foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-07 06:19:00 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

hosts/plover/services/networking: init additional options

Browse Source 
Exclusively focusing on the public network interface for now.
This commit is contained in:
Gabriel Arazas 2024-10-10 12:34:13 +08:00
parent 0af5f487d7
commit 2bee747b2f
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
2 changed files with 71 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
configs/nixos/plover/default.nix
View File

@ -18,7 +18,11 @@
# Host-specific modules structuring. # Host-specific modules structuring.
hosts.plover.services = { hosts.plover.services = {
networking.enable = true; networking = {
enable = true;
macAddress = "96:00:03:c3:99:93";
};
backup.enable = true; backup.enable = true;
database.enable = true; database.enable = true;
firewall.enable = true; firewall.enable = true;

121
configs/nixos/plover/modules/services/networking.nix
View File

@ -10,8 +10,26 @@ let
inherit (config.state.network) interfaces; inherit (config.state.network) interfaces;
in in
{ {
options.hosts.plover.services.networking.enable = options.hosts.plover.services.networking = {
lib.mkEnableOption "preferred networking setup"; enable = lib.mkEnableOption "preferred networking setup";
restrictLocalOnWAN = lib.mkOption {
type = lib.types.bool;
default = true;
example = false;
description = ''
Whether to disable local networking on the public-facing network
interface. The recommended practice for this is to create another
network interface with the local network.
'';
};
macAddress = lib.mkOption {
type = lib.types.nonEmptyStr;
description = "MAC address of the public-facing network interface";
example = "00:00:00:00:c3:54:93";
};
};
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
networking = { networking = {
@ -52,68 +70,61 @@ in
"10-wan" = let "10-wan" = let
inherit (interfaces) wan; inherit (interfaces) wan;
in { in {
matchConfig.Name = lib.concatStringsSep " " mainEthernetInterfaceNames; matchConfig = {
Name = lib.concatStringsSep " " mainEthernetInterfaceNames;
# Setting up IPv6. PermanentMACAddress = cfg.macAddress;
address = [
"${wan.ipv4}/32"
"${wan.ipv6}/64"
];
gateway = [ wan.ipv6Gateway ];
dns = [
"185.12.64.1"
"185.12.64.2"
"2a01:4ff:ff00::add:2"
"2a01:4ff:ff00::add:1"
]
++ lib.optionals hostCfg.services.dns-server.enable [
wan.ipv4
wan.ipv6
];
# Setting up some other networking thingy.
domains = [ config.networking.domain ];
routes = lib.singleton {
Gateway = wan.ipv4Gateway;
GatewayOnLink = true;
}; };
linkConfig.RequiredForOnline = "routable"; networkConfig = {
}; DHCP = "ipv4";
LinkLocalAddressing = "ipv6";
IPv6AcceptRA = true;
};
# The interface for our LAN. dhcpV4Config = {
"20-lan" = let RouteMetric = 100;
inherit (interfaces) lan; UseMTU = true;
in { };
matchConfig.Name = lib.concatStringsSep " " internalEthernetInterfaceNames;
# Take note of the private subnets set in your Hetzner Cloud instance address = [ "${wan.ipv6}/64" ];
# (at least for IPv4 addresses)..
address = [
"${lan.ipv4}/16"
"${lan.ipv6}/64"
];
# Using the authoritative DNS server to enable accessing them nice
# internal services with domain names.
dns = [ dns = [
lan.ipv4 "2a01:4ff:ff00::add:2"
lan.ipv6 "2a01:4ff:ff00::add:1"
]; ];
# Force our own internal domain to be used in the system. routes = [
domains = [ config.networking.fqdn ]; {
Gateway = wan.ipv4Gateway;
GatewayOnLink = true;
}
# Use the gateway to enable resolution of external domains. {
gateway = [ Gateway = wan.ipv6Gateway;
lan.ipv4Gateway GatewayOnLink = true;
lan.ipv6Gateway }
]; ]
++ lib.optionals cfg.restrictLocalOnWAN [
{
Destination = "176.16.0.0/12";
Type = "unreachable";
}
{
Destination = "10.0.0.0/8";
Type = "unreachable";
}
{
Destination = "192.168.0.0/16";
Type = "unreachable";
}
{
Destination = "fc00::/7";
Type = "unreachable";
}
];
networkConfig.IPv6AcceptRA = true;
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
}; };
}; };