diff --git a/hosts/idols-ai/default.nix b/hosts/idols-ai/default.nix index 4df5475e..fe67d832 100644 --- a/hosts/idols-ai/default.nix +++ b/hosts/idols-ai/default.nix @@ -33,7 +33,6 @@ in { networking.useNetworkd = true; systemd.network.enable = true; - # Add ipv4 address to the bridge. systemd.network.networks."10-${iface}" = { matchConfig.Name = [iface]; networkConfig = { diff --git a/hosts/idols-aquamarine/default.nix b/hosts/idols-aquamarine/default.nix index 3dbd860d..b6b5c849 100644 --- a/hosts/idols-aquamarine/default.nix +++ b/hosts/idols-aquamarine/default.nix @@ -13,6 +13,10 @@ ############################################################# let hostName = "aquamarine"; # Define your hostname. + + inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; + inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4; + ipv4WithMask = "${ipv4}/24"; in { imports = (mylib.scanPaths ./.) @@ -43,9 +47,36 @@ in { networking = { inherit hostName; - inherit (myvars.networking) defaultGateway nameservers; - inherit (myvars.networking.hostsInterface.${hostName}) interfaces; + + # we use networkd instead networkmanager.enable = false; + useDHCP = false; + }; + + networking.useNetworkd = true; + systemd.network.enable = true; + + systemd.network.networks."10-${iface}" = { + matchConfig.Name = [iface]; + networkConfig = { + Address = [ipv4WithMask]; + DNS = nameservers; + DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. + IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) + LinkLocalAddressing = "ipv6"; + }; + routes = [ + { + Destination = "0.0.0.0/0"; + Gateway = defaultGateway; + } + { + Destination = "::/0"; + Gateway = defaultGateway6; + GatewayOnLink = true; # it's a gateway on local link. + } + ]; + linkConfig.RequiredForOnline = "routable"; }; # This value determines the NixOS release from which the default diff --git a/hosts/idols-kana/default.nix b/hosts/idols-kana/default.nix index 8baad1cb..d34c0f56 100644 --- a/hosts/idols-kana/default.nix +++ b/hosts/idols-kana/default.nix @@ -10,6 +10,10 @@ ############################################################# let hostName = "kana"; # Define your hostname. + + inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; + inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4; + ipv4WithMask = "${ipv4}/24"; in { imports = mylib.scanPaths ./.; @@ -30,9 +34,36 @@ in { networking = { inherit hostName; - inherit (myvars.networking) defaultGateway nameservers; - inherit (myvars.networking.hostsInterface.${hostName}) interfaces; + + # we use networkd instead networkmanager.enable = false; + useDHCP = false; + }; + + networking.useNetworkd = true; + systemd.network.enable = true; + + systemd.network.networks."10-${iface}" = { + matchConfig.Name = [iface]; + networkConfig = { + Address = [ipv4WithMask]; + DNS = nameservers; + DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. + IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) + LinkLocalAddressing = "ipv6"; + }; + routes = [ + { + Destination = "0.0.0.0/0"; + Gateway = defaultGateway; + } + { + Destination = "::/0"; + Gateway = defaultGateway6; + GatewayOnLink = true; # it's a gateway on local link. + } + ]; + linkConfig.RequiredForOnline = "routable"; }; # This value determines the NixOS release from which the default diff --git a/hosts/idols-ruby/default.nix b/hosts/idols-ruby/default.nix index 62d7cc8a..0550c068 100644 --- a/hosts/idols-ruby/default.nix +++ b/hosts/idols-ruby/default.nix @@ -10,6 +10,10 @@ ############################################################# let hostName = "ruby"; # Define your hostname. + + inherit (myvars.networking) defaultGateway defaultGateway6 nameservers; + inherit (myvars.networking.hostsAddr.${hostName}) iface ipv4; + ipv4WithMask = "${ipv4}/24"; in { imports = mylib.scanPaths ./.; @@ -32,9 +36,36 @@ in { networking = { inherit hostName; - inherit (myvars.networking) defaultGateway nameservers; - inherit (myvars.networking.hostsInterface.${hostName}) interfaces; + + # we use networkd instead networkmanager.enable = false; + useDHCP = false; + }; + + networking.useNetworkd = true; + systemd.network.enable = true; + + systemd.network.networks."10-${iface}" = { + matchConfig.Name = [iface]; + networkConfig = { + Address = [ipv4WithMask]; + DNS = nameservers; + DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. + IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) + LinkLocalAddressing = "ipv6"; + }; + routes = [ + { + Destination = "0.0.0.0/0"; + Gateway = defaultGateway; + } + { + Destination = "::/0"; + Gateway = defaultGateway6; + GatewayOnLink = true; # it's a gateway on local link. + } + ]; + linkConfig.RequiredForOnline = "routable"; }; # This value determines the NixOS release from which the default diff --git a/hosts/k8s/k3s-prod-1-master-1/default.nix b/hosts/k8s/k3s-prod-1-master-1/default.nix index 4863354f..e7958cd6 100644 --- a/hosts/k8s/k3s-prod-1-master-1/default.nix +++ b/hosts/k8s/k3s-prod-1-master-1/default.nix @@ -20,6 +20,14 @@ # use my own domain & kube-vip's virtual IP for the API server # so that the API server can always be accessed even if some nodes are down masterHost = "prod-cluster-1.writefor.fun"; + + kubeletExtraArgs = [ + # IPv4 Private CIDR(full) - 172.16.0.0/12 + # IPv4 Pod CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64 + # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64 + "--cluster-cidr=172.20.0.0/16,fdfd:cafe:00:0003::/64" + "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112" + ]; }; in { imports = diff --git a/hosts/k8s/k3s-prod-1-master-2/default.nix b/hosts/k8s/k3s-prod-1-master-2/default.nix index 86100af1..772d2f99 100644 --- a/hosts/k8s/k3s-prod-1-master-2/default.nix +++ b/hosts/k8s/k3s-prod-1-master-2/default.nix @@ -18,6 +18,14 @@ # use my own domain & kube-vip's virtual IP for the API server # so that the API server can always be accessed even if some nodes are down masterHost = "prod-cluster-1.writefor.fun"; + + kubeletExtraArgs = [ + # IPv4 Private CIDR(full) - 172.16.0.0/12 + # IPv4 Pod CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64 + # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64 + "--cluster-cidr=172.20.0.0/16,fdfd:cafe:00:0003::/64" + "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112" + ]; }; in { imports = diff --git a/hosts/k8s/k3s-prod-1-master-3/default.nix b/hosts/k8s/k3s-prod-1-master-3/default.nix index 850f1867..57184504 100644 --- a/hosts/k8s/k3s-prod-1-master-3/default.nix +++ b/hosts/k8s/k3s-prod-1-master-3/default.nix @@ -18,6 +18,14 @@ # use my own domain & kube-vip's virtual IP for the API server # so that the API server can always be accessed even if some nodes are down masterHost = "prod-cluster-1.writefor.fun"; + + kubeletExtraArgs = [ + # IPv4 Private CIDR(full) - 172.16.0.0/12 + # IPv4 Pod CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64 + # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64 + "--cluster-cidr=172.20.0.0/16,fdfd:cafe:00:0003::/64" + "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112" + ]; }; in { imports = diff --git a/hosts/k8s/k3s-prod-1-worker-1/default.nix b/hosts/k8s/k3s-prod-1-worker-1/default.nix index 85813fbe..c87ca4a6 100644 --- a/hosts/k8s/k3s-prod-1-worker-1/default.nix +++ b/hosts/k8s/k3s-prod-1-worker-1/default.nix @@ -17,6 +17,14 @@ # use my own domain & kube-vip's virtual IP for the API server # so that the API server can always be accessed even if some nodes are down masterHost = "prod-cluster-1.writefor.fun"; + + kubeletExtraArgs = [ + # IPv4 Private CIDR(full) - 172.16.0.0/12 + # IPv4 Pod CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64 + # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64 + "--cluster-cidr=172.20.0.0/16,fdfd:cafe:00:0003::/64" + "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112" + ]; }; in { imports = diff --git a/hosts/k8s/k3s-prod-1-worker-2/default.nix b/hosts/k8s/k3s-prod-1-worker-2/default.nix index 5952204b..ff9ed740 100644 --- a/hosts/k8s/k3s-prod-1-worker-2/default.nix +++ b/hosts/k8s/k3s-prod-1-worker-2/default.nix @@ -17,6 +17,14 @@ # use my own domain & kube-vip's virtual IP for the API server # so that the API server can always be accessed even if some nodes are down masterHost = "prod-cluster-1.writefor.fun"; + + kubeletExtraArgs = [ + # IPv4 Private CIDR(full) - 172.16.0.0/12 + # IPv4 Pod CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64 + # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64 + "--cluster-cidr=172.20.0.0/16,fdfd:cafe:00:0003::/64" + "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112" + ]; }; in { imports = diff --git a/hosts/k8s/k3s-prod-1-worker-3/default.nix b/hosts/k8s/k3s-prod-1-worker-3/default.nix index 59e839bd..25ed9dc4 100644 --- a/hosts/k8s/k3s-prod-1-worker-3/default.nix +++ b/hosts/k8s/k3s-prod-1-worker-3/default.nix @@ -17,6 +17,14 @@ # use my own domain & kube-vip's virtual IP for the API server # so that the API server can always be accessed even if some nodes are down masterHost = "prod-cluster-1.writefor.fun"; + + kubeletExtraArgs = [ + # IPv4 Private CIDR(full) - 172.16.0.0/12 + # IPv4 Pod CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64 + # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64 + "--cluster-cidr=172.20.0.0/16,fdfd:cafe:00:0003::/64" + "--service-cidr=172.21.0.0/16,fdfd:cafe:00:8003::/112" + ]; }; in { imports = diff --git a/hosts/k8s/k3s-test-1-master-1/default.nix b/hosts/k8s/k3s-test-1-master-1/default.nix index d0c954c3..80332a87 100644 --- a/hosts/k8s/k3s-test-1-master-1/default.nix +++ b/hosts/k8s/k3s-test-1-master-1/default.nix @@ -20,6 +20,14 @@ # use my own domain & kube-vip's virtual IP for the API server # so that the API server can always be accessed even if some nodes are down masterHost = "test-cluster-1.writefor.fun"; + + # kubeletExtraArgs = [ + # # IPv4 Private CIDR(full) - 172.16.0.0/12 + # # IPv4 Pod CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64 + # # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64 + # "--cluster-cidr=172.18.0.0/16,fdfd:cafe:00:0002::/64" + # "--service-cidr=172.19.0.0/16,fdfd:cafe:00:8002::/112" + # ]; }; in { imports = diff --git a/hosts/k8s/k3s-test-1-master-2/default.nix b/hosts/k8s/k3s-test-1-master-2/default.nix index abbb6960..c149ebb2 100644 --- a/hosts/k8s/k3s-test-1-master-2/default.nix +++ b/hosts/k8s/k3s-test-1-master-2/default.nix @@ -18,6 +18,14 @@ # use my own domain & kube-vip's virtual IP for the API server # so that the API server can always be accessed even if some nodes are down masterHost = "test-cluster-1.writefor.fun"; + + # kubeletExtraArgs = [ + # # IPv4 Private CIDR(full) - 172.16.0.0/12 + # # IPv4 Pod CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64 + # # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64 + # "--cluster-cidr=172.18.0.0/16,fdfd:cafe:00:0002::/64" + # "--service-cidr=172.19.0.0/16,fdfd:cafe:00:8002::/112" + # ]; }; in { imports = diff --git a/hosts/k8s/k3s-test-1-master-3/default.nix b/hosts/k8s/k3s-test-1-master-3/default.nix index 235e9e0f..dfcf2b64 100644 --- a/hosts/k8s/k3s-test-1-master-3/default.nix +++ b/hosts/k8s/k3s-test-1-master-3/default.nix @@ -18,6 +18,14 @@ # use my own domain & kube-vip's virtual IP for the API server # so that the API server can always be accessed even if some nodes are down masterHost = "test-cluster-1.writefor.fun"; + + # kubeletExtraArgs = [ + # # IPv4 Private CIDR(full) - 172.16.0.0/12 + # # IPv4 Pod CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64 + # # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64 + # "--cluster-cidr=172.18.0.0/16,fdfd:cafe:00:0002::/64" + # "--service-cidr=172.19.0.0/16,fdfd:cafe:00:8002::/112" + # ]; }; in { imports = diff --git a/hosts/k8s/kubevirt-shoryu/default.nix b/hosts/k8s/kubevirt-shoryu/default.nix index 0728620c..328ea1da 100644 --- a/hosts/k8s/kubevirt-shoryu/default.nix +++ b/hosts/k8s/kubevirt-shoryu/default.nix @@ -29,6 +29,12 @@ # when cpu-manager's static policy is enabled # the memory we reserved here is also for the kernel, since kernel's memory is not accounted in pods "--system-reserved=cpu=1,memory=2Gi,ephemeral-storage=2Gi" + + # IPv4 Private CIDR(full) - 172.16.0.0/12 + # IPv4 Pod CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64 + # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64 + "--cluster-cidr=172.16.0.0/16,fdfd:cafe:00:0001::/64" + "--service-cidr=172.17.0.0/16,fdfd:cafe:00:8001::/112" ]; nodeLabels = [ "node-purpose=kubevirt" diff --git a/hosts/k8s/kubevirt-shushou/default.nix b/hosts/k8s/kubevirt-shushou/default.nix index cfd87c96..67c23625 100644 --- a/hosts/k8s/kubevirt-shushou/default.nix +++ b/hosts/k8s/kubevirt-shushou/default.nix @@ -26,6 +26,12 @@ # when cpu-manager's static policy is enabled # the memory we reserved here is also for the kernel, since kernel's memory is not accounted in pods "--system-reserved=cpu=1,memory=2Gi,ephemeral-storage=2Gi" + + # IPv4 Private CIDR(full) - 172.16.0.0/12 + # IPv4 Pod CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64 + # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64 + "--cluster-cidr=172.16.0.0/16,fdfd:cafe:00:0001::/64" + "--service-cidr=172.17.0.0/16,fdfd:cafe:00:8001::/112" ]; nodeLabels = [ "node-purpose=kubevirt" diff --git a/hosts/k8s/kubevirt-youko/default.nix b/hosts/k8s/kubevirt-youko/default.nix index fc967d31..405f881a 100644 --- a/hosts/k8s/kubevirt-youko/default.nix +++ b/hosts/k8s/kubevirt-youko/default.nix @@ -26,6 +26,12 @@ # when cpu-manager's static policy is enabled # the memory we reserved here is also for the kernel, since kernel's memory is not accounted in pods "--system-reserved=cpu=1,memory=2Gi,ephemeral-storage=2Gi" + + # IPv4 Private CIDR(full) - 172.16.0.0/12 + # IPv4 Pod CIDR(full) - fdfd:cafe:00:0000::/64 ~ fdfd:cafe:00:7fff::/64 + # IPv4 Service CIDR(full) - fdfd:cafe:00:8000::/64 ~ fdfd:cafe:00:ffff::/64 + "--cluster-cidr=172.16.0.0/16,fdfd:cafe:00:0001::/64" + "--service-cidr=172.17.0.0/16,fdfd:cafe:00:8001::/112" ]; nodeLabels = [ "node-purpose=kubevirt" diff --git a/lib/genK3sAgentModule.nix b/lib/genK3sAgentModule.nix index 0230a21e..ee4124b0 100644 --- a/lib/genK3sAgentModule.nix +++ b/lib/genK3sAgentModule.nix @@ -8,6 +8,15 @@ package = pkgs.k3s; in { environment.systemPackages = [package]; + + # Kernel modules required by cilium + boot.kernelModules = ["ip6_tables" "ip6table_mangle" "ip6table_raw" "ip6table_filter"]; + networking.enableIPv6 = true; + networking.nat = { + enable = true; + enableIPv6 = true; + }; + services.k3s = { enable = true; inherit package tokenFile; diff --git a/lib/genK3sServerModule.nix b/lib/genK3sServerModule.nix index 8df8cd4a..6b50b2dc 100644 --- a/lib/genK3sServerModule.nix +++ b/lib/genK3sServerModule.nix @@ -34,6 +34,13 @@ in { dive # explore docker layers ]; + # Kernel modules required by cilium + boot.kernelModules = ["ip6_tables" "ip6table_mangle" "ip6table_raw" "ip6table_filter"]; + networking.enableIPv6 = true; + networking.nat = { + enable = true; + enableIPv6 = true; + }; services.k3s = { enable = true; inherit package tokenFile clusterInit; diff --git a/lib/genKubeVirtGuestModule.nix b/lib/genKubeVirtGuestModule.nix index 144a5e5c..6626f197 100644 --- a/lib/genKubeVirtGuestModule.nix +++ b/lib/genKubeVirtGuestModule.nix @@ -4,7 +4,7 @@ networking, ... }: let - inherit (networking) defaultGateway nameservers; + inherit (networking) defaultGateway defaultGateway6 nameservers; inherit (networking.hostsAddr.${hostName}) iface ipv4; ipv4WithMask = "${ipv4}/24"; in { @@ -18,19 +18,36 @@ in { "exfat" ]; - networking = {inherit hostName;}; + networking = { + inherit hostName; + + # we use networkd instead + networkmanager.enable = false; + useDHCP = false; + }; networking.useNetworkd = true; systemd.network.enable = true; - # Add ipv4 address to the bridge. systemd.network.networks."10-${iface}" = { matchConfig.Name = [iface]; networkConfig = { Address = [ipv4WithMask]; - Gateway = defaultGateway; DNS = nameservers; - IPv6AcceptRA = true; + DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. + IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) + LinkLocalAddressing = "ipv6"; }; + routes = [ + { + Destination = "0.0.0.0/0"; + Gateway = defaultGateway; + } + { + Destination = "::/0"; + Gateway = defaultGateway6; + GatewayOnLink = true; # it's a gateway on local link. + } + ]; linkConfig.RequiredForOnline = "routable"; }; diff --git a/lib/genKubeVirtHostModule.nix b/lib/genKubeVirtHostModule.nix index a0e2901a..541d1b2d 100644 --- a/lib/genKubeVirtHostModule.nix +++ b/lib/genKubeVirtHostModule.nix @@ -4,7 +4,9 @@ networking, ... }: let - inherit (networking.hostsAddr.${hostName}) iface; + inherit (networking) defaultGateway defaultGateway6 nameservers; + inherit (networking.hostsAddr.${hostName}) iface ipv4; + ipv4WithMask = "${ipv4}/24"; in { # supported file systems, so we can mount any removable disks with these filesystems boot.supportedFilesystems = [ @@ -31,15 +33,17 @@ in { # --- network --- # "net.bridge.bridge-nf-call-iptables" = 1; "net.core.somaxconn" = 32768; - "net.ipv4.ip_forward" = 1; + + # ----- IPv4 ----- # + "net.ipv4.ip_forward" = 1; # Enable forwarding "net.ipv4.conf.all.forwarding" = 1; "net.ipv4.neigh.default.gc_thresh1" = 4096; "net.ipv4.neigh.default.gc_thresh2" = 6144; "net.ipv4.neigh.default.gc_thresh3" = 8192; "net.ipv4.neigh.default.gc_interval" = 60; "net.ipv4.neigh.default.gc_stale_time" = 120; - - "net.ipv6.conf.all.disable_ipv6" = 1; # disable ipv6 + # ----- IPv6 ----- # + "net.ipv6.conf.all.forwarding" = 1; # Enable forwarding # --- memory --- # "vm.swappiness" = 0; # don't swap unless absolutely necessary @@ -67,6 +71,16 @@ in { enable = true; }; + networking = { + inherit hostName; + + # we use networkd instead + networkmanager.enable = false; + useDHCP = false; + }; + networking.useNetworkd = true; + systemd.network.enable = true; + # Enable the Open vSwitch as a systemd service # It's required by kubernetes' ovs-cni plugin. virtualisation.vswitch = { @@ -82,15 +96,40 @@ in { interfaces.${iface} = {}; }; }; - networking = { - inherit hostName; - inherit (networking) defaultGateway nameservers; - networkmanager.enable = false; - # Set the host's address on the OVS bridge interface instead of the physical interface! - interfaces.ovsbr1 = networking.hostsInterface.${hostName}.interfaces.${iface}; - dhcpcd.enable = false; # disable dhcpcd, it's useless for the host - enableIPv6 = true; + # systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; + + # Set the host's address on the OVS bridge interface instead of the physical interface! + systemd.network.networks = { + "10-ovsbr1" = { + matchConfig.Name = ["ovsbr1"]; + networkConfig = { + Address = [ipv4WithMask]; + DNS = nameservers; + DHCP = "ipv6"; # enable DHCPv6 only, so we can get a GUA. + IPv6AcceptRA = true; # for Stateless IPv6 Autoconfiguraton (SLAAC) + LinkLocalAddressing = "ipv6"; + }; + routes = [ + { + Destination = "0.0.0.0/0"; + Gateway = defaultGateway; + } + { + Destination = "::/0"; + Gateway = defaultGateway6; + GatewayOnLink = true; # it's a gateway on local link. + } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + "20-${iface}" = { + matchConfig.Name = [iface]; + networkConfig.LinkLocalAddressing = "no"; + # tell networkd ignore this interface. + # it's managed by openvswitch + linkConfig.RequiredForOnline = "no"; + }; }; # This value determines the NixOS release from which the default