802.1p Class of Service Revisited on NixOS

I have an internet-facing NixOS router that I have to run 802.1p Class of Service on. For a couple years I did this on debian, but its even easier on NixOS. This isn’t the config for the whole box, but its a starting point for anyone else looking to do this:

  networking.useDHCP = false;
  networking.vlans.vlan2 = {
    id=2;
    interface="enp2s0f0";
  };
  networking.interfaces.vlan2.useDHCP = true;

  networking.bridges = {
    "br0" = {
      interfaces = [ "enp2s0f1" "enp2s0f2" "enp2s0f3" "enp6s0f0" "enp6s0f1" "enp8s0f0" "enp8s0f1" ];
    };
  };
  networking.interfaces."br0".ipv4.addresses = [{
    address = "172.60.120.1";
    prefixLength = 24;
  }];

  systemd.services = {
    egress_qos_tag = {
      after = [ "network.target" "network-online.target" ];
      wants = [ "network-online.target" ];
      wantedBy = [ "default.target" ];
      serviceConfig = {
        Type = "simple";
        ExecStart = "${pkgs.vlan}/bin/vconfig set_egress_map vlan2 0 3";
      };
    };
  };

  networking.nat = {
    enable = true;
    internalInterfaces = ["br0"];
    externalInterface = "vlan2";
  };

  services.dnsmasq = {
    enable = true;
    settings = {
      interface = "br0";
      bind-interfaces = true;
      dhcp-authoritative = true;
      server = config.networking.nameservers;
      dhcp-option = [ "option:router,172.60.120.1" ];
      dhcp-range = [ "172.60.120.100,172.60.120.254,24h" ];
    };
  };

NixOS by the way is bombproof as an x86 router. Mine is ~100 lines and running on ‘for parts not working’ denverton e-waste.

Nathan Hensel

on caving, mountaineering, networking, computing, electronics


2024-12-03