refactor: static networking

2026-02-09 12:29:19 -08:00 · 2024-01-18 13:51:13 -08:00 · 2024-01-18 13:51:13 -08:00 · 91d4895c6f
commit 91d4895c6f
parent 1a4b5ee8b2
13 changed files with 155 additions and 16 deletions
--- a/modules/meta/access.nix
+++ b/modules/meta/access.nix
@ -0,0 +1,32 @@
+{
+  config,
+  access,
+  ...
+}: let
+  nixosModule = {
+    config,
+    ...
+  }: {
+    config = {
+      _module.args.access = access // {
+        systemFor = hostName: if hostName == config.networking.hostName
+          then config
+          else access.systemFor hostName;
+        systemForOrNull = hostName: if hostName == config.networking.hostName
+          then config
+          else access.systemForOrNull hostName;
+      };
+    };
+  };
+in {
+  config = {
+    network.nixos.extraModules = [
+      nixosModule
+    ];
+
+    _module.args.access = {
+      systemFor = hostName: config.network.nodes.${hostName};
+      systemForOrNull = hostName: config.network.nodes.${hostName} or null;
+    };
+  };
+}
--- a/modules/nixos/access.nix
+++ b/modules/nixos/access.nix
@ -8,9 +8,6 @@
  inherit (config.networking) hostName;
 in {
  options.networking.access = with lib.types; {
-    static.ipv4 = mkOption {
-      type = str;
-    };
    hostnameForNetwork = mkOption {
      type = attrsOf str;
      default = { };
--- a/modules/nixos/network.nix
+++ b/modules/nixos/network.nix
@ -1,14 +1,53 @@
 {
  config,
  lib,
-  pkgs,
  ...
-}:
-with lib; {
+}: let
+  inherit (lib.options) mkOption mkEnableOption;
+  inherit (lib.modules) mkIf mkMerge mkOptionDefault;
+  inherit (lib.trivial) eui64;
+  inherit (config) networking services;
+  networkModule = { config, ... }: {
+    options = with lib.types; {
+      mdns = {
+        enable = mkEnableOption "SLAAC" // {
+          default = config.matchConfig.Type or null == "ether" && services.resolved.enable;
+        };
+      };
+      slaac = {
+        enable = mkEnableOption "SLAAC" // {
+          default = config.matchConfig.Type or null == "ether" && networking.enableIPv6;
+        };
+        postfix = mkOption {
+          type = str;
+        };
+      };
+    };
+    config = {
+      slaac.postfix = mkIf (config.matchConfig.MACAddress or null != null) (
+        mkOptionDefault (eui64 config.matchConfig.MACAddress)
+      );
+      networkConfig = mkMerge [
+        (mkIf config.slaac.enable {
+          IPv6AcceptRA = true;
+        })
+        (mkIf config.mdns.enable {
+          MulticastDNS = true;
+        })
+      ];
+      linkConfig = mkIf config.mdns.enable {
+        Multicast = true;
+      };
+    };
+  };
+in {
  options.deploy.system = mkOption {
-    type = types.unspecified;
+    type = lib.types.unspecified;
    readOnly = true;
  };
+  options.systemd.network.networks = mkOption {
+    type = with lib.types; attrsOf (submodule networkModule);
+  };
  config = {
    deploy.system = config.system.build.toplevel;
  };
--- a/nixos/access/global.nix
+++ b/nixos/access/global.nix
@ -0,0 +1,10 @@
+{
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkDefault;
+in {
+  networking = {
+    tempAddresses = mkDefault "disabled";
+  };
+}
--- a/nixos/base/network.nix
+++ b/nixos/base/network.nix
@ -3,7 +3,6 @@
 {
  networking = {
    nftables.enable = true;
-    tempAddresses = "disabled";
    domain = mkDefault "gensokyo.zone";
    hostName = mkOverride 25 name;
  };
--- a/nixos/home-assistant.nix
+++ b/nixos/home-assistant.nix
@ -89,7 +89,6 @@ in {
      homekit = [ {
        name = "Tewi";
        port = 21063;
-        ip_address = config.networking.access.static.ipv4;
        filter = let
          inherit (cfg.config) google_assistant;
        in {
--- a/overlays/local/default.nix
+++ b/overlays/local/default.nix
@ -1,4 +1,5 @@
 final: prev: {
+  lib = prev.lib.extend (import ./lib.nix);
  requests-oauth = final.python3Packages.callPackage ./requests-oauth.nix {};
  withings-api = final.python3Packages.callPackage ./withings-api.nix {};
  irlsite = final.callPackage ./irlsite.nix {};
--- a/overlays/local/lib.nix
+++ b/overlays/local/lib.nix
@ -0,0 +1,27 @@
+lib: prev: let
+  inherit (lib.strings) splitString toLower;
+  inherit (lib.lists) imap0 elemAt;
+  inherit (lib.attrsets) listToAttrs nameValuePair;
+  inherit (lib.strings) substring fixedWidthString;
+  inherit (lib.trivial) flip toHexString toHexStringLower hexCharToInt bitOr;
+in {
+  trivial = prev.trivial // {
+    toHexStringLower = v: toLower (toHexString v);
+
+    hexCharToInt = let
+      hexChars = [ "0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "a" "b" "c" "d" "e" "f" ];
+      pairs = imap0 (flip nameValuePair) hexChars;
+      idx = listToAttrs pairs;
+    in char: idx.${char};
+
+    eui64 = mac: let
+      parts = map toLower (splitString ":" mac);
+      part = elemAt parts;
+      part0 = part: let
+        nibble1' = hexCharToInt (substring 1 1 part);
+        nibble1 = bitOr 2 nibble1';
+        nibble0 = substring 0 1 part;
+      in nibble0 + (fixedWidthString 1 "0" (toHexStringLower nibble1));
+    in "${part0 (part 0)}${part 1}:${part 2}ff:fe${part 3}:${part 4}${part 5}";
+  };
+}
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@ -31,6 +31,17 @@
    };
  };

+  systemd.network.networks.eth0 = {
+    name = "eth0";
+    matchConfig = {
+      MACAddress = "BC:24:11:C4:66:A7";
+      Type = "ether";
+    };
+    address = [ "10.1.1.41/24" ];
+    gateway = [ "10.1.1.1" ];
+    DHCP = "no";
+  };
+
  sops.defaultSopsFile = ./secrets.yaml;

  system.stateVersion = "23.11";
--- a/systems/kuwubernetes/nixos.nix
+++ b/systems/kuwubernetes/nixos.nix
@ -54,6 +54,15 @@
    };
  };

+  systemd.network.networks.eth0 = {
+    name = "eth0";
+    matchConfig = {
+      MACAddress = "BC:24:11:49:FE:DC";
+      Type = "ether";
+    };
+    DHCP = "ipv4";
+  };
+
  sops.defaultSopsFile = ./secrets.yaml;

  system.stateVersion = "23.11";
--- a/systems/mediabox/nixos.nix
+++ b/systems/mediabox/nixos.nix
@ -72,6 +72,15 @@
    extraPackages = with pkgs; [ mesa.drivers vaapiVdpau libvdpau-va-gl ];
  };

+  systemd.network.networks.eth0 = {
+    name = "eth0";
+    matchConfig = {
+      MACAddress = "BC:24:11:34:F4:A8";
+      Type = "ether";
+    };
+    DHCP = "ipv4";
+  };
+
  sops.defaultSopsFile = ./secrets.yaml;

  system.stateVersion = "21.05";
--- a/systems/tei/cloudflared.nix
+++ b/systems/tei/cloudflared.nix
@ -1,18 +1,15 @@
 {
-  meta,
+  access,
  config,
  lib,
  ...
 }: let
  inherit (lib.modules) mkIf mkMerge;
  inherit (lib.attrsets) listToAttrs nameValuePair;
+  inherit (access) systemFor;
  inherit (config.networking) hostName;
  cfg = config.services.cloudflared;
  apartment = "5e85d878-c6b2-4b15-b803-9aeb63d63543";
-  systemFor = hostName:
-    if hostName == config.networking.hostName
-    then config
-    else meta.network.nodes.${hostName};
  accessHostFor = {
    hostName,
    system ? systemFor hostName,
--- a/systems/tei/nixos.nix
+++ b/systems/tei/nixos.nix
@ -1,6 +1,5 @@
 {
  meta,
-  lib,
  ...
 }: {
  imports = let
@ -25,7 +24,17 @@
  ];

  sops.defaultSopsFile = ./secrets.yaml;
-  networking.access.static.ipv4 = "10.1.1.39";
+
+  systemd.network.networks.eth0 = {
+    name = "eth0";
+    matchConfig = {
+      MACAddress = "BC:24:11:CC:66:57";
+      Type = "ether";
+    };
+    address = [ "10.1.1.39/24" ];
+    gateway = [ "10.1.1.1" ];
+    DHCP = "no";
+  };

  system.stateVersion = "23.11";
 }