fix default gateway for router and assign mac addresses for all containers

7 files changed, 44 insertions, 30 deletions

diff --git a/hosts/poweredge/bitcoind.nix b/hosts/poweredge/bitcoind.nix
index 715fb8a..cff9cd3 100644
--- a/hosts/poweredge/bitcoind.nix
+++ b/hosts/poweredge/bitcoind.nix
@@ -3,10 +3,8 @@
 		autoStart = true;
 		ephemeral = true;
 		privateNetwork = true;
-		extraVeths.vb-bitcoind = {
-			hostBridge = "br-lan0";
-			#localMacAddress = "02:00:00:00:00:04";  # TODO update to 26.05
-		};
+		hostBridge = "br-lan0";
+		localMacAddress = "02:00:00:00:00:04";
 
 		# Host path
 		bindMounts = {
@@ -17,10 +15,10 @@
 		};
 
 		config = { lib, pkgs, config, ... }: let
-			btdPort = 8333;
+			btcPort = 8333;
 		in {
 			# Network
-			networking.interfaces.vb-bitcoind.useDHCP = true;
+			networking.interfaces.eth0.useDHCP = true;
 			networking.firewall.allowedTCPPorts = [ btcPort ];
 
 			# Bitcoin
diff --git a/hosts/poweredge/configuration.nix b/hosts/poweredge/configuration.nix
index 8ad7350..301566c 100644
--- a/hosts/poweredge/configuration.nix
+++ b/hosts/poweredge/configuration.nix
@@ -4,10 +4,10 @@
 		./fileshares.nix
 		./networking.nix
 		#./notification-mailer.nix  # TODO move some of this stuff to archetype
-		#./gitea.nix
+		./gitea.nix
 		./jellyfin.nix
 		./immich.nix
-		#./bitcoind.nix
+		./bitcoind.nix
 	];
 
 	# Setup bootloader
diff --git a/hosts/poweredge/gitea.nix b/hosts/poweredge/gitea.nix
index c7a4c70..2d8b37f 100644
--- a/hosts/poweredge/gitea.nix
+++ b/hosts/poweredge/gitea.nix
@@ -2,20 +2,18 @@
 	containers.gitea = {
 		autoStart = true;
 		privateNetwork = true;
-		extraVeths.vb-gitea = {
-			hostBridge = "br-lan0";
-			#localMacAddress = "02:00:00:00:00:03";  # TODO update to 26.05
-		};
+		hostBridge = "br-lan0";
+		localMacAddress = "02:00:00:00:00:03";
 
 		config = { lib, pkgs, config, ... }: {
 			# Network
-			networking.interfaces.vb-gitea.useDHCP = true;
+			networking.interfaces.eth0.useDHCP = true;
 			networking.firewall.allowedTCPPorts = [ 80 22 ];  # Caddy + ssh
 
 			# Gitea
 			services.gitea = {
 				enable = true;
-				user = "git";  # So ssh cloning uses git@gitea
+				#user = "git";  # So ssh cloning uses git@gitea
 			};
 
 			# Reverse proxy
diff --git a/hosts/poweredge/immich.nix b/hosts/poweredge/immich.nix
index a98595e..b65d05d 100644
--- a/hosts/poweredge/immich.nix
+++ b/hosts/poweredge/immich.nix
@@ -2,10 +2,8 @@
 	containers.immich = {
 		autoStart = true;
 		privateNetwork = true;
-		extraVeths.vb-immich = {
-			hostBridge = "br-lan0";
-			#localMacAddress = "02:00:00:00:00:01";  # TODO update to 26.05
-		};
+		hostBridge = "br-lan0";
+		localMacAddress = "02:00:00:00:00:01";
 
 		# Host path
 		bindMounts = {
@@ -34,7 +32,7 @@
 
 		config = { lib, pkgs, config, ... }: {
 			# Network
-			networking.interfaces.vb-immich.useDHCP = true;
+			networking.interfaces.eth0.useDHCP = true;
 			networking.firewall.allowedTCPPorts = [ 80 ];  # Caddy
 
 			# Immich
diff --git a/hosts/poweredge/jellyfin.nix b/hosts/poweredge/jellyfin.nix
index 84f3ec0..92412f8 100644
--- a/hosts/poweredge/jellyfin.nix
+++ b/hosts/poweredge/jellyfin.nix
@@ -2,10 +2,8 @@
 	containers.jellyfin = {
 		autoStart = true;
 		privateNetwork = true;
-		extraVeths.vb-jellyfin = {
-			hostBridge = "br-lan0";
-			#localMacAddress = "02:00:00:00:00:02";  # TODO update to 26.05
-		};
+		hostBridge = "br-lan0";
+		localMacAddress = "02:00:00:00:00:02";
 		bindMounts = {
 			"/media" = {
 				hostPath = "/media/ingens/media";
@@ -32,7 +30,7 @@
 
 		config = { lib, config, ... }: {
 			# Network
-			networking.interfaces.vb-jellyfin.useDHCP = true;
+			networking.interfaces.eth0.useDHCP = true;
 			networking.firewall.allowedTCPPorts = [ 80 ];  # Caddy
 
 			# CUDA
diff --git a/hosts/poweredge/networking.nix b/hosts/poweredge/networking.nix
index 859bc93..fbf6fa6 100644
--- a/hosts/poweredge/networking.nix
+++ b/hosts/poweredge/networking.nix
@@ -16,11 +16,7 @@ in { config, ... }: {
 			vb-router-lan0.useDHCP = false;
 		};
 		# Configure network
-		defaultGateway = {
-			# Read explaination for veth-router-lan below
-			address = "10.255.255.1";
-			interface = "veth-router-lan";
-		};
+		defaultGateway = "10.255.255.1";  # Read explaination for veth-router-lan below
 		nameservers = [ "192.168.1.1" ];  # DNS will only be available from this ip address THROUGH the default gateway
 		# br-lan0 will be the interface used for networking on poweredge host
 		interfaces.br-lan0.ipv4.addresses = [{
@@ -116,8 +112,33 @@ in { config, ... }: {
 				};
 			};
 
+			services.unbound._blocklists = {
+				enable = true;
+				hageziBlocklists = [ "pro" "nsfw" ];
+			};
+
 			system.stateVersion = "25.11";
 		};
 	};
 
+	# FIXME the following snippet will cause the router container to fail to start:
+	#   networking.defaultGateway = {
+	#     address = "10.255.255.1";
+	#     interface = "veth-router-lan";
+	#   };
+	# Journalctl will report:
+	#   poweredge container router: Bring veth-router-lan up
+	#   poweredge container router: RTNETLINK answers: File exists
+	#   poweredge systemd: container@router.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
+	# So the issue nixos is creating an interface with that same name.
+	# As a temporary workaround, the following service is deployed (after the container starts):
+	systemd.services.router-default-route = {
+		after = [ "container@router.service" ];
+		wants = [ "container@router.service" ];
+		serviceConfig.Type = "oneshot";
+		script = ''
+			/run/current-system/sw/bin/ip route replace default via 10.255.255.1 dev veth-router-lan
+		'';
+		wantedBy = [ "multi-user.target" ];
+	};
 }
diff --git a/hosts/poweredge/router-hosts.nix b/hosts/poweredge/router-hosts.nix
index 007d2d7..aedf18a 100644
--- a/hosts/poweredge/router-hosts.nix
+++ b/hosts/poweredge/router-hosts.nix
@@ -1,5 +1,5 @@
 let
-	localDomain = "home.lan";
+	localDomain = "home.lan";  # TODO RFC8375 .home.arpa
 	dhcp = {
 		inherit staticLeases;
 		defaultGateway = "192.168.1.1";
@@ -68,4 +68,5 @@ in {
 	services._router.dnsDhcpConfig = {
 		inherit localDomain dhcp dns;
 	};
+	networking.hosts."192.168.1.1" = [ "router.${localDomain}" "router" ];
 }