From 4209877e4e42c80bc6ee3f28930f5bb1aa35b27c Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Tue, 10 Oct 2023 10:01:16 -0400
Subject: [PATCH] support vlans

---
 manifests/init.pp          |  2 ++
 manifests/systemd.pp       | 17 ++++++++++++++++-
 templates/vlan.netdev.erb  |  7 +++++++
 templates/vlan.network.erb | 10 ++++++++++
 4 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 templates/vlan.netdev.erb
 create mode 100644 templates/vlan.network.erb

diff --git a/manifests/init.pp b/manifests/init.pp
index 62123d7..975c0a4 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -4,12 +4,14 @@
 # @param domains list of domains for search path
 # @param dnsovertls enable DNS over TLS
 # @param bridges sets interfaces which should be bridged
+# @param vlans sets which virtual interfaces should be created
 # @param ignore sets interface regex patterns to not create network configurations for
 class network (
   Array[String] $resolvers = ['8.8.8.8#dns.google', '8.8.4.4#dns.google'],
   Array[String] $domains = [],
   Boolean $dnsovertls = true,
   Hash[String, Array[String]] $bridges = {},
+  Hash[String, Hash[String, String]] $vlans = {},
   Array[String] $ignore = ['^lo$', '^docker\d+$', '^(tap|veth)', '^wg\d+'],
 ) {
   case $facts['os']['family'] {
diff --git a/manifests/systemd.pp b/manifests/systemd.pp
index 51a6d93..337448d 100644
--- a/manifests/systemd.pp
+++ b/manifests/systemd.pp
@@ -5,6 +5,7 @@
   $domains = $network::domains
   $dnsovertls = $network::dnsovertls
   $bridges = $network::bridges
+  $vlans = $network::vlans
   $ignore = $network::ignore
 
   file { '/etc/resolv.conf':
@@ -46,8 +47,22 @@
 
   $bridge_children = values($bridges).flatten
 
+  $vlans.each |String $vlan_name, Hash[String, String] $params| {
+    file { "/etc/systemd/network/${vlan_name}.network":
+      ensure  => file,
+      content => template('network/vlan.network.erb'),
+      notify  => Service['systemd-networkd'],
+    }
+
+    file { "/etc/systemd/network/${vlan_name}.netdev":
+      ensure  => file,
+      content => template('network/vlan.netdev.erb'),
+      notify  => Service['systemd-networkd'],
+    }
+  }
+
   $facts['networking']['interfaces'].each |String $iface, Any $value| {
-    unless $iface in $bridge_children or $iface in $bridges or $ignore.any |$item| { $iface.match($item) } {
+    unless $iface in $bridge_children or $iface in $bridges or $iface in $vlans or $ignore.any |$item| { $iface.match($item) } {
       file { "/etc/systemd/network/${iface}.network":
         ensure  => file,
         content => template('network/interface.network.erb'),
diff --git a/templates/vlan.netdev.erb b/templates/vlan.netdev.erb
new file mode 100644
index 0000000..c25cb1a
--- /dev/null
+++ b/templates/vlan.netdev.erb
@@ -0,0 +1,7 @@
+[NetDev]
+Name=<%= @vlan_name %>
+Kind=vlan
+MACAddress=<%= @params['mac'] %>
+
+[VLAN]
+Id=<%= @params['id'] %>
diff --git a/templates/vlan.network.erb b/templates/vlan.network.erb
new file mode 100644
index 0000000..76373f9
--- /dev/null
+++ b/templates/vlan.network.erb
@@ -0,0 +1,10 @@
+[Match]
+Name=<%= @vlan_name %>
+Type=vlan
+
+[Network]
+DHCP=yes
+LLMNR=no
+
+[DHCPv4]
+UseDNS=no