Generalise common networking options

- allow disabling IPv4 or v6 (both enabled by default) - allow specifying interface (defaults to eth0)
2025-02-10 12:24:10 +01:00 · 2025-02-10 12:24:10 +01:00 · 8d2bda17f1
commit 8d2bda17f1
parent 52f659b9b2
2 changed files with 62 additions and 44 deletions
--- a/infra/common/nixos/networking.nix
+++ b/infra/common/nixos/networking.nix
@ -1,7 +1,7 @@
 { config, lib, ... }:
 let
-  inherit (lib) mkDefault;
+  inherit (lib) mkDefault mkIf mkMerge;
 in
 {
@ -11,53 +11,49 @@ in
      settings.PasswordAuthentication = false;
    };
-    networking = {
+    networking = mkMerge [
-      hostName = config.fediversityVm.name;
+      {
-      domain = config.fediversityVm.domain;
+        hostName = config.fediversityVm.name;
        domain = config.fediversityVm.domain;
-      ## REVIEW: Do we actually need that, considering that we have static IPs?
+        ## REVIEW: Do we actually need that, considering that we have static IPs?
-      useDHCP = mkDefault true;
+        useDHCP = mkDefault true;
-      interfaces = {
+        nameservers = [
-        eth0 = {
+          "95.215.185.6"
-          ipv4 = {
+          "95.215.185.7"
-            addresses = [
+          "2a00:51c0::5fd7:b906"
-              {
+          "2a00:51c0::5fd7:b907"
-                inherit (config.fediversityVm.ipv4) address prefixLength;
+        ];
-              }
+
-            ];
+        firewall.enable = false;
-          };
+        nftables = {
-          ipv6 = {
+          enable = true;
-            addresses = [
+          rulesetFile = ./nftables-ruleset.nft;
              {
                inherit (config.fediversityVm.ipv6) address prefixLength;
              }
            ];
          };
        };
-      };
+      }
-      defaultGateway = {
+      ## IPv4
-        address = config.fediversityVm.ipv4.gateway;
+      (mkIf config.fediversityVm.ipv4.enable {
-        interface = "eth0";
+        interfaces.${config.fediversityVm.ipv4.interface}.ipv4.addresses = [
-      };
+          { inherit (config.fediversityVm.ipv4) address prefixLength; }
-      defaultGateway6 = {
+        ];
-        address = config.fediversityVm.ipv6.gateway;
+        defaultGateway = {
-        interface = "eth0";
+          address = config.fediversityVm.ipv4.gateway;
-      };
+          interface = config.fediversityVm.ipv4.interface;
        };
      })
-      nameservers = [
+      ## IPv6
-        "95.215.185.6"
+      (mkIf config.fediversityVm.ipv6.enable {
-        "95.215.185.7"
+        interfaces.${config.fediversityVm.ipv6.interface}.ipv6.addresses = [
-        "2a00:51c0::5fd7:b906"
+          { inherit (config.fediversityVm.ipv6) address prefixLength; }
-        "2a00:51c0::5fd7:b907"
+        ];
-      ];
+        defaultGateway6 = {
-
+          address = config.fediversityVm.ipv6.gateway;
-      firewall.enable = false;
+          interface = config.fediversityVm.ipv6.interface;
-      nftables = {
+        };
-        enable = true;
+      })
-        rulesetFile = ./nftables-ruleset.nft;
+    ];
      };
    };
  };
 }
--- a/infra/common/options.nix
+++ b/infra/common/options.nix
@ -89,6 +89,17 @@ in
    };
    ipv4 = {
      enable = mkOption {
        default = true;
      };
      interface = mkOption {
        description = ''
          The interface that carries the machine's IPv4 network.
        '';
        default = "eth0";
      };
      address = mkOption {
        description = ''
          The IP address of the machine, version 4. It will be injected as a
@ -114,6 +125,17 @@ in
    };
    ipv6 = {
      enable = mkOption {
        default = true;
      };
      interface = mkOption {
        description = ''
          The interface that carries the machine's IPv6 network.
        '';
        default = "eth0";
      };
      address = mkOption {
        description = ''
          The IP address of the machine, version 6. It will be injected as a