integrate settings raspberry pi

2024-02-27 23:28:52 +01:00 · 2024-02-27 23:28:52 +01:00 · 25937f535b
commit 25937f535b
parent 1683c4caa8
6 changed files with 212 additions and 193 deletions
--- a/nixos/modules/networking/default.nix
+++ b/nixos/modules/networking/default.nix
@ -22,11 +22,26 @@ in {
      };
    };

-    mainNicNamePattern = lib.mkOption {
-      default = "en*";
+    staticNetworking = lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+      description = ''
+        Whether this machine has static networking configuration applied.
+        Routing is prepopulated, but IP addresses have to be set.
+      '';
+    };
+
+    staticIPv4 = lib.mkOption {
      type = lib.types.str;
      description = ''
-        Pattern to match the name of this machine's main NIC.
+        Static IPv4 address for the machine.
+      '';
+    };
+
+    staticIPv6 = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        Static IPv6 address for the machine.
      '';
    };
  };
@ -35,7 +50,7 @@ in {
    networking = {
      domain = if machine.type == "physical" then "hyp" else "dmz";
      nftables.enable = true;
-      useDHCP = true;
+      useDHCP = false;

      firewall = {
        enable = true;
@ -43,10 +58,10 @@ in {
      };
    };

-    systemd.network = lib.mkIf (false && machine.type == "physical") {
+    systemd.network = {
      enable = true;

-      netdevs = {
+      netdevs = lib.mkIf machine.isHypervisor {
        "20-vlandmz" = {
          vlanConfig.Id = 30;

@ -64,43 +79,89 @@ in {
        };
      };

-      networks = {
-        "30-main-nic" = {
-          matchConfig.Name = cfg.mainNicNamePattern;
-          vlan = [ "vlandmz" ];
+      networks = lib.attrsets.mergeAttrsList [
+        (lib.optionalAttrs machine.isHypervisor {
+          "30-main-nic" = {
+            matchConfig.Name = "en*";
+            vlan = [ "vlandmz" ];

-          networkConfig = {
-            DHCP = "yes";
+            networkConfig = {
+              DHCP = "yes";
+            };
          };
-        };

-        "40-vlandmz" = {
-          matchConfig.Name = "vlandmz";
-          linkConfig.RequiredForOnline = "enslaved";
+          "40-vlandmz" = {
+            matchConfig.Name = "vlandmz";
+            linkConfig.RequiredForOnline = "enslaved";

-          networkConfig = {
-            IPv6AcceptRA = false;
-            LinkLocalAddressing = "no";
-            Bridge = cfg.dmz.bridgeName;
+            networkConfig = {
+              IPv6AcceptRA = false;
+              LinkLocalAddressing = "no";
+              Bridge = cfg.dmz.bridgeName;
+            };
          };
-        };

-        "40-bridgedmz" = {
-          matchConfig.Name = cfg.dmz.bridgeName;
-          linkConfig.RequiredForOnline = "carrier";
+          "40-bridgedmz" = {
+            matchConfig.Name = cfg.dmz.bridgeName;
+            linkConfig.RequiredForOnline = "carrier";

-          networkConfig = {
-            IPv6AcceptRA = cfg.dmz.allowConnectivity;
-            LinkLocalAddressing = if cfg.dmz.allowConnectivity then "ipv6" else "no";
-            DHCP = "yes";
+            networkConfig = {
+              IPv6AcceptRA = cfg.dmz.allowConnectivity;
+              LinkLocalAddressing = if cfg.dmz.allowConnectivity then "ipv6" else "no";
+              DHCP = "yes";
+            };
          };
-        };

-        "40-vms" = {
-          matchConfig.Name = "vm-*";
-          networkConfig.Bridge = cfg.dmz.bridgeName;
-        };
-      };
+          "40-vms" = {
+            matchConfig.Name = "vm-*";
+            networkConfig.Bridge = cfg.dmz.bridgeName;
+          };
+        })
+        (lib.optionalAttrs machine.isVirtualMachine {
+          "30-main-nic" = {
+            matchConfig.Name = "en*";
+
+            networkConfig = {
+              IPv6AcceptRA = ! cfg.staticNetworking;
+              DHCP = lib.mkIf (! cfg.staticNetworking) "yes";
+
+              Address = lib.mkIf cfg.staticNetworking [
+                "${cfg.staticIPv4}/${cfg.dmz.ipv4.prefixLength}"
+                "${cfg.staticIPv6}/${cfg.dmz.ipv6.prefixLength}"
+              ];
+
+              DNS = lib.mkIf cfg.staticNetworking [
+                cfg.dmz.ipv4.router
+                cfg.dmz.ipv6.router
+              ];
+            };
+
+            routes = lib.mkIf cfg.staticNetworking [
+              {
+                routeConfig = {
+                  Gateway = cfg.dmz.ipv4.router;
+                  Destination = "0.0.0.0/0";
+                };
+              }
+              {
+                routeConfig = {
+                  Gateway = cfg.dmz.ipv6.router;
+                  Destination = "::/0";
+                };
+              }
+            ];
+          };
+        })
+        (lib.optionalAttrs machine.isRaspberryPi {
+          "30-main-nic" = {
+            matchConfig.Name = "end*";
+            networkConfig = {
+              IPv6AcceptRA = true;
+              DHCP = "yes";
+            };
+          };
+        })
+      ];
    };
  };
 }
--- a/nixos/modules/storage.nix
+++ b/nixos/modules/storage.nix
@ -26,40 +26,51 @@ in {
    };
  };

-  config = lib.mkIf (false && machine.type == "physical") {
-    fileSystems.${cfg.dataMountPoint} = lib.mkIf (! isNull cfg.dataPartition) {
-      device = cfg.dataPartition;
-    };
+  config = {
+    fileSystems = lib.attrsets.mergeAttrsList [
+      (lib.optionalAttrs machine.isHypervisor {
+        "${cfg.dataMountPoint}".device = cfg.dataPartition;
+      })
+      (lib.optionalAttrs machine.isRaspberryPi {
+        "/" = {
+          device = "/dev/disk/by-label/NIXOS_SD";
+          fsType = "ext4";
+          options = [ "noatime" ];
+        };
+      })
+    ];

    # TODO: Rename this to 'osDisk'. Unfortunately, we would need to run nixos-anywhere again then.
-    disko.devices.disk.vdb = {
-      device = cfg.osDisk;
-      type = "disk";
+    disko = lib.mkIf machine.isHypervisor {
+      devices.disk.vdb = {
+        device = cfg.osDisk;
+        type = "disk";

-      content = {
-        type = "gpt";
+        content = {
+          type = "gpt";

-        partitions = {
-          swap.size = "100%";
+          partitions = {
+            swap.size = "100%";

-          ESP = {
-            type = "EF00";
-            size = "500M";
+            ESP = {
+              type = "EF00";
+              size = "500M";

-            content = {
-              type = "filesystem";
-              format = "vfat";
-              mountpoint = "/boot";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
            };
-          };

-          root = {
-            end = "-4G";
+            root = {
+              end = "-4G";

-            content = {
-              type = "filesystem";
-              format = "btrfs";
-              mountpoint = "/";
+              content = {
+                type = "filesystem";
+                format = "btrfs";
+                mountpoint = "/";
+              };
            };
          };
        };