gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: static networking

Browse source
This commit is contained in:
arcnmx 2024-01-18 13:51:13 -08:00
parent 1a4b5ee8b2
commit 91d4895c6f
13 changed files with 155 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

32
modules/meta/access.nix Normal file
View file

@ -0,0 +1,32 @@
{
config,
access,
...
}: let
nixosModule = {
config,
...
}: {
config = {
_module.args.access = access // {
systemFor = hostName: if hostName == config.networking.hostName
then config
else access.systemFor hostName;
systemForOrNull = hostName: if hostName == config.networking.hostName
then config
else access.systemForOrNull hostName;
};
};
};
in {
config = {
network.nixos.extraModules = [
nixosModule
];
_module.args.access = {
systemFor = hostName: config.network.nodes.${hostName};
systemForOrNull = hostName: config.network.nodes.${hostName} or null;
};
};
}

3
modules/nixos/access.nix
View file

@ -8,9 +8,6 @@
inherit (config.networking) hostName; inherit (config.networking) hostName;
in { in {
options.networking.access = with lib.types; { options.networking.access = with lib.types; {
static.ipv4 = mkOption {
type = str;
};
hostnameForNetwork = mkOption { hostnameForNetwork = mkOption {
type = attrsOf str; type = attrsOf str;
default = { }; default = { };

47
modules/nixos/network.nix
View file

@ -1,14 +1,53 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }: let
with lib; { inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkOptionDefault;
inherit (lib.trivial) eui64;
inherit (config) networking services;
networkModule = { config, ... }: {
options = with lib.types; {
mdns = {
enable = mkEnableOption "SLAAC" // {
default = config.matchConfig.Type or null == "ether" && services.resolved.enable;
};
};
slaac = {
enable = mkEnableOption "SLAAC" // {
default = config.matchConfig.Type or null == "ether" && networking.enableIPv6;
};
postfix = mkOption {
type = str;
};
};
};
config = {
slaac.postfix = mkIf (config.matchConfig.MACAddress or null != null) (
mkOptionDefault (eui64 config.matchConfig.MACAddress)
);
networkConfig = mkMerge [
(mkIf config.slaac.enable {
IPv6AcceptRA = true;
})
(mkIf config.mdns.enable {
MulticastDNS = true;
})
];
linkConfig = mkIf config.mdns.enable {
Multicast = true;
};
};
};
in {
options.deploy.system = mkOption { options.deploy.system = mkOption {
type = types.unspecified; type = lib.types.unspecified;
readOnly = true; readOnly = true;
}; };
options.systemd.network.networks = mkOption {
type = with lib.types; attrsOf (submodule networkModule);
};
config = { config = {
deploy.system = config.system.build.toplevel; deploy.system = config.system.build.toplevel;
}; };

10
nixos/access/global.nix Normal file
View file

@ -0,0 +1,10 @@
{
lib,
...
}: let
inherit (lib.modules) mkDefault;
in {
networking = {
tempAddresses = mkDefault "disabled";
};
}

1
nixos/base/network.nix
View file

@ -3,7 +3,6 @@
{ {
networking = { networking = {
nftables.enable = true; nftables.enable = true;
tempAddresses = "disabled";
domain = mkDefault "gensokyo.zone"; domain = mkDefault "gensokyo.zone";
hostName = mkOverride 25 name; hostName = mkOverride 25 name;
}; };

1
nixos/home-assistant.nix
View file

@ -89,7 +89,6 @@ in {
homekit = [ { homekit = [ {
name = "Tewi"; name = "Tewi";
port = 21063; port = 21063;
ip_address = config.networking.access.static.ipv4;
filter = let filter = let
inherit (cfg.config) google_assistant; inherit (cfg.config) google_assistant;
in { in {

1
overlays/local/default.nix
View file

@ -1,4 +1,5 @@
final: prev: { final: prev: {
lib = prev.lib.extend (import ./lib.nix);
requests-oauth = final.python3Packages.callPackage ./requests-oauth.nix {}; requests-oauth = final.python3Packages.callPackage ./requests-oauth.nix {};
withings-api = final.python3Packages.callPackage ./withings-api.nix {}; withings-api = final.python3Packages.callPackage ./withings-api.nix {};
irlsite = final.callPackage ./irlsite.nix {}; irlsite = final.callPackage ./irlsite.nix {};

27
overlays/local/lib.nix Normal file
View file

@ -0,0 +1,27 @@
lib: prev: let
inherit (lib.strings) splitString toLower;
inherit (lib.lists) imap0 elemAt;
inherit (lib.attrsets) listToAttrs nameValuePair;
inherit (lib.strings) substring fixedWidthString;
inherit (lib.trivial) flip toHexString toHexStringLower hexCharToInt bitOr;
in {
trivial = prev.trivial // {
toHexStringLower = v: toLower (toHexString v);
hexCharToInt = let
hexChars = [ "0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "a" "b" "c" "d" "e" "f" ];
pairs = imap0 (flip nameValuePair) hexChars;
idx = listToAttrs pairs;
in char: idx.${char};
eui64 = mac: let
parts = map toLower (splitString ":" mac);
part = elemAt parts;
part0 = part: let
nibble1' = hexCharToInt (substring 1 1 part);
nibble1 = bitOr 2 nibble1';
nibble0 = substring 0 1 part;
in nibble0 + (fixedWidthString 1 "0" (toHexStringLower nibble1));
in "${part0 (part 0)}${part 1}:${part 2}ff:fe${part 3}:${part 4}${part 5}";
};
}

11
systems/hakurei/nixos.nix
View file

@ -31,6 +31,17 @@
}; };
}; };
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:C4:66:A7";
Type = "ether";
};
address = [ "10.1.1.41/24" ];
gateway = [ "10.1.1.1" ];
DHCP = "no";
};
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
system.stateVersion = "23.11"; system.stateVersion = "23.11";

9
systems/kuwubernetes/nixos.nix
View file

@ -54,6 +54,15 @@
}; };
}; };
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:49:FE:DC";
Type = "ether";
};
DHCP = "ipv4";
};
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
system.stateVersion = "23.11"; system.stateVersion = "23.11";

9
systems/mediabox/nixos.nix
View file

@ -72,6 +72,15 @@
extraPackages = with pkgs; [ mesa.drivers vaapiVdpau libvdpau-va-gl ]; extraPackages = with pkgs; [ mesa.drivers vaapiVdpau libvdpau-va-gl ];
}; };
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:34:F4:A8";
Type = "ether";
};
DHCP = "ipv4";
};
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
system.stateVersion = "21.05"; system.stateVersion = "21.05";

7
systems/tei/cloudflared.nix
View file

@ -1,18 +1,15 @@
{ {
meta, access,
config, config,
lib, lib,
... ...
}: let }: let
inherit (lib.modules) mkIf mkMerge; inherit (lib.modules) mkIf mkMerge;
inherit (lib.attrsets) listToAttrs nameValuePair; inherit (lib.attrsets) listToAttrs nameValuePair;
inherit (access) systemFor;
inherit (config.networking) hostName; inherit (config.networking) hostName;
cfg = config.services.cloudflared; cfg = config.services.cloudflared;
apartment = "5e85d878-c6b2-4b15-b803-9aeb63d63543"; apartment = "5e85d878-c6b2-4b15-b803-9aeb63d63543";
systemFor = hostName:
if hostName == config.networking.hostName
then config
else meta.network.nodes.${hostName};
accessHostFor = { accessHostFor = {
hostName, hostName,
system ? systemFor hostName, system ? systemFor hostName,

13
systems/tei/nixos.nix
View file

@ -1,6 +1,5 @@
{ {
meta, meta,
lib,
... ...
}: { }: {
imports = let imports = let
@ -25,7 +24,17 @@
]; ];
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
networking.access.static.ipv4 = "10.1.1.39";
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:CC:66:57";
Type = "ether";
};
address = [ "10.1.1.39/24" ];
gateway = [ "10.1.1.1" ];
DHCP = "no";
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }