubDomain}";
|
networking.domain = "h.${pubDomain}";
|
||||||
|
|
||||||
|
systemd = {
|
||||||
|
services = {
|
||||||
|
mstpd = {
|
||||||
|
description = "MSTP daemon";
|
||||||
|
before = [ "network-pre.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "forking";
|
||||||
|
ExecStart = "${mstpd}/sbin/bridge-stp restart";
|
||||||
|
ExecReload = "${mstpd}/sbin/bridge-stp restart_config";
|
||||||
|
PIDFile = "/run/mstpd.pid";
|
||||||
|
Restart = "always";
|
||||||
|
PrivateTmp = true;
|
||||||
|
ProtectHome = true;
|
||||||
|
};
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
wait-online.enable = false;
|
wait-online.enable = false;
|
||||||
config = {
|
config = {
|
||||||
@@ -112,9 +158,15 @@ in
|
|||||||
Name = "wan";
|
Name = "wan";
|
||||||
Kind = "bridge";
|
Kind = "bridge";
|
||||||
};
|
};
|
||||||
"25-lan".netdevConfig = {
|
"25-lan" = {
|
||||||
Name = "lan";
|
netdevConfig = {
|
||||||
Kind = "bridge";
|
Name = "lan";
|
||||||
|
Kind = "bridge";
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
[Bridge]
|
||||||
|
STP=true
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
26
nixos/boxes/home/routing-common/mstpd.patch
Normal file
26
nixos/boxes/home/routing-common/mstpd.patch
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
diff --git a/bridge-stp.in b/bridge-stp.in
|
||||||
|
index 3807873..9c73126 100755
|
||||||
|
--- a/bridge-stp.in
|
||||||
|
+++ b/bridge-stp.in
|
||||||
|
@@ -31,6 +31,10 @@
|
||||||
|
# bridge or any associated kernel network interfaces in any code paths that are
|
||||||
|
# used when this script is called by the kernel.
|
||||||
|
|
||||||
|
+# Ensure that we have a sane PATH.
|
||||||
|
+PATH='/run/current-system/sw/bin'
|
||||||
|
+export PATH
|
||||||
|
+
|
||||||
|
# Parse arguments.
|
||||||
|
CalledAs="$(basename "$0")"
|
||||||
|
if [ "$CalledAs" = 'mstpctl_restart_config' ]; then
|
||||||
|
@@ -62,10 +66,6 @@ fi
|
||||||
|
# Ensure that we have a sane umask.
|
||||||
|
umask 022
|
||||||
|
|
||||||
|
-# Ensure that we have a sane PATH.
|
||||||
|
-PATH='/sbin:/usr/sbin:/bin:/usr/bin'
|
||||||
|
-export PATH
|
||||||
|
-
|
||||||
|
# Define some relevant paths.
|
||||||
|
mstpctl='@mstpctlfile@'
|
||||||
|
mstpd='@mstpdfile@'
|
||||||
Reference in New Issue
Block a user