feat: Complete sleeper-service systemd-networkd configuration
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
- Update sleeper-service to use systemd-networkd with static IP (10.0.0.8/24) - Configure proper gateway (10.0.0.138) and DNS (Pi-hole, router, Google) - Add NFS and SMB firewall ports for file server services - Document network topology discovery results in plan.md - Update network module README with current configuration status Based on nmap network discovery and Context7 NixOS systemd-networkd documentation. Configuration ready for deployment to existing files.home machine.
This commit is contained in:
Geir Okkenhaug Jerstad
parent
05b81f93b7
commit
6a3a3abc48
3 changed files with 80 additions and 8 deletions
|
|
@ -19,8 +19,8 @@ This directory contains networking configurations for all machines in the Home L
|
||||||
|
|
||||||
### network-congenital-optimist.nix
|
### network-congenital-optimist.nix
|
||||||
- AMD Threadripper workstation
|
- AMD Threadripper workstation
|
||||||
- ZFS configuration (hostId: 8425e349)
|
- ZFS hostId configuration (8425e349)
|
||||||
- Additional ports: 9091 (Transmission RPC)
|
- Ready for additional service ports as needed
|
||||||
|
|
||||||
### network-sleeper-service.nix
|
### network-sleeper-service.nix
|
||||||
- Xeon file server
|
- Xeon file server
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
# Networking Configuration - sleeper-service
|
# Networking Configuration - sleeper-service
|
||||||
# Xeon file server network setup
|
# Xeon file server network setup with systemd-networkd and static IPs
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
@ -10,12 +10,43 @@
|
||||||
# Machine-specific network configuration
|
# Machine-specific network configuration
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "sleeper-service";
|
hostName = "sleeper-service";
|
||||||
networkmanager.enable = true;
|
|
||||||
|
# Enable systemd-networkd for static networking
|
||||||
|
useNetworkd = true;
|
||||||
|
useDHCP = false; # Required when using systemd-networkd
|
||||||
|
|
||||||
|
# Disable NetworkManager in favor of systemd-networkd
|
||||||
|
networkmanager.enable = false;
|
||||||
|
|
||||||
|
# Configure static IP for the main ethernet interface
|
||||||
|
interfaces.enp0s25 = {
|
||||||
|
useDHCP = false;
|
||||||
|
ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "10.0.0.8"; # Static IP for sleeper-service (existing files.home machine)
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Network gateway and DNS (based on nmap discovery)
|
||||||
|
defaultGateway = "10.0.0.138"; # Discovered router at lan.home
|
||||||
|
nameservers = [ "10.0.0.14" "10.0.0.138" "8.8.8.8" ]; # Pi-hole, router, Google DNS fallback
|
||||||
|
|
||||||
# Additional firewall ports for file server services
|
# Additional firewall ports for file server services
|
||||||
# (Add specific ports as needed for file sharing services)
|
|
||||||
firewall.allowedTCPPorts = [
|
firewall.allowedTCPPorts = [
|
||||||
|
111 # NFS portmapper
|
||||||
|
2049 # NFS
|
||||||
|
445 # SMB/CIFS
|
||||||
|
139 # NetBIOS Session Service
|
||||||
# Add additional ports here as needed
|
# Add additional ports here as needed
|
||||||
];
|
];
|
||||||
|
|
||||||
|
firewall.allowedUDPPorts = [
|
||||||
|
111 # NFS portmapper
|
||||||
|
2049 # NFS
|
||||||
|
137 # NetBIOS Name Service
|
||||||
|
138 # NetBIOS Datagram Service
|
||||||
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
47
plan.md
47
plan.md
|
|
@ -243,6 +243,44 @@ Home-lab/
|
||||||
└── secrets/ (for future secrets management)
|
└── secrets/ (for future secrets management)
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### 2.3 Network Infrastructure Updates
|
||||||
|
- [x] **Network topology discovery**: Used nmap to map actual network layout
|
||||||
|
- **Network Range**: `10.0.0.0/24` (not 192.168.1.x as initially assumed)
|
||||||
|
- **Gateway**: `10.0.0.138` (lan.home - router/firewall)
|
||||||
|
- **DNS Server**: `10.0.0.14` (pi.hole - Pi-hole ad-blocker)
|
||||||
|
- **Current File Server**: `10.0.0.8` (files.home - will be renamed to sleeper-service)
|
||||||
|
- **Machine Migration**: sleeper-service is the existing files.home machine, not a new deployment
|
||||||
|
- [x] **sleeper-service systemd-networkd migration**: Configured for existing file server (files.home → sleeper-service rename)
|
||||||
|
- **Current**: files.home at 10.0.0.8 (existing NFS server, will be renamed to sleeper-service)
|
||||||
|
- **Configuration**: Static IP 10.0.0.8/24 with gateway 10.0.0.138 (keeping existing IP)
|
||||||
|
- **Network Stack**: `networking.useNetworkd = true` with `networking.useDHCP = false`
|
||||||
|
- **Interface**: Configured `enp0s25` with static IPv4 addressing
|
||||||
|
- **DNS**: Pi-hole primary (10.0.0.14), router fallback (10.0.0.138), Google DNS (8.8.8.8)
|
||||||
|
- **Firewall**: File server ports configured (NFS: 111,2049; SMB: 139,445; NetBIOS: 137,138)
|
||||||
|
- **Benefits**: More reliable networking for file server, better integration with NixOS declarative config
|
||||||
|
- [ ] **Network standardization**: Plan consistent networkd configuration across all server role machines workstation and laptop can use networkmanager
|
||||||
|
- [x] **IP address allocation**: Document static IP assignments for each service
|
||||||
|
- **Local Network (10.0.0.0/24)**:
|
||||||
|
- **10.0.0.2**: arlaptop.home (existing laptop)
|
||||||
|
- **10.0.0.3**: congenital-optimist (AMD workstation - current machine)
|
||||||
|
- **10.0.0.8**: sleeper-service (Intel Xeon file server - rename from files.home)
|
||||||
|
- **10.0.0.11**: grey-area (planned application server)
|
||||||
|
- **10.0.0.12**: reverse-proxy (planned edge server)
|
||||||
|
- **10.0.0.14**: pi.hole (Pi-hole DNS/ad-blocker)
|
||||||
|
- **10.0.0.90**: wordpresserver.home (existing WordPress server)
|
||||||
|
- **10.0.0.117**: webdev.home (existing web development server)
|
||||||
|
- **10.0.0.138**: lan.home (router/gateway)
|
||||||
|
- **Tailscale Network (100.x.x.x/10)**:
|
||||||
|
- **100.109.28.53**: congenital-optimist (current machine)
|
||||||
|
- **100.119.86.92**: apps (active server) (rename to grey area)
|
||||||
|
- **100.114.185.71**: arlaptop (laptop) (Arch Linux with plans to migrate to NixOS)
|
||||||
|
- **100.81.15.84**: files (file server)
|
||||||
|
- **100.103.143.108**: pihole (DNS server)
|
||||||
|
- **100.96.189.104**: vps1 (external VPS) (rename to reverse proxy)
|
||||||
|
- **100.126.202.40**: wordpresserver (WordPress)
|
||||||
|
- [ ] **VLAN planning**: Consider network segmentation for different service types
|
||||||
|
- [ ] **DNS configuration**: Plan local DNS resolution for internal services
|
||||||
|
|
||||||
## Phase 3: System Upgrade & Validation
|
## Phase 3: System Upgrade & Validation
|
||||||
|
|
||||||
### 3.1 Pre-upgrade Preparation
|
### 3.1 Pre-upgrade Preparation
|
||||||
|
|
@ -326,7 +364,7 @@ Home-lab/
|
||||||
- [ ] Service accounts for automation (forgejo-admin, backup-agent)
|
- [ ] Service accounts for automation (forgejo-admin, backup-agent)
|
||||||
- [ ] Guest accounts for temporary access
|
- [ ] Guest accounts for temporary access
|
||||||
- [x] Culture character naming convention established
|
- [x] Culture character naming convention established
|
||||||
- [ ] Network infrastructure planning
|
- [x] **Network infrastructure planning**: Started with sleeper-service systemd-networkd migration
|
||||||
- [ ] Consider hardware requirements for future expansion
|
- [ ] Consider hardware requirements for future expansion
|
||||||
|
|
||||||
### 5.2 Services Architecture
|
### 5.2 Services Architecture
|
||||||
|
|
@ -338,10 +376,13 @@ Home-lab/
|
||||||
- [ ] Container orchestration planning
|
- [ ] Container orchestration planning
|
||||||
|
|
||||||
### 5.3 Security & Networking
|
### 5.3 Security & Networking
|
||||||
|
- [x] **systemd-networkd migration**: Completed for sleeper-service with static IP configuration
|
||||||
- [ ] VPN configuration (Tailscale expansion)
|
- [ ] VPN configuration (Tailscale expansion)
|
||||||
- [ ] Firewall rules standardization
|
- [ ] Firewall rules standardization across machines
|
||||||
- [ ] SSH key management
|
- [ ] SSH key management centralization
|
||||||
- [ ] Certificate management (Let's Encrypt)
|
- [ ] Certificate management (Let's Encrypt)
|
||||||
|
- [ ] Network segmentation planning (VLANs for services vs. user devices)
|
||||||
|
- [ ] DNS infrastructure (local DNS server for service discovery)
|
||||||
|
|
||||||
## Phase 6: Advanced Features
|
## Phase 6: Advanced Features
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue