From 704f007ae588a1e0397ef3a7bf99598160304a39 Mon Sep 17 00:00:00 2001 From: Astro Date: Thu, 25 Mar 2021 00:46:46 +0100 Subject: [PATCH] nixos-module/network.nix: configure host IP --- nix/lib/config/options.nix | 15 ++++++++ nix/nixos-module/network.nix | 54 +++++++++++++++++++++++------ nix/nixos-module/server/network.nix | 10 +++++- 3 files changed, 67 insertions(+), 12 deletions(-) diff --git a/nix/lib/config/options.nix b/nix/lib/config/options.nix index 7ef935e..b832f5d 100644 --- a/nix/lib/config/options.nix +++ b/nix/lib/config/options.nix @@ -13,6 +13,17 @@ let type = with types; nullOr str; default = null; }; + subnet4Len = mkOption { + type = with types; nullOr types.int; + default = + let + inherit (config.site.net.${name}) subnet4; + s = lib.splitString "/" subnet4; + in + if subnet4 != null && builtins.length s == 2 + then lib.toInt (elemAt s 1) + else null; + }; subnets6 = mkOption { description = "IPv6 subnets w/o prefixlen (always 64)"; type = with types; attrsOf str; @@ -77,6 +88,10 @@ let default = {}; type = with types; attrsOf (submodule interfaceOpts); }; + isRouter = mkOption { + type = types.bool; + default = config.site.hosts.${name}.interfaces ? core; + }; }; }; in diff --git a/nix/nixos-module/network.nix b/nix/nixos-module/network.nix index bf903ac..a431205 100644 --- a/nix/nixos-module/network.nix +++ b/nix/nixos-module/network.nix @@ -1,27 +1,59 @@ { hostName, config, lib, pkgs, ... }: +let + findGw6 = net: gw6: + let + inherit (config.site.net.${net}) hosts6; + in + builtins.foldl' (result: ctx: + let + h = hosts6.${ctx}; + in + if result == null && h ? ${hostName} && h ? ${gw6} + then h.${gw6} + else result + ) null (builtins.attrNames hosts6); +in { networking.firewall.enable = lib.mkDefault false; + networking.useDHCP = false; + networking.useHostResolvConf = false; services.resolved.enable = false; environment.etc."resolv.conf".text = '' nameserver 172.20.73.8 9.9.9.9 ''; - + + networking.useNetworkd = true; systemd.network = { enable = true; networks = - builtins.mapAttrs (ifName: { gw4, gw6, ... }: { - matchConfig.Name = ifName; - # addresses = [ { - # addressConfig.Address = "127.0.0.1/8"; - # } ]; - # TODO: lookup hostname - gateway = with lib; - optional (gw4 != null) gw4 ++ - optional (gw6 != null) gw6; - }) config.site.hosts.${hostName}.interfaces; + builtins.mapAttrs (ifName: { gw4, gw6, ... }: + let + netConfig = config.site.net.${ifName}; + in { + matchConfig.Name = ifName; + + addresses = + let + address = netConfig.hosts4.${hostName}; + prefixLen = netConfig.subnet4Len; + in + lib.optional (netConfig.hosts4 ? ${hostName}) { + addressConfig.Address = "${address}/${toString prefixLen}"; + } ++ + builtins.concatMap (hosts6: + lib.optional (hosts6 ? ${hostName}) { + addressConfig.Address = "${hosts6.${hostName}}/64"; + } + ) (builtins.attrValues netConfig.hosts6); + + gateway = with lib; + optional (gw4 != null) netConfig.${gw4} ++ + optional (gw6 != null) (findGw6 ifName gw6); + + }) config.site.hosts.${hostName}.interfaces; }; } diff --git a/nix/nixos-module/server/network.nix b/nix/nixos-module/server/network.nix index f51d03e..71cdff4 100644 --- a/nix/nixos-module/server/network.nix +++ b/nix/nixos-module/server/network.nix @@ -65,6 +65,14 @@ in matchConfig.Name = "bond0"; networkConfig.VLAN = map (net: "ext-${net}") ctNets; }; - }; + } // builtins.foldl' (result: net: result // { + "${net}" = { + matchConfig.Name = net; + networkConfig = { + IPForward = config.site.hosts.${hostName}.isRouter; + IPv6AcceptRA = !config.site.hosts.${hostName}.isRouter; + }; + }; + }) {} bridgeNets; }; }