nixos: Reworked network assignments
This commit is contained in:
@@ -4,9 +4,17 @@
|
||||
nixpkgs = "mine";
|
||||
home-manager = "unstable";
|
||||
|
||||
configuration = { lib, pkgs, modulesPath, config, systems, ... }:
|
||||
assignments.internal = {
|
||||
name = "colony";
|
||||
altNames = [ "vm" ];
|
||||
ipv4.address = "10.100.0.2";
|
||||
ipv6.address = "2a0e:97c0:4d1:0::2";
|
||||
};
|
||||
|
||||
configuration = { lib, pkgs, modulesPath, config, systems, assignments, ... }:
|
||||
let
|
||||
inherit (lib) mkIf mapAttrs;
|
||||
inherit (lib.my) networkdAssignment;
|
||||
|
||||
wanBDF =
|
||||
if config.my.build.isDevVM then "00:02.0" else "01:00.0";
|
||||
@@ -50,20 +58,11 @@
|
||||
|
||||
systemd = {
|
||||
network = {
|
||||
netdevs."25-base-bridge".netdevConfig = {
|
||||
netdevs."25-base".netdevConfig = {
|
||||
Name = "base";
|
||||
Kind = "bridge";
|
||||
};
|
||||
networks."80-base-bridge" = {
|
||||
matchConfig = {
|
||||
Name = "base";
|
||||
Driver = "bridge";
|
||||
};
|
||||
DHCP = "ipv4";
|
||||
networkConfig = {
|
||||
IPv6AcceptRA = true;
|
||||
};
|
||||
};
|
||||
networks."80-base" = networkdAssignment "base" assignments.internal;
|
||||
};
|
||||
services."vm@estuary" = rec {
|
||||
# Bind to the interface, networkd wait-online would deadlock...
|
||||
@@ -93,10 +92,6 @@
|
||||
|
||||
server.enable = true;
|
||||
|
||||
network = {
|
||||
ipv6 = "2a0e:97c0:4d1:0::2";
|
||||
ipv4 = "10.110.0.2";
|
||||
};
|
||||
firewall = {
|
||||
trustedInterfaces = [ "base" ];
|
||||
};
|
||||
|
||||
@@ -2,10 +2,12 @@
|
||||
let
|
||||
inherit (builtins) attrValues mapAttrs;
|
||||
inherit (lib) substring flatten optional optionals mkDefault mkOption mkOptionType;
|
||||
inherit (lib.my) homeStateVersion mkOpt' mkBoolOpt' commonOpts inlineModule';
|
||||
inherit (lib.my) naiveIPv4Gateway homeStateVersion mkOpt' mkBoolOpt' commonOpts inlineModule';
|
||||
|
||||
cfg = config.nixos;
|
||||
|
||||
allAssignments = mapAttrs (_: c: c.assignments) cfg.systems;
|
||||
|
||||
mkSystem =
|
||||
{
|
||||
name,
|
||||
@@ -37,7 +39,7 @@ let
|
||||
lib = pkgs.lib;
|
||||
|
||||
# Put the inputs in specialArgs to avoid infinite recursion when modules try to do imports
|
||||
specialArgs = { inherit inputs; inherit (cfg) systems; };
|
||||
specialArgs = { inherit inputs allAssignments; inherit (cfg) systems; };
|
||||
|
||||
# `baseModules` informs the manual which modules to document
|
||||
baseModules =
|
||||
@@ -53,6 +55,7 @@ let
|
||||
|
||||
_module.args = {
|
||||
inherit (cfg) secretsPath;
|
||||
inherit (config') assignments;
|
||||
pkgs' = allPkgs;
|
||||
};
|
||||
|
||||
@@ -96,6 +99,24 @@ let
|
||||
] ++ defs;
|
||||
};
|
||||
|
||||
assignmentOpts = with lib.types; { name, config, ... }: {
|
||||
options = {
|
||||
name = mkOpt' str name "Name of assignment.";
|
||||
altNames = mkOpt' (listOf str) [ ] "Extra names to assign.";
|
||||
visible = mkBoolOpt' true "Whether or not this assignment should be visible.";
|
||||
ipv4 = {
|
||||
address = mkOpt' str null "IPv4 address.";
|
||||
mask = mkOpt' ints.u8 24 "Network mask.";
|
||||
gateway = mkOpt' (nullOr str) (naiveIPv4Gateway config.ipv4.address) "IPv4 gateway.";
|
||||
};
|
||||
ipv6 = {
|
||||
address = mkOpt' str null "IPv6 address.";
|
||||
mask = mkOpt' ints.u8 64 "Network mask.";
|
||||
gateway = mkOpt' (nullOr str) null "IPv6 gateway.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemOpts = with lib.types; { name, config, ... }: {
|
||||
options = {
|
||||
inherit (commonOpts) system nixpkgs home-manager;
|
||||
@@ -104,6 +125,10 @@ let
|
||||
# TODO: Currently broken with infinite recursion...
|
||||
docCustom = mkBoolOpt' false "Whether to document nixfiles' custom NixOS modules.";
|
||||
|
||||
assignments = mkOpt' (attrsOf (submoduleWith {
|
||||
modules = [ assignmentOpts { _module.args.name = name; } ];
|
||||
})) { } "Network assignments.";
|
||||
|
||||
configuration = mkOption {
|
||||
description = "NixOS configuration module.";
|
||||
# Based on the definition of containers.<name>.config
|
||||
|
||||
@@ -1,18 +1,8 @@
|
||||
{ lib, config, ... }:
|
||||
let
|
||||
inherit (lib) flatten optional mkIf mkDefault mkMerge;
|
||||
inherit (lib.my) mkOpt' mkBoolOpt';
|
||||
|
||||
cfg = config.my.network;
|
||||
in
|
||||
{
|
||||
options = with lib.types; {
|
||||
my.network = {
|
||||
ipv4 = mkOpt' str null "Internal network IPv4 address.";
|
||||
ipv6 = mkOpt' str null "Internal network IPv6 address.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
{
|
||||
networking = {
|
||||
|
||||
@@ -4,9 +4,20 @@
|
||||
nixpkgs = "mine";
|
||||
home-manager = "unstable";
|
||||
|
||||
configuration = { lib, pkgs, modulesPath, config, systems, ... }:
|
||||
assignments.internal = {
|
||||
name = "estuary.vm";
|
||||
altNames = [ "fw" ];
|
||||
ipv4 = {
|
||||
address = "10.100.0.1";
|
||||
gateway = null;
|
||||
};
|
||||
ipv6.address = "2a0e:97c0:4d1:0::1";
|
||||
};
|
||||
|
||||
configuration = { lib, pkgs, modulesPath, config, systems, assignments, ... }:
|
||||
let
|
||||
inherit (lib) mkIf mkMerge;
|
||||
inherit (lib.my) networkdAssignment;
|
||||
in
|
||||
{
|
||||
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
|
||||
@@ -59,14 +70,18 @@
|
||||
matchConfig.Name = "wan";
|
||||
DHCP = "ipv4";
|
||||
};
|
||||
"80-base" = {
|
||||
matchConfig.Name = "base";
|
||||
address = with config.my.network; [ "${ipv4}/24" "${ipv6}/64" ];
|
||||
"80-base" = (networkdAssignment "base" assignments.internal) // {
|
||||
networkConfig = {
|
||||
DHCPServer = true;
|
||||
IPv6AcceptRA = false;
|
||||
IPv6SendRA = true;
|
||||
IPMasquerade = "both";
|
||||
};
|
||||
ipv6SendRAConfig.DNS = [ assignments.internal.ipv6.address ];
|
||||
ipv6Prefixes = [
|
||||
{
|
||||
ipv6PrefixConfig.Prefix = "2a0e:97c0:4d1:0::/64";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -74,10 +89,6 @@
|
||||
my = {
|
||||
server.enable = true;
|
||||
|
||||
network = {
|
||||
ipv6 = "2a0e:97c0:4d1:0::1";
|
||||
ipv4 = "10.110.0.1";
|
||||
};
|
||||
firewall = {
|
||||
trustedInterfaces = [ "base" ];
|
||||
nat = {
|
||||
|
||||
Reference in New Issue
Block a user