switch-b3: replace switch-b1/b2

config/net/mgmt.nix

@@ -95,6 +95,7 @@
       switch-c3d2-main = "10.0.0.14";
       switch-d1 = "10.0.0.13";
       switch-dach = "10.0.0.17";
+      switch-b3 = "10.0.0.18";
     };
     hosts6 = {
       dn42 = {

config/switch.nix

@@ -33,9 +33,9 @@
       };
     };
 
-    switch-b1 = {
+    switch-b3 = {
       role = "switch";
-      model = "linksys-srw2048";
+      model = "junos";
       location = "Haus B Souterrain";
       interfaces = { mgmt.type = "phys"; };
 
@@ -45,133 +45,122 @@
       # Ports 21-24 unten seitlich (optional optisch)
       # Port 7 geht aktuell nach Turm C Erdgeschoss und dadurch zur Ecce
       links = {
-        ap23.ports = [ "g10" ];
+        ap23.ports = [ "ge-0/0/10" ];
-        ap8.ports = [ "g16" ];
+        ap8.ports = [ "ge-0/0/16" ];
-        c3d2.ports = [
+        iso1.ports = [ "ge-0/0/2" ];
-          # Leon's NAS
+        iso2.ports = [ "ge-0/0/3" ];
-          "g23"
+        iso3.ports = [ "ge-0/0/4" ];
-        ];
-        iso1.ports = [ "g2" ];
-        iso2.ports = [ "g3" ];
-        iso3.ports = [ "g4" ];
-        mgmt.ports = [ "g1" ];
         serv.ports = [
-          "g22"
+          "ge-0/0/22"
         ];
         # server1 had g46,g47,g48 too but this switch has too few
         # port-channel groups
-        server1.ports = [ "g24" ];
+        server1.ports = [ "ge-0/0/24" ];
         server2 = {
           group = "1";
-          ports = [ "g12" "g38" "g39" "g40" ];
+          ports = [ "ge-0/0/12" "ge-0/0/38" "ge-0/0/39" "ge-0/0/40" ];
         };
         server5 = {
           group = "6";
-          ports = [ "g17" "g18" "g19" "g20" ];
+          ports = [ "ge-0/0/17" "ge-0/0/18" "ge-0/0/19" "ge-0/0/20" ];
         };
         server6 = {
           group = "8";
-          ports = [ "g5" "g6" "g7" "g8" ];
+          ports = [ "ge-0/0/5" "ge-0/0/6" "ge-0/0/7" "ge-0/0/8" ];
         };
         hydra = {
           group = "7";
           trunk = false;
-          ports = [ "g9" "g11" "g14" "g15" ];
+          ports = [ "ge-0/0/9" "ge-0/0/11" "ge-0/0/14" "ge-0/0/15" ];
         };
         server10 = {
           group = "5";
-          ports = [ "g13" "g35" "g36" "g37" ];
+          ports = [ "ge-0/0/13" "ge-0/0/35" "ge-0/0/36" "ge-0/0/37" ];
         };
         switch-b2 = {
           group = "3";
-          ports = [ "g25" "g26" "g27" "g28" ];
+          ports = [ "ge-0/0/25" "ge-0/0/26" "ge-0/0/27" "ge-0/0/28" ];
         };
         switch-c1 = {
           group = "2";
-          ports = [ "g29" "g30" "g31" "g32" ];
+          ports = [ "ge-0/0/29" "ge-0/0/30" "ge-0/0/31" "ge-0/0/32" ];
         };
         switch-c3d2-main = {
           group = "4";
-          ports = [ "g41" "g42" "g43" "g44" ];
+          ports = [ "ge-0/0/41" "ge-0/0/42" "ge-0/0/43" "ge-0/0/44" ];
         };
-        switch-d1.ports = [ "g34" ];
+        switch-d1.ports = [ "ge-0/0/34" ];
-      };
-    };
-    switch-b2 = {
-      role = "switch";
-      model = "3com-4200G";
-      location = "Haus B Souterrain";
-      interfaces = { mgmt.type = "phys"; };
 
-      links = {
+        ap1.ports = [ "ge-1/0/8" ];
-        ap1.ports = [ "GigabitEthernet 1/0/8" ];
+        ap11.ports = [ "ge-1/0/10" ];
-        ap11.ports = [ "GigabitEthernet 1/0/10" ];
+        ap15.ports = [ "ge-1/0/12" ];
-        ap15.ports = [ "GigabitEthernet 1/0/12" ];
+        ap18.ports = [ "ge-1/0/18" ];
-        ap18.ports = [ "GigabitEthernet 1/0/18" ];
+        ap24.ports = [ "ge-1/0/34" ];
-        ap24.ports = [ "GigabitEthernet 1/0/34" ];
+        ap25.ports = [ "ge-1/0/35" ];
-        ap25.ports = [ "GigabitEthernet 1/0/35" ];
+        ap29.ports = [ "ge-1/0/36" ];
-        ap29.ports = [ "GigabitEthernet 1/0/36" ];
+        ap30.ports = [ "ge-1/0/22" ];
-        ap30.ports = [ "GigabitEthernet 1/0/22" ];
+        ap35.ports = [ "ge-1/0/23" ];
-        ap35.ports = [ "GigabitEthernet 1/0/23" ];
+        ap37.ports = [ "ge-1/0/39" ];
-        ap37.ports = [ "GigabitEthernet 1/0/39" ];
+        ap39.ports = [ "ge-1/0/17" ];
-        ap39.ports = [ "GigabitEthernet 1/0/17" ];
+        ap40.ports = [ "ge-1/0/21" ];
-        ap40.ports = [ "GigabitEthernet 1/0/21" ];
+        ap41.ports = [ "ge-1/0/37" ];
-        ap41.ports = [ "GigabitEthernet 1/0/37" ];
+        ap42.ports = [ "ge-1/0/6" ];
-        ap42.ports = [ "GigabitEthernet 1/0/6" ];
+        ap5.ports = [ "ge-1/0/7" ];
-        ap5.ports = [ "GigabitEthernet 1/0/7" ];
+        ap51.ports = [ "ge-1/0/13" ];
-        ap51.ports = [ "GigabitEthernet 1/0/13" ];
+        ap53.ports = [ "ge-1/0/15" ];
-        ap53.ports = [ "GigabitEthernet 1/0/15" ];
+        ap54.ports = [ "ge-1/0/38" ];
-        ap54.ports = [ "GigabitEthernet 1/0/38" ];
+        ap55.ports = [ "ge-1/0/19" ];
-        ap55.ports = [ "GigabitEthernet 1/0/19" ];
+        ap56.ports = [ "ge-1/0/9" ];
-        ap56.ports = [ "GigabitEthernet 1/0/9" ];
+        ap60.ports = [ "ge-1/0/20" ];
-        ap60.ports = [ "GigabitEthernet 1/0/20" ];
         mgmt.ports = [
-          "GigabitEthernet 1/0/1"
+          "ge-0/0/0" 
+          "ge-1/0/0"
+          "ge-0/0/1" 
+          "ge-1/0/1"
           # server3
-          "GigabitEthernet 1/0/41"
+          "ge-1/0/41"
           # server1
-          "GigabitEthernet 1/0/42"
+          "ge-1/0/42"
-          "GigabitEthernet 1/0/43"
+          "ge-1/0/43"
-          "GigabitEthernet 1/0/44"
+          "ge-1/0/44"
           # server6
-          "GigabitEthernet 1/0/45"
+          "ge-1/0/45"
           # server7
-          "GigabitEthernet 1/0/46"
+          "ge-1/0/46"
           # server8
-          "GigabitEthernet 1/0/47"
+          "ge-1/0/47"
           # server9
-          "GigabitEthernet 1/0/48"
+          "ge-1/0/48"
         ];
-        priv1.ports = [ "GigabitEthernet 1/0/3" ];
+        priv1.ports = [ "ge-1/0/3" ];
-        priv19.ports = [ "GigabitEthernet 1/0/40" ];
+        priv19.ports = [ "ge-1/0/40" ];
-        priv2.ports = [ "GigabitEthernet 1/0/4" ];
+        priv2.ports = [ "ge-1/0/4" ];
-        priv24.ports = [ "GigabitEthernet 1/0/14" "GigabitEthernet 1/0/16" ];
+        priv24.ports = [ "ge-1/0/14" "ge-1/0/16" ];
-        priv3.ports = [ "GigabitEthernet 1/0/5" ];
+        priv3.ports = [ "ge-1/0/5" ];
         pub.ports = [
-          "GigabitEthernet 1/0/11"
+          "ge-1/0/11"
-          "GigabitEthernet 1/0/24"
+          "ge-1/0/24"
         ];
         server3 = {
-          group = "1";
+          group = "9";
-          ports = [ "GigabitEthernet1/0/30" "GigabitEthernet1/0/31" ];
+          ports = [ "ge-1/0/30" "ge-1/0/31" ];
         };
         server9 = {
-          group = "3";
+          group = "10";
           ports = [
-            "GigabitEthernet1/0/2"
+            "ge-1/0/2"
-            "GigabitEthernet1/0/29"
+            "ge-1/0/29"
-            "GigabitEthernet1/0/32"
+            "ge-1/0/32"
-            "GigabitEthernet1/0/33"
+            "ge-1/0/33"
           ];
         };
         switch-b1 = {
-          group = "2";
+          group = "11";
           ports = [
-            "TenGigabitEthernet 1/1/1"
+            "ge-1/0/25"
-            "GigabitEthernet 1/0/25"
+            "ge-1/0/26"
-            "GigabitEthernet 1/0/26"
+            "ge-1/0/27"
-            "GigabitEthernet 1/0/27"
+            "ge-1/0/28"
-            "GigabitEthernet 1/0/28"
           ];
         };
       };

nix/pkgs/switches/junos.nix

@@ -0,0 +1,128 @@
+{ pkgs, hostName, config, hostConfig
+, sortBy, sortNetsByVlan
+, ... }:
+with pkgs;
+with lib;
+let
+  configFile = builtins.toFile "junos.config" ''
+    system {
+        host-name ${hostName};
+        time-zone Europe/Berlin;
+        root-authentication {
+            encrypted-password "$5$EBmFELmv$kQxtWwS0SBS.TqVPRvs8sKpH./l9DTtTxX/I2FJB2n2"; ## SECRET-DATA
+        }
+        login {
+            user root {
+                class super-user;
+                authentication {
+                    ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOFs2LdK23ysS0SSkXZuULUOCZHe1ZxvfOKj002J6rkvAaDLar9g5aKuiIV70ZR33A2rchoLMiM4pLLwoSAPJg1FgIgJjU+DFoWtiW+IjzKXdHHVspb2iOIhpfbfk8WC5HZ/6fPz4RUqadGQ43ImnMhSN0ge3s/oM48hpc96ne6tH+mGiugdPx8097NE9yTqJHi8deBhi3daeJH4eQeg66Fi+kDIAZv5TJ0Oca5h7PBd253/vf3l21jRH8u1D1trALv9KStGycTk5Nwih+OHx+Rnvue/B/nxgAz4I3mmQa+jhRlGaQVG0MtOBRY3Ae7ZNqhjuefDUCM2hwG70toU9xDUw0AihC2ownY+P2PjssoG1O8f/D7ilw7qrXJHEeM8HwzqMH8X4ELYHaHTwjeWfZTTFev1Djr969LjdS1UZzqCZHO0jmQ5Pa3eXw8xcoprtt620kYLTKSMs6exLstE48o57Yqfn+eTJDy7EkcjiLN6GNIi42b9Z73xXNpZx1WR9O6OulJf/6pWgrApasvxiGmxxILq98s1/VnZkOFXR8JXnpvKHEIOIr3bFQu3GLCrzY2Yuh4NL5wy6lcZNTr/0rr6AO24IbEWM7TApbXnKA5XQhAbThrVsuFBdT3+bBP2nedvWQ0W+Q6SUf+8T2o5InnFqs5ABnTixBItiWw+9BiQ== root@server1"; ## SECRET-DATA
+                }
+            }
+        }
+        services {
+            ssh {
+                root-login allow;
+            }
+            netconf {
+                ssh;
+            }
+            web-management {
+                http {
+                    interface [ vme.0 vlan.1 ];
+                }
+            }
+        }
+    }
+    virtual-chassis {
+        no-split-detection;
+        member 0 {
+            mastership-priority 255;
+        }
+        member 1 {
+            mastership-priority 255;
+        }
+    }
+    chassis { aggregated-devices { ethernet { device-count 32; } } }
+
+    vlans {
+      ${concatMapStrings (net:
+        let
+          netName = if net == "mgmt"
+                    then "mgmt-vlan"
+                    else net;
+          netConfig = config.site.net.${net};
+          vlan = toString netConfig.vlan;
+        in
+          lib.optionalString (netConfig.vlan != null) ''
+            ${netName} {
+              vlan-id ${vlan};
+              ${lib.optionalString (net == "mgmt") ''
+                l3-interface vlan.${vlan};
+              ''}
+            }
+          ''
+      ) (sortNetsByVlan (builtins.attrNames config.site.net))}
+    }
+
+    interfaces {
+      vlan {
+        unit ${toString config.site.net.mgmt.vlan} {
+          family inet {
+            address ${mgmtAddress}/${toString config.site.net.mgmt.subnet4Len};
+          }
+        }
+      }
+
+      ${concatMapStrings (name:
+        let
+          linkConfig = hostConfig.links.${name};
+          group = toString linkConfig.group;
+          isBond = linkConfig.trunk &&
+                   builtins.length linkConfig.ports > 1;
+          nets = map (net:
+            if net == "mgmt"
+            then "mgmt-vlan"
+            else net
+          ) linkConfig.nets;
+          vlanConfig = ''
+            unit 0 {
+              family ethernet-switching {
+                port-mode ${if linkConfig.trunk then "trunk" else "access"};
+                vlan { members [ ${concatStringsSep " " nets} ]; }
+              }
+            }
+          '';
+        in
+          if isBond
+          then concatMapStrings (port: ''
+            ${port} {
+              ether-options { 802.3ad ae${group}; }
+            }
+          '') (linkConfig.ports) + ''
+            ae${group} {
+              aggregated-ether-options { lacp { active; } }
+              ${vlanConfig}
+            }
+          ''
+          else concatMapStrings (port: ''
+            ${port} {
+              ${vlanConfig}
+            }
+          '') (linkConfig.ports)
+      ) (sortBy (link: hostConfig.links.${link}.ports)
+        (builtins.attrNames hostConfig.links)
+      )}
+    }
+  '';
+
+  mgmtAddress = config.site.net.mgmt.hosts4.${hostName};
+in ''
+  #! ${runtimeShell} -e
+
+  scp ${configFile} root@${mgmtAddress}:/tmp/junos.config
+  ssh root@${mgmtAddress} cli <<EOF
+  configure
+  load override /tmp/junos.config
+  commit
+  EOF
+''

nix/pkgs/switches/linksys-srw2048.nix

@@ -66,7 +66,6 @@ with lib;
   ${concatMapStrings (name:
     let
       linkConfig = hostConfig.links.${name};
-      isAccess = config.site.net ? ${name};
       netConfig = config.site.net.${name};
       isTrunk = linkConfig.trunk;
       isBond = builtins.length linkConfig.ports > 1 &&