From 658f9449fccf52fa68143da10b02c24221ff7bf8 Mon Sep 17 00:00:00 2001
From: Stefan Junker <mail@stefanjunker.de>
Date: Thu, 23 Nov 2023 11:28:01 +0100
Subject: [PATCH] [WIP] router0-dmz0: play with VLANs

---
 nix/os/devices/router0-dmz0/configuration.nix | 10 ++++++-
 nix/os/devices/router0-dmz0/flake.lock        | 30 +++++++++----------
 2 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix
index 198fa1a..f7f57c3 100644
--- a/nix/os/devices/router0-dmz0/configuration.nix
+++ b/nix/os/devices/router0-dmz0/configuration.nix
@@ -146,11 +146,19 @@ in {
   systemd.network = {
     wait-online.anyInterface = true;
     netdevs = {
-      # Create the bridge interface
+      # Create the VLANs
+      "00-vlan-100" = {
+        Name = "vlan100";
+        Kind = "vlan";
+      };
+
+      # Create the bridge interfaces
       "20-br-lan" = {
         netdevConfig = {
           Kind = "bridge";
           Name = "br-lan";
+          VLANFiltering = true;
+          DefaultPVID = 10;
         };
       };
     };
diff --git a/nix/os/devices/router0-dmz0/flake.lock b/nix/os/devices/router0-dmz0/flake.lock
index 3d42ef9..b572ebd 100644
--- a/nix/os/devices/router0-dmz0/flake.lock
+++ b/nix/os/devices/router0-dmz0/flake.lock
@@ -48,11 +48,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1691743546,
-        "narHash": "sha256-nS2uWOeEmMgUBEMDCvwLlXBBCLkW7agDcMtOXuf9PDc=",
+        "lastModified": 1695864092,
+        "narHash": "sha256-Hu1SkFPqO7ND95AOzBkZE2jGXSYhfZ965C03O72Kbu8=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "241c878d4b542fea7c61ed4421e9224af054ff56",
+        "rev": "19b62324663b6b9859caf7f335d232cf4f1f6a32",
         "type": "github"
       },
       "original": {
@@ -63,11 +63,11 @@
     },
     "get-flake": {
       "locked": {
-        "lastModified": 1673819588,
-        "narHash": "sha256-gRtwKAlu4htvS6dxyZnW3n+vMS1acqnMGVHqxUdETeY=",
+        "lastModified": 1694475786,
+        "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=",
         "owner": "ursi",
         "repo": "get-flake",
-        "rev": "e0917b6f564aa5acefb1484b5baf76da21746c3c",
+        "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1",
         "type": "github"
       },
       "original": {
@@ -83,11 +83,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1691672736,
-        "narHash": "sha256-HNPA/dKHerA0p4OsToEcW/DtTSXBcK5gFRsy/yPgV/Y=",
+        "lastModified": 1696145345,
+        "narHash": "sha256-3dM7I/d4751SLPJah0to1WBlWiyzIiuCEUwJqwBdmr4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "6e1eff9aac0e8d84bda7f2d60ba6108eea9b7e79",
+        "rev": "6f9b5b83ad1f470b3d11b8a9fe1d5ef68c7d0e30",
         "type": "github"
       },
       "original": {
@@ -105,11 +105,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1677020959,
-        "narHash": "sha256-r06isoyASAIoYH+zcbb8jescQyYq+AYNccVPUlzivDk=",
+        "lastModified": 1695065444,
+        "narHash": "sha256-c39mzyE1Z95bOjNfcCpENdQUn8lgTQFXNDeDguZnKs4=",
         "owner": "thelegy",
         "repo": "nixos-nftables-firewall",
-        "rev": "6cb25335de6f1fe0722f02573d0cfbaea4cd7ecf",
+        "rev": "f1d43094940379f8aa3b7ef750b48db48b622584",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1691630941,
-        "narHash": "sha256-4+KVSa32impg0aBqXVEEty8uu3Urb64CjmseDkETofg=",
+        "lastModified": 1695864227,
+        "narHash": "sha256-X3ADr3UE0Cws7yRLnMyo6VbBWrbkT8KMrds8TK6IYXw=",
         "owner": "numtide",
         "repo": "srvos",
-        "rev": "b7407c2dc143402de6f140575398020175f3ae1a",
+        "rev": "25cf328a2d83926dde264b6195d82bc6dcfb4b0c",
         "type": "github"
       },
       "original": {