nixos-module/network.nix: configure host IP

2021-03-25 00:46:46 +01:00 · 2021-03-25 00:46:46 +01:00 · 704f007ae5
parent 46c16e4413
commit 704f007ae5
3 changed files with 67 additions and 12 deletions
--- a/nix/lib/config/options.nix
+++ b/nix/lib/config/options.nix
@ -13,6 +13,17 @@ let
        type = with types; nullOr str;
        default = null;
      };
      subnet4Len = mkOption {
        type = with types; nullOr types.int;
        default =
          let
            inherit (config.site.net.${name}) subnet4;
            s = lib.splitString "/" subnet4;
          in
            if subnet4 != null && builtins.length s == 2
            then lib.toInt (elemAt s 1)
            else null;
      };
      subnets6 = mkOption {
        description = "IPv6 subnets w/o prefixlen (always 64)";
        type = with types; attrsOf str;
@ -77,6 +88,10 @@ let
        default = {};
        type = with types; attrsOf (submodule interfaceOpts);
      };
      isRouter = mkOption {
        type = types.bool;
        default = config.site.hosts.${name}.interfaces ? core;
      };
    };
  };
 in
--- a/nix/nixos-module/network.nix
+++ b/nix/nixos-module/network.nix
@ -1,27 +1,59 @@
 { hostName, config, lib, pkgs, ... }:
 let
  findGw6 = net: gw6:
    let
      inherit (config.site.net.${net}) hosts6;
    in
      builtins.foldl' (result: ctx:
        let
          h = hosts6.${ctx};
        in
          if result == null && h ? ${hostName} && h ? ${gw6}
          then h.${gw6}
          else result
      ) null (builtins.attrNames hosts6);
 in
 {
  networking.firewall.enable = lib.mkDefault false;
  networking.useDHCP = false;
  networking.useHostResolvConf = false;
  services.resolved.enable = false;
  environment.etc."resolv.conf".text = ''
    nameserver 172.20.73.8 9.9.9.9
  '';
-  
+
  networking.useNetworkd = true;
  systemd.network = {
    enable = true;
    networks =
-      builtins.mapAttrs (ifName: { gw4, gw6, ... }: {
+      builtins.mapAttrs (ifName: { gw4, gw6, ... }:
-        matchConfig.Name = ifName;
+        let
-        # addresses = [ {
+          netConfig = config.site.net.${ifName};
-        #   addressConfig.Address = "127.0.0.1/8";
+        in {
-        # } ];
+          matchConfig.Name = ifName;
-        # TODO: lookup hostname
+
-        gateway = with lib;
+          addresses =
-          optional (gw4 != null) gw4 ++
+            let
-          optional (gw6 != null) gw6;
+              address = netConfig.hosts4.${hostName};
-      }) config.site.hosts.${hostName}.interfaces;
+              prefixLen = netConfig.subnet4Len;
            in
              lib.optional (netConfig.hosts4 ? ${hostName}) {
                addressConfig.Address = "${address}/${toString prefixLen}";
              } ++
              builtins.concatMap (hosts6:
                lib.optional (hosts6 ? ${hostName}) {
                  addressConfig.Address = "${hosts6.${hostName}}/64";
                }
              ) (builtins.attrValues netConfig.hosts6);
          gateway = with lib;
            optional (gw4 != null) netConfig.${gw4} ++
            optional (gw6 != null) (findGw6 ifName gw6);
        }) config.site.hosts.${hostName}.interfaces;
  };
 }
--- a/nix/nixos-module/server/network.nix
+++ b/nix/nixos-module/server/network.nix
@ -65,6 +65,14 @@ in
        matchConfig.Name = "bond0";
        networkConfig.VLAN = map (net: "ext-${net}") ctNets;
      };
-    };
+    } // builtins.foldl' (result: net: result // {
      "${net}" = {
        matchConfig.Name = net;
        networkConfig = {
          IPForward = config.site.hosts.${hostName}.isRouter;
          IPv6AcceptRA = !config.site.hosts.${hostName}.isRouter;
        };
      };
    }) {} bridgeNets;
  };
 }