From 8d2bda17f17a9f13f6b071088a6e3fbea4ad99b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Mon, 10 Feb 2025 12:24:10 +0100 Subject: [PATCH] Generalise common networking options - allow disabling IPv4 or v6 (both enabled by default) - allow specifying interface (defaults to eth0) --- infra/common/nixos/networking.nix | 84 +++++++++++++++---------------- infra/common/options.nix | 22 ++++++++ 2 files changed, 62 insertions(+), 44 deletions(-) diff --git a/infra/common/nixos/networking.nix b/infra/common/nixos/networking.nix index 7b2b2fee..37100efd 100644 --- a/infra/common/nixos/networking.nix +++ b/infra/common/nixos/networking.nix @@ -1,7 +1,7 @@ { config, lib, ... }: let - inherit (lib) mkDefault; + inherit (lib) mkDefault mkIf mkMerge; in { @@ -11,53 +11,49 @@ in settings.PasswordAuthentication = false; }; - networking = { - hostName = config.fediversityVm.name; - domain = config.fediversityVm.domain; + networking = mkMerge [ + { + hostName = config.fediversityVm.name; + domain = config.fediversityVm.domain; - ## REVIEW: Do we actually need that, considering that we have static IPs? - useDHCP = mkDefault true; + ## REVIEW: Do we actually need that, considering that we have static IPs? + useDHCP = mkDefault true; - interfaces = { - eth0 = { - ipv4 = { - addresses = [ - { - inherit (config.fediversityVm.ipv4) address prefixLength; - } - ]; - }; - ipv6 = { - addresses = [ - { - inherit (config.fediversityVm.ipv6) address prefixLength; - } - ]; - }; + nameservers = [ + "95.215.185.6" + "95.215.185.7" + "2a00:51c0::5fd7:b906" + "2a00:51c0::5fd7:b907" + ]; + + firewall.enable = false; + nftables = { + enable = true; + rulesetFile = ./nftables-ruleset.nft; }; - }; + } - defaultGateway = { - address = config.fediversityVm.ipv4.gateway; - interface = "eth0"; - }; - defaultGateway6 = { - address = config.fediversityVm.ipv6.gateway; - interface = "eth0"; - }; + ## IPv4 + (mkIf config.fediversityVm.ipv4.enable { + interfaces.${config.fediversityVm.ipv4.interface}.ipv4.addresses = [ + { inherit (config.fediversityVm.ipv4) address prefixLength; } + ]; + defaultGateway = { + address = config.fediversityVm.ipv4.gateway; + interface = config.fediversityVm.ipv4.interface; + }; + }) - nameservers = [ - "95.215.185.6" - "95.215.185.7" - "2a00:51c0::5fd7:b906" - "2a00:51c0::5fd7:b907" - ]; - - firewall.enable = false; - nftables = { - enable = true; - rulesetFile = ./nftables-ruleset.nft; - }; - }; + ## IPv6 + (mkIf config.fediversityVm.ipv6.enable { + interfaces.${config.fediversityVm.ipv6.interface}.ipv6.addresses = [ + { inherit (config.fediversityVm.ipv6) address prefixLength; } + ]; + defaultGateway6 = { + address = config.fediversityVm.ipv6.gateway; + interface = config.fediversityVm.ipv6.interface; + }; + }) + ]; }; } diff --git a/infra/common/options.nix b/infra/common/options.nix index 230eea5d..1236c01a 100644 --- a/infra/common/options.nix +++ b/infra/common/options.nix @@ -89,6 +89,17 @@ in }; ipv4 = { + enable = mkOption { + default = true; + }; + + interface = mkOption { + description = '' + The interface that carries the machine's IPv4 network. + ''; + default = "eth0"; + }; + address = mkOption { description = '' The IP address of the machine, version 4. It will be injected as a @@ -114,6 +125,17 @@ in }; ipv6 = { + enable = mkOption { + default = true; + }; + + interface = mkOption { + description = '' + The interface that carries the machine's IPv6 network. + ''; + default = "eth0"; + }; + address = mkOption { description = '' The IP address of the machine, version 6. It will be injected as a