gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(access): optional slaac on int

Browse source
This commit is contained in:
arcnmx 2024-03-29 13:59:28 -07:00
parent f3d9d2f1eb
commit 7a2d834742
7 changed files with 87 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules/system/network/networks.nix
View file

@ -4,9 +4,12 @@
inherit (lib.modules) mkIf mkOptionDefault; inherit (lib.modules) mkIf mkOptionDefault;
inherit (lib.trivial) mapNullable; inherit (lib.trivial) mapNullable;
networkModule = { config, name, system, ... }: let networkModule = { config, name, system, ... }: let
slaacPrefix = { knownNetworks = {
local = "fd0a:"; local.slaac = {
#int = "fd0c:"; enable = true;
prefix = "fd0a:";
};
int.slaac.prefix = "fd0c:";
}; };
in { in {
options = with lib.types; { options = with lib.types; {
@ -47,8 +50,10 @@
}; };
config = { config = {
slaac = { slaac = {
enable = mkOptionDefault (slaacPrefix ? ${config.name}); enable = mkOptionDefault (knownNetworks.${config.name}.slaac.enable or false);
prefix = mkIf (slaacPrefix ? ${config.name}) (mkOptionDefault slaacPrefix.${config.name}); prefix = mkIf (knownNetworks.${config.name}.slaac.prefix or null != null) (
mkOptionDefault knownNetworks.${config.name}.slaac.prefix
);
postfix = mkIf (config.macAddress != null) (mkOptionDefault (eui64 config.macAddress)); postfix = mkIf (config.macAddress != null) (mkOptionDefault (eui64 config.macAddress));
}; };
domain = mkOptionDefault "${config.name}.${system.access.domain}"; domain = mkOptionDefault "${config.name}.${system.access.domain}";

29
modules/system/proxmox/network.nix
View file

@ -1,7 +1,7 @@
{config, lib, inputs, ...}: let {config, lib, inputs, ...}: let
inherit (inputs.self.lib.lib) unmerged eui64 toHexStringLower mkAlmostOptionDefault mapAlmostOptionDefaults; inherit (inputs.self.lib.lib) unmerged eui64 toHexStringLower mkAlmostOptionDefault mapAlmostOptionDefaults;
inherit (lib.options) mkOption mkEnableOption; inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkOptionDefault; inherit (lib.modules) mkIf mkMerge mkDefault mkOptionDefault;
inherit (lib.attrsets) attrValues; inherit (lib.attrsets) attrValues;
inherit (lib.lists) elem findSingle findFirst; inherit (lib.lists) elem findSingle findFirst;
inherit (lib.strings) hasPrefix removePrefix replaceStrings removeSuffix; inherit (lib.strings) hasPrefix removePrefix replaceStrings removeSuffix;
@ -78,6 +78,11 @@
enable = mkEnableOption "systemd.network" // { enable = mkEnableOption "systemd.network" // {
default = true; default = true;
}; };
name = mkOption {
type = str;
default = config.name;
description = "network unit name";
};
networkSettings = mkOption { networkSettings = mkOption {
type = unmerged.types.attrs; type = unmerged.types.attrs;
}; };
@ -105,7 +110,7 @@
]; ];
networkd.networkSettings = { networkd.networkSettings = {
name = mkAlmostOptionDefault config.name; name = mkAlmostOptionDefault config.name;
ipv6AcceptRAConfig = mkIf (config.address6 == "auto" && config.local.enable) { ipv6AcceptRAConfig = mkIf config.local.enable {
UseDNS = mkOptionDefault false; UseDNS = mkOptionDefault false;
DHCPv6Client = mkOptionDefault false; DHCPv6Client = mkOptionDefault false;
}; };
@ -140,15 +145,27 @@
); );
}; };
}; };
confInternal = { confInternal = let
index = system.proxmox.vm.id - internalOffset;
in {
name = mkIf system.proxmox.container.enable (mkAlmostOptionDefault "eth9"); name = mkIf system.proxmox.container.enable (mkAlmostOptionDefault "eth9");
bridge = mkAlmostOptionDefault "vmbr9"; bridge = mkAlmostOptionDefault "vmbr9";
address4 = mkAlmostOptionDefault "10.9.1.${toString (system.proxmox.vm.id - internalOffset)}/24"; address4 = mkAlmostOptionDefault "10.9.1.${toString index}/24";
address6 = mkAlmostOptionDefault "fd0c::${toHexStringLower (system.proxmox.vm.id - internalOffset)}/64"; address6 = mkAlmostOptionDefault "fd0c::${toHexStringLower index}/64";
macAddress = mkIf (system.proxmox.network.interfaces.net0.macAddress or null != null && hasPrefix "BC:24:11:" system.proxmox.network.interfaces.net0.macAddress) (mkAlmostOptionDefault ( macAddress = mkIf (system.proxmox.network.interfaces.net0.macAddress or null != null && hasPrefix "BC:24:11:" system.proxmox.network.interfaces.net0.macAddress) (mkAlmostOptionDefault (
replaceStrings [ "BC:24:11:" ] [ "BC:24:19:" ] system.proxmox.network.interfaces.net0.macAddress replaceStrings [ "BC:24:11:" ] [ "BC:24:19:" ] system.proxmox.network.interfaces.net0.macAddress
)); ));
networkd.networkSettings.linkConfig.RequiredForOnline = false; networkd.networkSettings = {
domains = mkDefault [ ]; # int.${domain}?
linkConfig.RequiredForOnline = false;
ipv6AcceptRAConfig = {
Token = mkOptionDefault "static:::${toHexStringLower index}";
DHCPv6Client = mkOptionDefault false;
};
networkConfig = {
IPv6PrivacyExtensions = mkOptionDefault "no";
};
};
}; };
in mkMerge [ in mkMerge [
conf conf

29
nixos/int.nix Normal file
View file

@ -0,0 +1,29 @@
{config, lib, access, ...}: let
inherit (lib.modules) mkDefault;
in {
config = {
systemd.network.networks.eth9 = {config, ...}: {
networkConfig = {
IPv6SendRA = mkDefault true;
};
ipv6SendRAConfig = {
Managed = mkDefault false;
EmitDNS = mkDefault true;
DNS = [ (access.getAddress6For "utsuho" "int") ];
# Domains = [ "int.${networking.domain}" ];
EmitDomains = mkDefault false;
RouterPreference = mkDefault "low";
RouterLifetimeSec = 0;
};
ipv6Prefixes = [
{
ipv6PrefixConfig = {
Prefix = "fd0c::/64";
Assign = true;
Token = config.ipv6AcceptRAConfig.Token;
};
}
];
};
};
}

2
nixos/reisen-ct/proxmox.nix
View file

@ -25,7 +25,7 @@ in {
proxmoxLXC.privileged = mkIf (proxmox.container.enable && proxmox.container.privileged) true; proxmoxLXC.privileged = mkIf (proxmox.container.enable && proxmox.container.privileged) true;
systemd.network = mkIf proxmox.enabled (mkMerge (mapAttrsToList (_: interface: mkIf (interface.enable && interface.networkd.enable) { systemd.network = mkIf proxmox.enabled (mkMerge (mapAttrsToList (_: interface: mkIf (interface.enable && interface.networkd.enable) {
networks.${interface.name} = unmerged.mergeAttrs interface.networkd.networkSettings; networks.${interface.networkd.name} = unmerged.mergeAttrs interface.networkd.networkSettings;
}) proxmox.network.interfaces)); }) proxmox.network.interfaces));
networking.firewall.interfaces.int = let networking.firewall.interfaces.int = let

21
systems/ct/nixos.nix
View file

@ -8,4 +8,25 @@
services.avahi.hostName = ""; services.avahi.hostName = "";
system.stateVersion = "23.11"; system.stateVersion = "23.11";
environment.etc."systemd/network/eth9.network.d/int.conf".text = ''
[Match]
Name=eth9
Type=ether
[Link]
RequiredForOnline=false
[Network]
IPv6AcceptRA=true
IPv6SendRA=false
DHCP=no
[IPv6Prefix]
AddressAutoconfiguration=false
Prefix=fd0c::/64
Assign=true
[IPv6AcceptRA]
DHCPv6Client=false
'';
} }

2
systems/freeipa/int.nmconnection
View file

@ -11,3 +11,5 @@ method=manual
address1=fd0c::aa/64 address1=fd0c::aa/64
may-fail=true may-fail=true
method=manual method=manual
addr-gen-mode=eui64
token=::aa

1
systems/utsuho/nixos.nix
View file

@ -7,6 +7,7 @@ in {
nixos.sops nixos.sops
nixos.base nixos.base
nixos.reisen-ct nixos.reisen-ct
nixos.int
nixos.ipa nixos.ipa
nixos.cloudflared nixos.cloudflared
nixos.nginx nixos.nginx