commit fc83475cd4a776bef0a02862c6215165cd1d096a
parent d80d38a3ccc7d966e8b3b1c463e8812439085d0e
Author: Katja (ctucx) <git@ctu.cx>
Date: Sun, 9 Mar 2025 22:21:34 +0100
parent d80d38a3ccc7d966e8b3b1c463e8812439085d0e
Author: Katja (ctucx) <git@ctu.cx>
Date: Sun, 9 Mar 2025 22:21:34 +0100
machines: refactor network-configuration
20 files changed, 184 insertions(+), 150 deletions(-)
diff --git a/configurations/nixos/configure/router/systemd-networkd.nix b/configurations/nixos/configure/router/systemd-networkd.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ node, config, lib, ... }: { @@ -60,7 +60,7 @@ "5-dtagdsl" = { matchConfig.Name = "dtagdsl"; - address = [ "192.168.1.2/24"]; + address = [ "192.168.1.2/24" ]; linkConfig.RequiredForOnline = false; networkConfig.LinkLocalAddressing = false; @@ -116,7 +116,7 @@ Driver = "bridge"; }; - address = [ "10.0.0.1/8" "2a03:4000:4d:5e:acab::1/112" ]; + address = [ "${node.ip4Address}/${toString node.ip4PrefixLength}" "${node.ip6Address}/${toString node.ip6PrefixLength}" ]; routingPolicyRules = [ { @@ -141,7 +141,7 @@ IPv6SendRA = true; DHCPServer = true; - DNS = "10.0.0.1"; + DNS = node.ip4Address; }; dhcpPrefixDelegationConfig = { @@ -165,7 +165,7 @@ PoolOffset = 100; PoolSize = 100; EmitDNS = true; - DNS = "10.0.0.1"; + DNS = node.ip4Address; IPv6OnlyPreferredSec = 300; };
diff --git a/configurations/nixos/configure/smarthome/influxdb2.nix b/configurations/nixos/configure/smarthome/influxdb2.nix @@ -1,8 +1,8 @@ -{ config, pkgs, lib, ... }: +{ node, config, pkgs, lib, ... }: { - dns.zones."ctu.cx".subdomains."influx.home".AAAA = [ config.networking.primaryIP ]; + dns.zones."ctu.cx".subdomains."influx.home".AAAA = [ node.ip6Address ]; age.secrets.restic-influxdb.file = ./. + "/../../../../secrets/${config.networking.hostName}/restic/influxdb.age"; age.secrets.influx-backup-env.file = ./. + "/../../../../secrets/${config.networking.hostName}/influx/backup_env.age";
diff --git a/configurations/nixos/configure/smarthome/mqtt-webui/default.nix b/configurations/nixos/configure/smarthome/mqtt-webui/default.nix @@ -1,8 +1,8 @@ -{ pkgs, config, ... }: +{ node, pkgs, config, ... }: { - dns.zones."ctu.cx".subdomains."smart.home".AAAA = [ config.networking.primaryIP ]; + dns.zones."ctu.cx".subdomains."smart.home".AAAA = [ node.ip6Address ]; services.nginx = { enable = true;
diff --git a/configurations/nixos/configure/smarthome/zigbee2mqtt.nix b/configurations/nixos/configure/smarthome/zigbee2mqtt.nix @@ -1,8 +1,8 @@ -{ inputs, pkgs, lib, config, ... }: +{ inputs, node, pkgs, lib, config, ... }: { - dns.zones."ctu.cx".subdomains."zigbee2mqtt.home".AAAA = [ config.networking.primaryIP ]; + dns.zones."ctu.cx".subdomains."zigbee2mqtt.home".AAAA = [ node.ip6Address ]; age.secrets."zigbee2mqtt-secrets.yaml" = { file = ./. + "/../../../../secrets/${config.networking.hostName}/zigbee2mqtt/secrets.age";
diff --git a/configurations/nixos/services/ca/default.nix b/configurations/nixos/services/ca/default.nix @@ -1,8 +1,8 @@ -{ config, ctucxLib, ... }: +{ node, config, ctucxLib, ... }: { - dns.zones."ctu.cx".subdomains."ca".AAAA = [ config.networking.primaryIP ]; + dns.zones."ctu.cx".subdomains."ca".AAAA = [ node.ip6Address ]; age.secrets.caPassword.file = ./. + "/../../../../secrets/${config.networking.hostName}/caPassword.age";
diff --git a/configurations/nixos/services/dns-server.nix b/configurations/nixos/services/dns-server.nix @@ -1,4 +1,4 @@ -{ inputs, config, dnsNix, ctucxLib, lib, pkgs, ...}: +{ inputs, node, config, dnsNix, ctucxLib, lib, pkgs, ...}: let acmeZone = "acme.ctu.cx"; @@ -124,12 +124,12 @@ in { subdomains = { ns1 = (host - inputs.self.nixosConfigurations.hector.config.networking.primaryIP4 - inputs.self.nixosConfigurations.hector.config.networking.primaryIP + inputs.self.nodes.hector.ip4Address + inputs.self.nodes.hector.ip6Address ); ns2 = (host - inputs.self.nixosConfigurations.wanderduene.config.networking.primaryIP4 - inputs.self.nixosConfigurations.wanderduene.config.networking.primaryIP + inputs.self.nodes.wanderduene.ip4Address + inputs.self.nodes.wanderduene.ip6Address ); "acme".NS = [ "ns1" "ns2" ];
diff --git a/configurations/nixos/services/mailserver/default.nix b/configurations/nixos/services/mailserver/default.nix @@ -1,4 +1,4 @@ -{ dnsNix, pkgs, config, ... }: +{ dnsNix, node, pkgs, config, ... }: let mailAutoConfig = '' @@ -36,7 +36,7 @@ in { age.secrets.mail-password-vaultwarden.file = ./. + "/../../../../secrets/${config.networking.hostName}/mail/password-vaultwarden-ctu.cx.age"; dns.zones = with dnsNix.combinators; let - TXT = [ "v=spf1 a mx ip4:${config.networking.primaryIP4} +ip6:${config.networking.primaryIP} ~all" ]; + TXT = [ "v=spf1 a mx ip4:${node.ip4Address} +ip6:${node.ip6Address} ~all" ]; DMARC = "v=DMARC1; p=none"; MX = with mx; [ (mx 10 "${config.networking.fqdn}.") ]; in {
diff --git a/configurations/nixos/websites/audiobooks.home.ctu.cx.nix b/configurations/nixos/websites/audiobooks.home.ctu.cx.nix @@ -1,8 +1,8 @@ -{ config, pkgs, lib, ... }: +{ node, config, pkgs, lib, ... }: { - dns.zones."ctu.cx".subdomains."audiobooks.home".AAAA = [ config.networking.primaryIP ]; + dns.zones."ctu.cx".subdomains."audiobooks.home".AAAA = [ node.ip6Address ]; fileSystems."/mnt/audiobooks" = { device = "/nix/persist/home/katja/syncthing/Audiobooks";
diff --git a/configurations/nixos/websites/ctu.cx.nix b/configurations/nixos/websites/ctu.cx.nix @@ -1,9 +1,9 @@ -{ dnsNix, pkgs, lib, config, ...}: +{ dnsNix, node, pkgs, lib, config, ...}: { - dns.zones."ctu.cx" = (dnsNix.combinators.host config.networking.primaryIP4 config.networking.primaryIP); - dns.zones."katja.wtf" = (dnsNix.combinators.host config.networking.primaryIP4 config.networking.primaryIP); + dns.zones."ctu.cx" = (dnsNix.combinators.host node.ip4Address node.ip6Address); + dns.zones."katja.wtf" = (dnsNix.combinators.host node.ip4Address node.ip6Address); services.nginx = { enable = true;
diff --git a/configurations/nixos/websites/fedi.home.ctu.cx.nix b/configurations/nixos/websites/fedi.home.ctu.cx.nix @@ -1,4 +1,4 @@ -{ ctucxConfig, config, ... }: +{ node, ctucxConfig, config, ... }: { @@ -11,7 +11,7 @@ # the settings in `../services/gotosical.nix` are also used! # - dns.zones."ctu.cx".subdomains."fedi.home".AAAA = [ config.networking.primaryIP ]; + dns.zones."ctu.cx".subdomains."fedi.home".AAAA = [ node.ip6Address ]; services.gotosocial = { enable = true;
diff --git a/configurations/nixos/websites/ip.ctu.cx.nix b/configurations/nixos/websites/ip.ctu.cx.nix @@ -1,10 +1,10 @@ -{ dnsNix, pkgs, config, ... }: +{ node, dnsNix, pkgs, config, ... }: { - dns.zones."ctu.cx".subdomains."ip" = (dnsNix.combinators.host config.networking.primaryIP4 config.networking.primaryIP); - dns.zones."ctu.cx".subdomains."ip4".A = [ config.networking.primaryIP4 ]; - dns.zones."ctu.cx".subdomains."ip6".AAAA = [ config.networking.primaryIP ]; + dns.zones."ctu.cx".subdomains."ip" = (dnsNix.combinators.host node.ip4Address node.ip6Address); + dns.zones."ctu.cx".subdomains."ip4".A = [ node.ip4Address ]; + dns.zones."ctu.cx".subdomains."ip6".AAAA = [ node.ip6Address ]; services.nginx.virtualHosts."ip.${config.networking.domain}" = { useACMEHost = "${config.networking.fqdn}";
diff --git a/configurations/nixos/websites/music.home.ctu.cx.nix b/configurations/nixos/websites/music.home.ctu.cx.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ node, config, pkgs, lib, ... }: let webmusic-nginx = pkgs.fetchgit { @@ -9,7 +9,7 @@ let in { - dns.zones."ctu.cx".subdomains."music.home".AAAA = [ config.networking.primaryIP ]; + dns.zones."ctu.cx".subdomains."music.home".AAAA = [ node.ip6Address ]; fileSystems."/mnt/music_originals" = { device = "/nix/persist/home/katja/syncthing/Music (Originals)";
diff --git a/configurations/nixos/websites/zuggeschmack.de.nix b/configurations/nixos/websites/zuggeschmack.de.nix @@ -1,4 +1,4 @@ -{ ctucxConfig, dnsNix, pkgs, config, ... }: +{ ctucxConfig, dnsNix, node, pkgs, config, ... }: { @@ -11,7 +11,7 @@ # the settings in `../services/gotosical.nix` are also used! # - dns.zones."zuggeschmack.de" = (dnsNix.combinators.host config.networking.primaryIP4 config.networking.primaryIP) // { + dns.zones."zuggeschmack.de" = (dnsNix.combinators.host node.ip4Address node.ip6Address) // { subdomains."client".CNAME = [ "${config.networking.fqdn}." ]; };
diff --git a/flake.nix b/flake.nix @@ -25,24 +25,20 @@ transformer = transformer; }; - ctucxMachines = inputs.haumea.lib.load { + in { + + nodes = inputs.haumea.lib.load { src = ./machines; loader = inputs.haumea.lib.loaders.verbatim; transformer = transformer; }; - darwinMachines = nixpkgsLib.filterAttrs (name: machine: nixpkgsLib.strings.hasSuffix "darwin" machine.system) ctucxMachines; - nixosMachines = nixpkgsLib.filterAttrs (name: machine: nixpkgsLib.strings.hasSuffix "linux" machine.system) ctucxMachines; - - in { - - ctucxConfig.homeManager = loadDir ./configurations/homeManager; - ctucxConfig.common = (loadDir ./configurations/common) // { inherit (inputs.self.ctucxConfig) homeManager; }; - ctucxConfig.nixos = nixpkgsLib.recursiveUpdate inputs.self.ctucxConfig.common (loadDir ./configurations/nixos); - ctucxConfig.darwin = nixpkgsLib.recursiveUpdate inputs.self.ctucxConfig.common (loadDir ./configurations/darwin); - - nixosModules = loadDir ./modules/nixos; - darwinModules = loadDir ./modules/darwin; + ctucxConfig = rec { + homeManager = loadDir ./configurations/homeManager; + common = (loadDir ./configurations/common) // { inherit homeManager; }; + nixos = nixpkgsLib.recursiveUpdate common (loadDir ./configurations/nixos); + darwin = nixpkgsLib.recursiveUpdate common (loadDir ./configurations/darwin); + }; lib = inputs.haumea.lib.load { src = ./lib; @@ -50,6 +46,9 @@ transformer = transformer; }; + nixosModules = loadDir ./modules/nixos; + darwinModules = loadDir ./modules/darwin; + overlays.nixpkgsUnstable = final: prev: { unstable = inputs.nixpkgsUnstable.legacyPackages.${prev.system}; }; overlays.darwinOverlay = import ./pkgs/darwinOverlay.nix; @@ -65,12 +64,11 @@ transformer = transformer; }; - nixosConfigurations = builtins.mapAttrs (name: machine: nixpkgsLib.nixosSystem { - system = machine.system; + nixosConfigurations = builtins.mapAttrs (nodeName: node: nixpkgsLib.nixosSystem { + system = node.system; specialArgs = { - inputs = inputs; - nodeName = name; + inherit inputs nodeName node; ctucxConfig = inputs.self.ctucxConfig.nixos; ctucxLib = inputs.self.lib; dnsNix = inputs.dnsNix.lib; @@ -78,7 +76,7 @@ }; modules = [ - ({ ... }: { nixpkgs.overlays = [ + { nixpkgs.overlays = [ inputs.self.overlays.packages inputs.self.overlays.nixpkgsUnstable @@ -93,7 +91,7 @@ inputs.flauschehornSexy.overlays.default inputs.gpxMap.overlays.default inputs.mobileCoverageMap.overlays.default - ]; }) + ]; } inputs.lixModule.nixosModules.default inputs.impermanence.nixosModules.default @@ -104,13 +102,13 @@ inputs.ctucxThings.nixosModules.default inputs.self.nixosModules.default inputs.self.ctucxConfig.nixos.default - machine.configuration + node.configuration ]; - }) nixosMachines; + }) (nixpkgsLib.filterAttrs (name: machine: nixpkgsLib.strings.hasSuffix "linux" machine.system) inputs.self.nodes); - darwinConfigurations = builtins.mapAttrs (name: machine: inputs.nixDarwin.lib.darwinSystem { + darwinConfigurations = builtins.mapAttrs (nodeName: node: inputs.nixDarwin.lib.darwinSystem { pkgs = import inputs.nixpkgsDarwin { - system = machine.system; + system = node.system; overlays = [ inputs.self.overlays.nixpkgsUnstable inputs.self.overlays.packages @@ -134,18 +132,20 @@ inputs.agenix.darwinModules.default inputs.self.darwinModules.default inputs.self.ctucxConfig.darwin.default - machine.configuration + node.configuration ]; - }) darwinMachines; + }) (nixpkgsLib.filterAttrs (name: machine: nixpkgsLib.strings.hasSuffix "darwin" machine.system) inputs.self.nodes); - deploy.sshUser = "root"; - deploy.nodes = builtins.mapAttrs (name: machine: { - hostname = inputs.self.nixosConfigurations."${name}".config.networking.fqdn; - sshOpts = [ "-p" "${builtins.toString (nixpkgsLib.head inputs.self.nixosConfigurations."${name}".config.services.openssh.ports)}" ]; - profiles.system.user = "root"; - profiles.system.path = inputs.deploy-rs.lib."${machine.system}".activate.nixos inputs.self.nixosConfigurations."${name}"; - }) nixosMachines; + deploy.nodes = builtins.mapAttrs (nodeName: node: { + hostname = inputs.self.nixosConfigurations."${nodeName}".config.networking.fqdn; + sshUser = "root"; + sshOpts = [ "-p" "${builtins.toString (nixpkgsLib.head inputs.self.nixosConfigurations."${nodeName}".config.services.openssh.ports)}" ]; + profiles.system = { + user = "root"; + path = inputs.deploy-rs.lib.${inputs.self.nodes.${nodeName}.system}.activate.nixos inputs.self.nixosConfigurations."${nodeName}"; + }; + }) inputs.self.nixosConfigurations; packages = forAllSystems (pkgs: let loader = path: path: pkgs.callPackage path {};
diff --git a/machines/briefkasten/default.nix b/machines/briefkasten/default.nix @@ -1,7 +1,17 @@ { - system = "x86_64-linux"; - configuration = { config, ctucxConfig, lib, pkgs, ... }: { + system = "x86_64-linux"; + interface = "brlan"; + + ip4IsPrivate = true; + ip4Address = "10.0.0.1"; + ip4PrefixLength = 8; + + ip6IsPrivate = false; + ip6Address = "2a03:4000:4d:5e:acab::1"; + ip6PrefixLength = 112; + + configuration = { node, config, ctucxConfig, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix @@ -37,9 +47,9 @@ }; dns.zones."ctu.cx".subdomains = { - briefkasten.AAAA = [ config.networking.primaryIP ]; - home.AAAA = [ config.networking.primaryIP ]; - "briefkasten.home".AAAA = [ config.networking.primaryIP ]; + briefkasten.AAAA = [ node.ip6Address ]; + home.AAAA = [ node.ip6Address ]; + "briefkasten.home".AAAA = [ node.ip6Address ]; }; boot = { @@ -63,12 +73,7 @@ nix.optimise.automatic = false; nix.gc.automatic = false; - networking = { - primaryIP = "2a03:4000:4d:5e:acab::1"; - primaryIP4 = "10.0.0.1"; - - domain = "home.ctu.cx"; - }; + networking.domain = "home.ctu.cx"; services = { email-notify.enable = true;
diff --git a/machines/hector/default.nix b/machines/hector/default.nix @@ -1,7 +1,21 @@ { - system = "x86_64-linux"; - configuration = { config, dnsNix, ctucxConfig, lib, pkgs, ... }: { + system = "x86_64-linux"; + + interface = "ens3"; + + ip4IsPrivate = false; + ip4Address = "194.59.205.194"; + ip4PrefixLength = 22; + defaultGateway4 = "194.59.204.1"; + + ip6IsPrivate = false; + ip6Address = "2a03:4000:34:23e::1"; + ip6PrefixLength = 64; + defaultGateway6 = "fe80::1"; + + + configuration = { node, config, dnsNix, ctucxConfig, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix @@ -41,7 +55,7 @@ ctucxConfig.services.mautrix-whatsapp ]; - dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = dnsNix.combinators.host config.networking.primaryIP4 config.networking.primaryIP; + dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = dnsNix.combinators.host node.ip4Address node.ip6Address; age.secrets.restic-server-briefkasten.file = ../../secrets/restic-server/briefkasten.age; age.secrets.restic-server-wanderduene.file = ../../secrets/restic-server/wanderduene.age; @@ -56,13 +70,13 @@ }; postCommands = '' - ip link set dev ens3 up + ip link set dev ${node.interface} up - ip addr add ${config.networking.primaryIP}/128 dev ens3 - ip route add default via fe80::1 dev ens3 onlink + ip addr add ${node.ip4Address}/${toString node.ip4PrefixLength} dev ${node.interface} + ip route add default via ${node.defaultGateway4} dev ${node.interface} onlink - ip addr add ${config.networking.primaryIP4}/22 dev ens3 - ip route add default via 194.59.204.1 dev ens3 onlink + ip addr add ${node.ip6Address}/${toString node.ip6PrefixLength} dev ${node.interface} + ip route add default via ${node.defaultGateway6} dev ${node.interface} onlink echo 'cryptsetup-askpass' >> /root/.profile ''; @@ -75,25 +89,22 @@ nftables.enable = true; firewall.enable = true; - primaryIP = "2a03:4000:34:23e::1"; - primaryIP4 = "194.59.205.194"; - nameservers = [ "8.8.8.8" "1.1.1.1" ]; - defaultGateway.interface = "ens3"; - defaultGateway.address = "194.59.204.1"; + defaultGateway.interface = node.interface; + defaultGateway.address = node.defaultGateway4; - defaultGateway6.interface = "ens3"; - defaultGateway6.address = "fe80::1"; + defaultGateway6.interface = node.interface; + defaultGateway6.address = node.defaultGateway6; interfaces.ens3.ipv4.addresses = [{ - address = config.networking.primaryIP4; - prefixLength = 22; + address = node.ip4Address; + prefixLength = node.ip4PrefixLength; }]; interfaces.ens3.ipv6.addresses = [{ - address = config.networking.primaryIP; - prefixLength = 64; + address = node.ip6Address; + prefixLength = node.ip6PrefixLength; }]; };
diff --git a/machines/trabbi/default.nix b/machines/trabbi/default.nix @@ -1,7 +1,21 @@ { - system = "x86_64-linux"; - configuration = { config, dnsNix, ctucxConfig, lib, pkgs, ... }: { + system = "x86_64-linux"; + + interface = "ens3"; + + ip4IsPrivate = false; + ip4Address = "94.16.104.148"; + ip4PrefixLength = 22; + defaultGateway4 = "94.16.104.1"; + + ip6IsPrivate = false; + ip6Address = "2a03:4000:50:e8::1"; + ip6PrefixLength = 64; + defaultGateway6 = "fe80::1"; + + + configuration = { node, config, dnsNix, ctucxConfig, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix @@ -12,7 +26,7 @@ ctucxConfig.websites."zuggeschmack.de" ]; - dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (dnsNix.combinators.host config.networking.primaryIP4 config.networking.primaryIP); + dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (dnsNix.combinators.host node.ip4Address node.ip6Address); age.secrets.restic-server-briefkasten.file = ../../secrets/restic-server/briefkasten.age; age.secrets.restic-server-wanderduene.file = ../../secrets/restic-server/wanderduene.age; @@ -27,12 +41,14 @@ }; postCommands = '' - ip link set dev ens3 up - ip addr add ${config.networking.primaryIP}/128 dev ens3 - ip route add default via fe80::1 dev ens3 onlink + ip link set dev ${node.interface} up + + ip addr add ${node.ip4Address}/${toString node.ip4PrefixLength} dev ${node.interface} + ip route add default via ${node.defaultGateway4} dev ${node.interface} onlink + + ip addr add ${node.ip6Address}/${toString node.ip6PrefixLength} dev ${node.interface} + ip route add default via ${node.defaultGateway6} dev ${node.interface} onlink - ip addr add ${config.networking.primaryIP4}/22 dev ens3 - ip route add default via ${config.networking.defaultGateway.address} dev ens3 onlink echo 'cryptsetup-askpass' >> /root/.profile ''; }; @@ -44,25 +60,22 @@ nftables.enable = true; firewall.enable = true; - primaryIP = "2a03:4000:50:e8::1"; - primaryIP4 = "94.16.104.148"; - nameservers = [ "8.8.8.8" "1.1.1.1" ]; - defaultGateway.interface = "ens3"; - defaultGateway.address = "94.16.104.1"; + defaultGateway.interface = node.interface; + defaultGateway.address = node.defaultGateway4; - defaultGateway6.interface = "ens3"; - defaultGateway6.address = "fe80::1"; + defaultGateway6.interface = node.interface; + defaultGateway6.address = node.defaultGateway6; interfaces.ens3.ipv4.addresses = [{ - address = config.networking.primaryIP4; - prefixLength = 22; + address = node.ip4Address; + prefixLength = node.ip4PrefixLength; }]; interfaces.ens3.ipv6.addresses = [{ - address = config.networking.primaryIP; - prefixLength = 64; + address = node.ip6Address; + prefixLength = node.ip6PrefixLength; }]; };
diff --git a/machines/wanderduene/default.nix b/machines/wanderduene/default.nix @@ -1,7 +1,21 @@ { - system = "x86_64-linux"; - configuration = { config, dnsNix, ctucxConfig, lib, pkgs, ... }: { + system = "x86_64-linux"; + + interface = "ens3"; + + ip4IsPrivate = false; + ip4Address = "194.36.145.49"; + ip4PrefixLength = 22; + defaultGateway4 = "194.36.144.1"; + + ip6IsPrivate = false; + ip6Address = "2a03:4000:4d:5e::1"; + ip6PrefixLength = 64; + defaultGateway6 = "fe80::1"; + + + configuration = { node, config, dnsNix, ctucxConfig, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix @@ -18,7 +32,7 @@ documentation.nixos.enable = false; - dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (dnsNix.combinators.host config.networking.primaryIP4 config.networking.primaryIP); + dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (dnsNix.combinators.host node.ip4Address node.ip6Address); age.secrets.wireguard-privkey = { file = ../../secrets/wanderduene/wireguard-privkey.age; @@ -37,13 +51,13 @@ }; postCommands = '' - ip link set dev ens3 up + ip link set dev ${node.interface} up - ip addr add ${config.networking.primaryIP}/128 dev ens3 - ip route add default via fe80::1 dev ens3 onlink + ip addr add ${node.ip4Address}/${toString node.ip4PrefixLength} dev ${node.interface} + ip route add default via ${node.defaultGateway4} dev ${node.interface} onlink - ip addr add ${config.networking.primaryIP4}/22 dev ens3 - ip route add default via 194.36.144.1 dev ens3 onlink + ip addr add ${node.ip6Address}/${toString node.ip6PrefixLength} dev ${node.interface} + ip route add default via ${node.defaultGateway6} dev ${node.interface} onlink echo 'cryptsetup-askpass' >> /root/.profile ''; @@ -57,25 +71,22 @@ firewall.enable = true; firewall.allowedUDPPorts = [ 51820 ]; - primaryIP = "2a03:4000:4d:5e::1"; - primaryIP4 = "194.36.145.49"; - nameservers = [ "8.8.8.8" "1.1.1.1" ]; - defaultGateway.interface = "ens3"; - defaultGateway.address = "194.36.144.1"; + defaultGateway.interface = node.interface; + defaultGateway.address = node.defaultGateway4; - defaultGateway6.interface = "ens3"; - defaultGateway6.address = "fe80::1"; + defaultGateway6.interface = node.interface; + defaultGateway6.address = node.defaultGateway6; interfaces.ens3.ipv4.addresses = [{ - address = config.networking.primaryIP4; - prefixLength = 22; + address = node.ip4Address; + prefixLength = node.ip4PrefixLength; }]; interfaces.ens3.ipv6.addresses = [{ - address = config.networking.primaryIP; - prefixLength = 64; + address = node.ip6Address; + prefixLength = node.ip6PrefixLength; }]; };
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix @@ -18,10 +18,4 @@ ./gnome.nix ]; - options = { - networking.primaryIP = lib.mkOption { type = lib.types.str; default = ""; }; - networking.primaryIP4 = lib.mkOption { type = lib.types.str; default = ""; }; - networking.secondaryIP4 = lib.mkOption { type = lib.types.str; default = ""; }; - }; - }
diff --git a/modules/nixos/dns.nix b/modules/nixos/dns.nix @@ -1,4 +1,4 @@ -{ inputs, dnsNix, config, lib, pkgs, ... }: +{ inputs, node, dnsNix, config, lib, pkgs, ... }: # # this module requires lix' experimental `pipe-operator` feature! @@ -13,9 +13,9 @@ let inputs.self.nixosConfigurations |> lib.filterAttrs (hostName: nodeCfg: nodeCfg.config.dns.enable && nodeCfg.config.dns.primary == isPrimary) |> lib.mapAttrsToList ( - hostName: nodeCfg: [ - (lib.mkIf (nodeCfg.config.networking.primaryIP != "") nodeCfg.config.networking.primaryIP) - (lib.mkIf (nodeCfg.config.networking.primaryIP4 != "") nodeCfg.config.networking.primaryIP4) + nodeName: nodeCfg: [ + (lib.mkIf (inputs.self.nodes."${nodeName}".ip6Address != "") inputs.self.nodes."${nodeName}".ip6Address) + (lib.mkIf (inputs.self.nodes."${nodeName}".ip4Address != "") inputs.self.nodes."${nodeName}".ip4Address) ] ) ); @@ -24,10 +24,10 @@ let inputs.self.nixosConfigurations |> lib.filterAttrs (hostName: nodeCfg: nodeCfg.config.dns.enable && !nodeCfg.config.dns.primary) |> lib.mapAttrs( - hostName: nodeCfg: { + nodeName: nodeCfg: { address = [ - (lib.mkIf (nodeCfg.config.networking.primaryIP != "") nodeCfg.config.networking.primaryIP) - (lib.mkIf (nodeCfg.config.networking.primaryIP4 != "") nodeCfg.config.networking.primaryIP4) + (lib.mkIf (inputs.self.nodes."${nodeName}".ip6Address != "") inputs.self.nodes."${nodeName}".ip6Address) + (lib.mkIf (inputs.self.nodes."${nodeName}".ip4Address != "") inputs.self.nodes."${nodeName}".ip4Address) ]; } ) @@ -123,8 +123,8 @@ in { log.syslog.any = "info"; server.listen = [ - (lib.mkIf (config.networking.primaryIP != "") "${config.networking.primaryIP}@53") - (lib.mkIf (config.networking.primaryIP4 != "") "${config.networking.primaryIP4}@53") + (lib.mkIf (node.ip6Address != "") "${node.ip6Address}@53") + (lib.mkIf (node.ip4Address != "") "${node.ip4Address}@53") ]; mod-rrl.default.rate-limit = 200;