From 91d4895c6f9d37ee87675d4bc02ec962a6c806d6 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Thu, 18 Jan 2024 13:51:13 -0800
Subject: [PATCH] refactor: static networking

---
 modules/meta/access.nix        | 32 +++++++++++++++++++++++
 modules/nixos/access.nix       |  3 ---
 modules/nixos/network.nix      | 47 +++++++++++++++++++++++++++++++---
 nixos/access/global.nix        | 10 ++++++++
 nixos/base/network.nix         |  1 -
 nixos/home-assistant.nix       |  1 -
 overlays/local/default.nix     |  1 +
 overlays/local/lib.nix         | 27 +++++++++++++++++++
 systems/hakurei/nixos.nix      | 11 ++++++++
 systems/kuwubernetes/nixos.nix |  9 +++++++
 systems/mediabox/nixos.nix     |  9 +++++++
 systems/tei/cloudflared.nix    |  7 ++---
 systems/tei/nixos.nix          | 13 ++++++++--
 13 files changed, 155 insertions(+), 16 deletions(-)
 create mode 100644 modules/meta/access.nix
 create mode 100644 nixos/access/global.nix
 create mode 100644 overlays/local/lib.nix

diff --git a/modules/meta/access.nix b/modules/meta/access.nix
new file mode 100644
index 00000000..4e2e1051
--- /dev/null
+++ b/modules/meta/access.nix
@@ -0,0 +1,32 @@
+{
+  config,
+  access,
+  ...
+}: let
+  nixosModule = {
+    config,
+    ...
+  }: {
+    config = {
+      _module.args.access = access // {
+        systemFor = hostName: if hostName == config.networking.hostName
+          then config
+          else access.systemFor hostName;
+        systemForOrNull = hostName: if hostName == config.networking.hostName
+          then config
+          else access.systemForOrNull hostName;
+      };
+    };
+  };
+in {
+  config = {
+    network.nixos.extraModules = [
+      nixosModule
+    ];
+
+    _module.args.access = {
+      systemFor = hostName: config.network.nodes.${hostName};
+      systemForOrNull = hostName: config.network.nodes.${hostName} or null;
+    };
+  };
+}
diff --git a/modules/nixos/access.nix b/modules/nixos/access.nix
index 7aa1d0e7..285923f5 100644
--- a/modules/nixos/access.nix
+++ b/modules/nixos/access.nix
@@ -8,9 +8,6 @@
   inherit (config.networking) hostName;
 in {
   options.networking.access = with lib.types; {
-    static.ipv4 = mkOption {
-      type = str;
-    };
     hostnameForNetwork = mkOption {
       type = attrsOf str;
       default = { };
diff --git a/modules/nixos/network.nix b/modules/nixos/network.nix
index 3a41cf8d..4c1b9f59 100644
--- a/modules/nixos/network.nix
+++ b/modules/nixos/network.nix
@@ -1,14 +1,53 @@
 {
   config,
   lib,
-  pkgs,
   ...
-}:
-with lib; {
+}: let
+  inherit (lib.options) mkOption mkEnableOption;
+  inherit (lib.modules) mkIf mkMerge mkOptionDefault;
+  inherit (lib.trivial) eui64;
+  inherit (config) networking services;
+  networkModule = { config, ... }: {
+    options = with lib.types; {
+      mdns = {
+        enable = mkEnableOption "SLAAC" // {
+          default = config.matchConfig.Type or null == "ether" && services.resolved.enable;
+        };
+      };
+      slaac = {
+        enable = mkEnableOption "SLAAC" // {
+          default = config.matchConfig.Type or null == "ether" && networking.enableIPv6;
+        };
+        postfix = mkOption {
+          type = str;
+        };
+      };
+    };
+    config = {
+      slaac.postfix = mkIf (config.matchConfig.MACAddress or null != null) (
+        mkOptionDefault (eui64 config.matchConfig.MACAddress)
+      );
+      networkConfig = mkMerge [
+        (mkIf config.slaac.enable {
+          IPv6AcceptRA = true;
+        })
+        (mkIf config.mdns.enable {
+          MulticastDNS = true;
+        })
+      ];
+      linkConfig = mkIf config.mdns.enable {
+        Multicast = true;
+      };
+    };
+  };
+in {
   options.deploy.system = mkOption {
-    type = types.unspecified;
+    type = lib.types.unspecified;
     readOnly = true;
   };
+  options.systemd.network.networks = mkOption {
+    type = with lib.types; attrsOf (submodule networkModule);
+  };
   config = {
     deploy.system = config.system.build.toplevel;
   };
diff --git a/nixos/access/global.nix b/nixos/access/global.nix
new file mode 100644
index 00000000..2a88b76a
--- /dev/null
+++ b/nixos/access/global.nix
@@ -0,0 +1,10 @@
+{
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkDefault;
+in {
+  networking = {
+    tempAddresses = mkDefault "disabled";
+  };
+}
diff --git a/nixos/base/network.nix b/nixos/base/network.nix
index 28af3d4d..014ebbf9 100644
--- a/nixos/base/network.nix
+++ b/nixos/base/network.nix
@@ -3,7 +3,6 @@
 {
   networking = {
     nftables.enable = true;
-    tempAddresses = "disabled";
     domain = mkDefault "gensokyo.zone";
     hostName = mkOverride 25 name;
   };
diff --git a/nixos/home-assistant.nix b/nixos/home-assistant.nix
index 7f339e82..e29d420a 100644
--- a/nixos/home-assistant.nix
+++ b/nixos/home-assistant.nix
@@ -89,7 +89,6 @@ in {
       homekit = [ {
         name = "Tewi";
         port = 21063;
-        ip_address = config.networking.access.static.ipv4;
         filter = let
           inherit (cfg.config) google_assistant;
         in {
diff --git a/overlays/local/default.nix b/overlays/local/default.nix
index fb30f111..dc66dde3 100644
--- a/overlays/local/default.nix
+++ b/overlays/local/default.nix
@@ -1,4 +1,5 @@
 final: prev: {
+  lib = prev.lib.extend (import ./lib.nix);
   requests-oauth = final.python3Packages.callPackage ./requests-oauth.nix {};
   withings-api = final.python3Packages.callPackage ./withings-api.nix {};
   irlsite = final.callPackage ./irlsite.nix {};
diff --git a/overlays/local/lib.nix b/overlays/local/lib.nix
new file mode 100644
index 00000000..822d8ee7
--- /dev/null
+++ b/overlays/local/lib.nix
@@ -0,0 +1,27 @@
+lib: prev: let
+  inherit (lib.strings) splitString toLower;
+  inherit (lib.lists) imap0 elemAt;
+  inherit (lib.attrsets) listToAttrs nameValuePair;
+  inherit (lib.strings) substring fixedWidthString;
+  inherit (lib.trivial) flip toHexString toHexStringLower hexCharToInt bitOr;
+in {
+  trivial = prev.trivial // {
+    toHexStringLower = v: toLower (toHexString v);
+
+    hexCharToInt = let
+      hexChars = [ "0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "a" "b" "c" "d" "e" "f" ];
+      pairs = imap0 (flip nameValuePair) hexChars;
+      idx = listToAttrs pairs;
+    in char: idx.${char};
+
+    eui64 = mac: let
+      parts = map toLower (splitString ":" mac);
+      part = elemAt parts;
+      part0 = part: let
+        nibble1' = hexCharToInt (substring 1 1 part);
+        nibble1 = bitOr 2 nibble1';
+        nibble0 = substring 0 1 part;
+      in nibble0 + (fixedWidthString 1 "0" (toHexStringLower nibble1));
+    in "${part0 (part 0)}${part 1}:${part 2}ff:fe${part 3}:${part 4}${part 5}";
+  };
+}
diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix
index 38db9830..e2b54744 100644
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@@ -31,6 +31,17 @@
     };
   };
 
+  systemd.network.networks.eth0 = {
+    name = "eth0";
+    matchConfig = {
+      MACAddress = "BC:24:11:C4:66:A7";
+      Type = "ether";
+    };
+    address = [ "10.1.1.41/24" ];
+    gateway = [ "10.1.1.1" ];
+    DHCP = "no";
+  };
+
   sops.defaultSopsFile = ./secrets.yaml;
 
   system.stateVersion = "23.11";
diff --git a/systems/kuwubernetes/nixos.nix b/systems/kuwubernetes/nixos.nix
index e10f2adc..c445fbe8 100644
--- a/systems/kuwubernetes/nixos.nix
+++ b/systems/kuwubernetes/nixos.nix
@@ -54,6 +54,15 @@
     };
   };
 
+  systemd.network.networks.eth0 = {
+    name = "eth0";
+    matchConfig = {
+      MACAddress = "BC:24:11:49:FE:DC";
+      Type = "ether";
+    };
+    DHCP = "ipv4";
+  };
+
   sops.defaultSopsFile = ./secrets.yaml;
 
   system.stateVersion = "23.11";
diff --git a/systems/mediabox/nixos.nix b/systems/mediabox/nixos.nix
index 2df23a6f..5a958856 100644
--- a/systems/mediabox/nixos.nix
+++ b/systems/mediabox/nixos.nix
@@ -72,6 +72,15 @@
     extraPackages = with pkgs; [ mesa.drivers vaapiVdpau libvdpau-va-gl ];
   };
 
+  systemd.network.networks.eth0 = {
+    name = "eth0";
+    matchConfig = {
+      MACAddress = "BC:24:11:34:F4:A8";
+      Type = "ether";
+    };
+    DHCP = "ipv4";
+  };
+
   sops.defaultSopsFile = ./secrets.yaml;
 
   system.stateVersion = "21.05";
diff --git a/systems/tei/cloudflared.nix b/systems/tei/cloudflared.nix
index 3c830c17..d4a79589 100644
--- a/systems/tei/cloudflared.nix
+++ b/systems/tei/cloudflared.nix
@@ -1,18 +1,15 @@
 {
-  meta,
+  access,
   config,
   lib,
   ...
 }: let
   inherit (lib.modules) mkIf mkMerge;
   inherit (lib.attrsets) listToAttrs nameValuePair;
+  inherit (access) systemFor;
   inherit (config.networking) hostName;
   cfg = config.services.cloudflared;
   apartment = "5e85d878-c6b2-4b15-b803-9aeb63d63543";
-  systemFor = hostName:
-    if hostName == config.networking.hostName
-    then config
-    else meta.network.nodes.${hostName};
   accessHostFor = {
     hostName,
     system ? systemFor hostName,
diff --git a/systems/tei/nixos.nix b/systems/tei/nixos.nix
index 9558b9f2..5e6946e0 100644
--- a/systems/tei/nixos.nix
+++ b/systems/tei/nixos.nix
@@ -1,6 +1,5 @@
 {
   meta,
-  lib,
   ...
 }: {
   imports = let
@@ -25,7 +24,17 @@
   ];
 
   sops.defaultSopsFile = ./secrets.yaml;
-  networking.access.static.ipv4 = "10.1.1.39";
+
+  systemd.network.networks.eth0 = {
+    name = "eth0";
+    matchConfig = {
+      MACAddress = "BC:24:11:CC:66:57";
+      Type = "ether";
+    };
+    address = [ "10.1.1.39/24" ];
+    gateway = [ "10.1.1.1" ];
+    DHCP = "no";
+  };
 
   system.stateVersion = "23.11";
 }