space_server: networkd: add new secondary Labicolo network

This completes the split of Labicolo into two networks.

Henceforth we have two Labicolo network, and any two
Labicolo nodes on different parts of the network will
have to join LabIX, if they want to peer.

Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@labitat.dk>

4 files changed, 26 insertions, 1 deletions

diff --git a/roles/space_server/files/networkd/10-bond0.network b/roles/space_server/files/networkd/10-bond0.network
index 38c0e49..a305e39 100644
--- a/roles/space_server/files/networkd/10-bond0.network
+++ b/roles/space_server/files/networkd/10-bond0.network
@@ -20,4 +20,5 @@ VLAN=lan13
 VLAN=lan14
 VLAN=lan15
 VLAN=lan20
+VLAN=lan21
 VLAN=lan25
diff --git a/roles/space_server/files/networkd/10-lan21.netdev b/roles/space_server/files/networkd/10-lan21.netdev
new file mode 100644
index 0000000..85a79c2
--- /dev/null
+++ b/roles/space_server/files/networkd/10-lan21.netdev
@@ -0,0 +1,6 @@
+[NetDev]
+Name=lan21
+Kind=vlan
+
+[VLAN]
+Id=21
diff --git a/roles/space_server/files/networkd/10-lan21.network b/roles/space_server/files/networkd/10-lan21.network
new file mode 100644
index 0000000..9828c6d
--- /dev/null
+++ b/roles/space_server/files/networkd/10-lan21.network
@@ -0,0 +1,18 @@
+[Match]
+Name=lan21
+
+[Link]
+ARP=yes
+
+[Network]
+DHCP=no
+IPv6AcceptRA=no
+LinkLocalAddressing=no
+Address=185.38.175.97/27
+Address=2a01:4262:1ab:21::1/64
+Address=fe80::1/64
+IPForward=yes
+LLMNR=no
+MulticastDNS=no
+LLDP=yes
+EmitLLDP=no
diff --git a/roles/space_server/templates/nftables.conf.j2 b/roles/space_server/templates/nftables.conf.j2
index d4fe277..2724ca4 100644
--- a/roles/space_server/templates/nftables.conf.j2
+++ b/roles/space_server/templates/nftables.conf.j2
@@ -46,7 +46,7 @@ define futu_net6 = 2a01:4262:1ab:f::/64
 define nat64_if   = nat64
 define nat64_net4 = 10.42.128.0/17
 
-define colo_if   = lan20
+define colo_if   = { lan20, lan21 }
 
 define tor_if     = lan25
 define tor_net4   = 185.38.175.128/28