foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-07 12:19:07 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

hosts/plover/services/networking: init additional options

Browse Source 
Exclusively focusing on the public network interface for now.
This commit is contained in:
Gabriel Arazas 2024-10-10 12:34:13 +08:00
parent 0af5f487d7
commit 2bee747b2f
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
2 changed files with 71 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
configs/nixos/plover/default.nix
View File

@ -18,7 +18,11 @@
# Host-specific modules structuring. # Host-specific modules structuring.
hosts.plover.services = { hosts.plover.services = {
networking.enable = true; networking = {
enable = true;
macAddress = "96:00:03:c3:99:93";
};
backup.enable = true; backup.enable = true;
database.enable = true; database.enable = true;
firewall.enable = true; firewall.enable = true;

111
configs/nixos/plover/modules/services/networking.nix
View File

@ -10,8 +10,26 @@ let
inherit (config.state.network) interfaces; inherit (config.state.network) interfaces;
in in
{ {
options.hosts.plover.services.networking.enable = options.hosts.plover.services.networking = {
lib.mkEnableOption "preferred networking setup"; enable = lib.mkEnableOption "preferred networking setup";
restrictLocalOnWAN = lib.mkOption {
type = lib.types.bool;
default = true;
example = false;
description = ''
Whether to disable local networking on the public-facing network
interface. The recommended practice for this is to create another
network interface with the local network.
'';
};
macAddress = lib.mkOption {
type = lib.types.nonEmptyStr;
description = "MAC address of the public-facing network interface";
example = "00:00:00:00:c3:54:93";
};
};
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
networking = { networking = {
@ -52,68 +70,61 @@ in
"10-wan" = let "10-wan" = let
inherit (interfaces) wan; inherit (interfaces) wan;
in { in {
matchConfig.Name = lib.concatStringsSep " " mainEthernetInterfaceNames; matchConfig = {
Name = lib.concatStringsSep " " mainEthernetInterfaceNames;
PermanentMACAddress = cfg.macAddress;
};
# Setting up IPv6. networkConfig = {
address = [ DHCP = "ipv4";
"${wan.ipv4}/32" LinkLocalAddressing = "ipv6";
"${wan.ipv6}/64" IPv6AcceptRA = true;
]; };
gateway = [ wan.ipv6Gateway ];
dhcpV4Config = {
RouteMetric = 100;
UseMTU = true;
};
address = [ "${wan.ipv6}/64" ];
dns = [ dns = [
"185.12.64.1"
"185.12.64.2"
"2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:2"
"2a01:4ff:ff00::add:1" "2a01:4ff:ff00::add:1"
]
++ lib.optionals hostCfg.services.dns-server.enable [
wan.ipv4
wan.ipv6
]; ];
# Setting up some other networking thingy. routes = [
domains = [ config.networking.domain ]; {
routes = lib.singleton {
Gateway = wan.ipv4Gateway; Gateway = wan.ipv4Gateway;
GatewayOnLink = true; GatewayOnLink = true;
}; }
linkConfig.RequiredForOnline = "routable"; {
}; Gateway = wan.ipv6Gateway;
GatewayOnLink = true;
}
]
++ lib.optionals cfg.restrictLocalOnWAN [
{
Destination = "176.16.0.0/12";
Type = "unreachable";
}
# The interface for our LAN. {
"20-lan" = let Destination = "10.0.0.0/8";
inherit (interfaces) lan; Type = "unreachable";
in { }
matchConfig.Name = lib.concatStringsSep " " internalEthernetInterfaceNames;
# Take note of the private subnets set in your Hetzner Cloud instance {
# (at least for IPv4 addresses).. Destination = "192.168.0.0/16";
address = [ Type = "unreachable";
"${lan.ipv4}/16" }
"${lan.ipv6}/64"
{
Destination = "fc00::/7";
Type = "unreachable";
}
]; ];
# Using the authoritative DNS server to enable accessing them nice
# internal services with domain names.
dns = [
lan.ipv4
lan.ipv6
];
# Force our own internal domain to be used in the system.
domains = [ config.networking.fqdn ];
# Use the gateway to enable resolution of external domains.
gateway = [
lan.ipv4Gateway
lan.ipv6Gateway
];
networkConfig.IPv6AcceptRA = true;
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
}; };
}; };