nixos-servers/nix/modules/networking/default.nix

{ lib, config, machine, ... }:
let cfg = config.lab.networking;
in {
  options.lab.networking = {
    dmz = {
      allowConnectivity = lib.mkOption {
        default = false;
        type = lib.types.bool;
        description = ''
          Whether to allow networking on the DMZ bridge interface.
        '';
      };

      bridgeName = lib.mkOption {
        default = "bridgedmz";
        type = lib.types.str;
        description = ''
          The name of the DMZ bridge.
        '';
      };
    };

    staticNetworking = lib.mkOption {
      default = false;
      type = lib.types.bool;
      description = ''
        Whether this machine has static networking configuration applied.
        Routing is prepopulated, but IP addresses have to be set.
      '';
    };

    staticIPv4 = lib.mkOption {
      type = lib.types.str;
      description = ''
        Static IPv4 address for the machine.
      '';
    };

    staticIPv6 = lib.mkOption {
      type = lib.types.str;
      description = ''
        Static IPv6 address for the machine.
      '';
    };
  };

  config = {
    networking = {
      domain = "dmz";
      nftables.enable = true;
      useDHCP = false;

      firewall = {
        enable = true;
        checkReversePath = false;
      };
    };

    systemd.network = {
      enable = true;

      networks = lib.attrsets.mergeAttrsList [
        (lib.optionalAttrs machine.isHypervisor {
          "30-main-nic" = {
            matchConfig.Name = "en*";

            networkConfig = {
              DHCP = "yes";
            };
          };
        })
        (lib.optionalAttrs machine.isRaspberryPi {
          "30-main-nic" = {
            matchConfig.Name = "end*";
            networkConfig = {
              IPv6AcceptRA = true;
              DHCP = "yes";
            };
          };
        })
      ];
    };
  };
}
integrate VM definitions 2024-01-28 10:48:13 +00:00			`{ lib, config, machine, ... }:`
add possibility of DMZ connectivity on hypervisor 2023-12-30 15:11:28 +00:00			`let cfg = config.lab.networking;`
			`in {`
enable dnsmasq for DHCP and DNS allow setting static ipv4 address on DMZ 2024-01-07 21:36:26 +00:00			`options.lab.networking = {`
change networking config structuring 2024-01-31 20:58:23 +00:00			`dmz = {`
			`allowConnectivity = lib.mkOption {`
			`default = false;`
			`type = lib.types.bool;`
			`description = ''`
			`Whether to allow networking on the DMZ bridge interface.`
			`'';`
			`};`
parameterize main nic and dmz bridge interface names firewall some services to particular interfaces 2024-01-12 23:05:25 +00:00
change networking config structuring 2024-01-31 20:58:23 +00:00			`bridgeName = lib.mkOption {`
			`default = "bridgedmz";`
			`type = lib.types.str;`
			`description = ''`
			`The name of the DMZ bridge.`
			`'';`
			`};`
parameterize main nic and dmz bridge interface names firewall some services to particular interfaces 2024-01-12 23:05:25 +00:00			`};`

integrate settings raspberry pi 2024-02-27 22:28:52 +00:00			`staticNetworking = lib.mkOption {`
			`default = false;`
			`type = lib.types.bool;`
			`description = ''`
			`Whether this machine has static networking configuration applied.`
			`Routing is prepopulated, but IP addresses have to be set.`
			`'';`
			`};`

			`staticIPv4 = lib.mkOption {`
			`type = lib.types.str;`
			`description = ''`
			`Static IPv4 address for the machine.`
			`'';`
			`};`

			`staticIPv6 = lib.mkOption {`
parameterize main nic and dmz bridge interface names firewall some services to particular interfaces 2024-01-12 23:05:25 +00:00			`type = lib.types.str;`
			`description = ''`
integrate settings raspberry pi 2024-02-27 22:28:52 +00:00			`Static IPv6 address for the machine.`
parameterize main nic and dmz bridge interface names firewall some services to particular interfaces 2024-01-12 23:05:25 +00:00			`'';`
			`};`
create module for networking 2023-12-30 14:20:16 +00:00			`};`

add possibility of DMZ connectivity on hypervisor 2023-12-30 15:11:28 +00:00			`config = {`
			`networking = {`
remove hypervisor vlan remove VM support 2024-04-12 21:13:06 +00:00			`domain = "dmz";`
change networking config structuring 2024-01-31 20:58:23 +00:00			`nftables.enable = true;`
integrate settings raspberry pi 2024-02-27 22:28:52 +00:00			`useDHCP = false;`
integrate VM definitions 2024-01-28 10:48:13 +00:00
enable firewall again replace iptables with nftables disable reverse path filtering for all hosts allow port 5353 for host running dnsmasq closes #31 2024-01-12 21:31:15 +00:00			`firewall = {`
change networking config structuring 2024-01-31 20:58:23 +00:00			`enable = true;`
enable firewall again replace iptables with nftables disable reverse path filtering for all hosts allow port 5353 for host running dnsmasq closes #31 2024-01-12 21:31:15 +00:00			`checkReversePath = false;`
			`};`
add possibility of DMZ connectivity on hypervisor 2023-12-30 15:11:28 +00:00			`};`

integrate settings raspberry pi 2024-02-27 22:28:52 +00:00			`systemd.network = {`
add possibility of DMZ connectivity on hypervisor 2023-12-30 15:11:28 +00:00			`enable = true;`
create module for networking 2023-12-30 14:20:16 +00:00
integrate settings raspberry pi 2024-02-27 22:28:52 +00:00			`networks = lib.attrsets.mergeAttrsList [`
			`(lib.optionalAttrs machine.isHypervisor {`
			`"30-main-nic" = {`
			`matchConfig.Name = "en*";`
create module for networking 2023-12-30 14:20:16 +00:00
integrate settings raspberry pi 2024-02-27 22:28:52 +00:00			`networkConfig = {`
			`DHCP = "yes";`
			`};`
add possibility of DMZ connectivity on hypervisor 2023-12-30 15:11:28 +00:00			`};`
integrate settings raspberry pi 2024-02-27 22:28:52 +00:00			`})`
			`(lib.optionalAttrs machine.isRaspberryPi {`
			`"30-main-nic" = {`
			`matchConfig.Name = "end*";`
			`networkConfig = {`
			`IPv6AcceptRA = true;`
			`DHCP = "yes";`
			`};`
			`};`
			`})`
			`];`
create module for networking 2023-12-30 14:20:16 +00:00			`};`
			`};`
			`}`