nixos-module/network.nix: configure host IP

2021-03-25 00:46:46 +01:00 · 2021-03-25 00:46:46 +01:00 · 704f007ae5
parent 46c16e4413
commit 704f007ae5
3 changed files with 67 additions and 12 deletions
--- a/nix/lib/config/options.nix
+++ b/nix/lib/config/options.nix
@ -13,6 +13,17 @@ let
        type = with types; nullOr str;
        default = null;
      };
+      subnet4Len = mkOption {
+        type = with types; nullOr types.int;
+        default =
+          let
+            inherit (config.site.net.${name}) subnet4;
+            s = lib.splitString "/" subnet4;
+          in
+            if subnet4 != null && builtins.length s == 2
+            then lib.toInt (elemAt s 1)
+            else null;
+      };
      subnets6 = mkOption {
        description = "IPv6 subnets w/o prefixlen (always 64)";
        type = with types; attrsOf str;
@ -77,6 +88,10 @@ let
        default = {};
        type = with types; attrsOf (submodule interfaceOpts);
      };
+      isRouter = mkOption {
+        type = types.bool;
+        default = config.site.hosts.${name}.interfaces ? core;
+      };
    };
  };
 in
--- a/nix/nixos-module/network.nix
+++ b/nix/nixos-module/network.nix
@ -1,27 +1,59 @@
 { hostName, config, lib, pkgs, ... }:

+let
+  findGw6 = net: gw6:
+    let
+      inherit (config.site.net.${net}) hosts6;
+    in
+      builtins.foldl' (result: ctx:
+        let
+          h = hosts6.${ctx};
+        in
+          if result == null && h ? ${hostName} && h ? ${gw6}
+          then h.${gw6}
+          else result
+      ) null (builtins.attrNames hosts6);
+in
 {
  networking.firewall.enable = lib.mkDefault false;

+  networking.useDHCP = false;
+
  networking.useHostResolvConf = false;
  services.resolved.enable = false;
  environment.etc."resolv.conf".text = ''
    nameserver 172.20.73.8 9.9.9.9
  '';
-  
+
+  networking.useNetworkd = true;
  systemd.network = {
    enable = true;

    networks =
-      builtins.mapAttrs (ifName: { gw4, gw6, ... }: {
-        matchConfig.Name = ifName;
-        # addresses = [ {
-        #   addressConfig.Address = "127.0.0.1/8";
-        # } ];
-        # TODO: lookup hostname
-        gateway = with lib;
-          optional (gw4 != null) gw4 ++
-          optional (gw6 != null) gw6;
-      }) config.site.hosts.${hostName}.interfaces;
+      builtins.mapAttrs (ifName: { gw4, gw6, ... }:
+        let
+          netConfig = config.site.net.${ifName};
+        in {
+          matchConfig.Name = ifName;
+
+          addresses =
+            let
+              address = netConfig.hosts4.${hostName};
+              prefixLen = netConfig.subnet4Len;
+            in
+              lib.optional (netConfig.hosts4 ? ${hostName}) {
+                addressConfig.Address = "${address}/${toString prefixLen}";
+              } ++
+              builtins.concatMap (hosts6:
+                lib.optional (hosts6 ? ${hostName}) {
+                  addressConfig.Address = "${hosts6.${hostName}}/64";
+                }
+              ) (builtins.attrValues netConfig.hosts6);
+
+          gateway = with lib;
+            optional (gw4 != null) netConfig.${gw4} ++
+            optional (gw6 != null) (findGw6 ifName gw6);
+
+        }) config.site.hosts.${hostName}.interfaces;
  };
 }
--- a/nix/nixos-module/server/network.nix
+++ b/nix/nixos-module/server/network.nix
@ -65,6 +65,14 @@ in
        matchConfig.Name = "bond0";
        networkConfig.VLAN = map (net: "ext-${net}") ctNets;
      };
-    };
+    } // builtins.foldl' (result: net: result // {
+      "${net}" = {
+        matchConfig.Name = net;
+        networkConfig = {
+          IPForward = config.site.hosts.${hostName}.isRouter;
+          IPv6AcceptRA = !config.site.hosts.${hostName}.isRouter;
+        };
+      };
+    }) {} bridgeNets;
  };
 }