Add public network for events

2022-08-03 00:31:57 +00:00 · 2022-08-03 00:31:57 +00:00 · 4dead39dcc
commit 4dead39dcc
parent 33852f2c0d
4 changed files with 55 additions and 2 deletions
--- a/machines/raven/configuration.nix
+++ b/machines/raven/configuration.nix
@ -21,6 +21,10 @@
        id = 5;
        interface = "eno1";
      };
+      pubevent = {
+        id = 6;
+        interface = "eno1";
+      };
    };
    interfaces = {
      eno2.useDHCP = true;
@ -28,6 +32,10 @@
        address = "192.168.94.1";
        prefixLength = 24;
      }];
+      pubevent.ipv4.addresses = [{
+        address = "10.10.0.1";
+        prefixLength = 20;
+      }];
      voip.ipv4.addresses = [{
        address = "192.168.93.1";
        prefixLength = 24;
@ -38,6 +46,7 @@
      externalInterface = "eno2";
      internalInterfaces = [
        "labprod"
+        "pubevent"
        "voip"
      ];
    };
--- a/machines/raven/services/dnsmasq.nix
+++ b/machines/raven/services/dnsmasq.nix
@ -1,11 +1,31 @@
 { pkgs, ... }:

+let
+  stateDir = "/var/lib/dnsmasq";
+  dnsmasqEventsConf = pkgs.writeText "dnsmasq-events.conf" ''
+    dhcp-leasefile=${stateDir}/dnsmasq-events.leases
+    bind-dynamic
+    listen-address=10.10.0.1
+    except-interface=lo
+
+    domain=events.fablab-nea.de
+    dhcp-range=10.10.0.20,10.10.15.254,24h
+
+    cache-size=10000
+    dns-forward-max=1000
+
+    no-hosts
+  '';
+in
 {
  services.dnsmasq = {
    enable = true;

    extraConfig = ''
      bind-dynamic
+      listen-address=192.168.93.1
+      listen-address=192.168.94.1
+      interface=lo

      expand-hosts
      domain=lab.fablab-nea.de
@ -34,6 +54,27 @@
    ];
  };

+  systemd.services."dnsmasq-events" = {
+    description = "dnsmasq daemon for public event network";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    path = [ pkgs.dnsmasq ];
+    preStart = ''
+      mkdir -m 755 -p ${stateDir}
+      dnsmasq --test -C ${dnsmasqEventsConf}
+    '';
+    serviceConfig = {
+      Type = "dbus";
+      BusName = "uk.org.thekelleys.dnsmasq-events";
+      ExecStart = "${pkgs.dnsmasq}/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C ${dnsmasqEventsConf}";
+      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+      PrivateTmp = true;
+      ProtectSystem = true;
+      ProtectHome = true;
+      Restart = "on-failure";
+    };
+  };
+
  networking.firewall = {
    allowedUDPPorts = [ 53 67 ];
    allowedTCPPorts = [ 53 ];
--- a/pkgs/fablab/freeradius-anon-access/raddb/mods-available/eap
+++ b/pkgs/fablab/freeradius-anon-access/raddb/mods-available/eap
@ -836,7 +836,7 @@ eap {
 		#
 		#  allowed values: {no, yes}
 		#
-		use_tunneled_reply = no
+		use_tunneled_reply = yes

 		#  The inner tunneled request can be sent
 		#  through a virtual server constructed
@ -945,7 +945,7 @@ eap {
 		#  sections of sites-available/default, and of
 		#  sites-available/inner-tunnel
 		#
-		use_tunneled_reply = no
+		use_tunneled_reply = yes

 		#  When the tunneled session is proxied, the
 		#  home server may not understand EAP-MSCHAP-V2.
--- a/pkgs/fablab/freeradius-anon-access/raddb/mods-config/files/authorize
+++ b/pkgs/fablab/freeradius-anon-access/raddb/mods-config/files/authorize
@ -2,6 +2,9 @@ anonymous         Cleartext-Password := "anonymous"

 #/ wildcard, accept any credentials
 DEFAULT    FreeRADIUS-Proxied-To == 127.0.0.1, Auth-Type := Accept
+           Tunnel-Type = VLAN,
+	   Tunnel-Medium-Type = IEEE-802,
+           Tunnel-Private-Group-ID = 6

 #DEFAULT         FreeRADIUS-Proxied-To == 127.0.0.1, Auth-Type := Accept
 #                session-timeout = 14400,