network/nix/nixos-module/server/network.nix

{ hostName, self, config, lib, pkgs, ... }:

let
  containers =
    lib.filterAttrs (_: { role, model, location, ... }:
      role == "container" &&
      model == "lxc" &&
      location == hostName
    ) config.site.hosts;

  bridgeNets =
    lib.lists.unique (
      builtins.concatMap ({ interfaces, ... }:
        builtins.attrNames (
          lib.filterAttrs (_: { type, ... }: type == "veth") interfaces
        )) (builtins.attrValues containers)
    );

  ctNets =
    lib.lists.unique (
      builtins.concatMap ({ interfaces, ... }:
        builtins.attrNames interfaces
      ) (builtins.attrValues containers)
    );

in
{
  systemd.network = {
    enable = true;

    netdevs = {
      bond0.netdevConfig = {
        Kind = "bond";
        Name = "bond0";
      };
    } // (
      builtins.foldl' (result: net: result // {
        "${net}".netdevConfig = {
          Kind = "bridge";
          Name = "${net}";
        };
      }) {} bridgeNets
    ) // (
      builtins.foldl' (result: net: result // {
        "ext-${net}" = {
          netdevConfig = {
            Kind = "vlan";
            Name = "ext-${net}";
          };
          vlanConfig.Id = config.site.net.${net}.vlan;
        };
      }) {} ctNets
    );

    networks = {
      eth = {
        matchConfig.Name = "eth*";
        networkConfig.Bond = "bond0";
      };
      en = {
        matchConfig.Name = "en*";
        networkConfig.Bond = "bond0";
      };
      bond0 = {
        matchConfig.Name = "bond0";
        networkConfig.VLAN = map (net: "ext-${net}") ctNets;
      };
    } // builtins.foldl' (result: net: result // {
      "${net}" = {
        matchConfig.Name = net;
        networkConfig = {
          IPForward = config.site.hosts.${hostName}.isRouter;
          IPv6AcceptRA = !config.site.hosts.${hostName}.isRouter;
        };
      };
    }) {} bridgeNets;
  };
}
server/network.nix: setup vlan/bridge infra 2021-03-24 22:23:09 +01:00			`{ hostName, self, config, lib, pkgs, ... }:`

			`let`
			`containers =`
			`lib.filterAttrs (_: { role, model, location, ... }:`
			`role == "container" &&`
			`model == "lxc" &&`
			`location == hostName`
			`) config.site.hosts;`

			`bridgeNets =`
			`lib.lists.unique (`
			`builtins.concatMap ({ interfaces, ... }:`
			`builtins.attrNames (`
			`lib.filterAttrs (_: { type, ... }: type == "veth") interfaces`
			`)) (builtins.attrValues containers)`
			`);`

			`ctNets =`
			`lib.lists.unique (`
			`builtins.concatMap ({ interfaces, ... }:`
			`builtins.attrNames interfaces`
			`) (builtins.attrValues containers)`
			`);`

			`in`
			`{`
			`systemd.network = {`
			`enable = true;`

			`netdevs = {`
			`bond0.netdevConfig = {`
			`Kind = "bond";`
			`Name = "bond0";`
			`};`
			`} // (`
			`builtins.foldl' (result: net: result // {`
			`"${net}".netdevConfig = {`
			`Kind = "bridge";`
			`Name = "${net}";`
			`};`
			`}) {} bridgeNets`
			`) // (`
			`builtins.foldl' (result: net: result // {`
			`"ext-${net}" = {`
			`netdevConfig = {`
			`Kind = "vlan";`
			`Name = "ext-${net}";`
			`};`
			`vlanConfig.Id = config.site.net.${net}.vlan;`
			`};`
			`}) {} ctNets`
			`);`

			`networks = {`
			`eth = {`
			`matchConfig.Name = "eth*";`
			`networkConfig.Bond = "bond0";`
			`};`
			`en = {`
			`matchConfig.Name = "en*";`
			`networkConfig.Bond = "bond0";`
			`};`
			`bond0 = {`
			`matchConfig.Name = "bond0";`
			`networkConfig.VLAN = map (net: "ext-${net}") ctNets;`
			`};`
nixos-module/network.nix: configure host IP 2021-03-25 00:46:46 +01:00			`} // builtins.foldl' (result: net: result // {`
			`"${net}" = {`
			`matchConfig.Name = net;`
			`networkConfig = {`
			`IPForward = config.site.hosts.${hostName}.isRouter;`
			`IPv6AcceptRA = !config.site.hosts.${hostName}.isRouter;`
			`};`
			`};`
			`}) {} bridgeNets;`
server/network.nix: setup vlan/bridge infra 2021-03-24 22:23:09 +01:00			`};`
			`}`