improve networking templating and configuration

2024-01-30 22:32:09 +01:00 · 2024-01-30 22:32:09 +01:00 · c58d6c89b3
commit c58d6c89b3
parent 63688f3068
8 changed files with 111 additions and 64 deletions
--- a/nixos/machines/default.nix
+++ b/nixos/machines/default.nix
@ -24,48 +24,35 @@
  atlas = {
    type = "physical";

-    nixosModule = { config, ... }:
-      let inherit (config.lab.networking) dmzServicesIPv4 dmzServicesIPv6; in
-      {
-        lab = {
-          # networking = {
-          #   # TODO: Ideally, we don't have to set this here.
-          #   staticDMZIPv4Address = "${dmzServicesIPv4}/24";
-          #   staticDMZIPv6Address = "${dmzServicesIPv6}/64";
-          #   dmzServices.enable = true;
-          # };
-
-          storage = {
-            osDisk = "/dev/sda";
-            dataPartition = "/dev/nvme0n1p1";
-          };
-
-          ssh = {
-            useCertificates = true;
-            hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub;
-            userCert = builtins.readFile ./atlas_user_ed25519-cert.pub;
-          };
-        };
+    nixosModule.lab = {
+      storage = {
+        osDisk = "/dev/sda";
+        dataPartition = "/dev/nvme0n1p1";
      };
+
+      ssh = {
+        useCertificates = true;
+        hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub;
+        userCert = builtins.readFile ./atlas_user_ed25519-cert.pub;
+      };
+    };
  };

  lewis = {
    type = "physical";

-    nixosModule = {
-      lab = {
-        dataHost.enable = true;
+    nixosModule.lab = {
+      dataHost.enable = true;

-        storage = {
-          osDisk = "/dev/sda";
-          dataPartition = "/dev/nvme0n1p1";
-        };
+      storage = {
+        osDisk = "/dev/sda";
+        dataPartition = "/dev/nvme0n1p1";
+      };

-        ssh = {
-          useCertificates = true;
-          hostCert = builtins.readFile ./lewis_host_ed25519-cert.pub;
-          userCert = builtins.readFile ./lewis_user_ed25519-cert.pub;
-        };
+      ssh = {
+        useCertificates = true;
+        hostCert = builtins.readFile ./lewis_host_ed25519-cert.pub;
+        userCert = builtins.readFile ./lewis_user_ed25519-cert.pub;
      };
    };
  };
@ -75,7 +62,8 @@
    hypervisorName = "lewis";

    nixosModule = { pkgs, ... }: {
-      lab.vmMacAddress = "BA:DB:EE:F0:00:00";
+      # TODO: would be cool to create a check that a mac address is only ever assigned to one VM.
+      lab.vm.macAddress = "BA:DB:EE:F0:00:00";

      programs.bash.interactiveShellInit = ''
        echo "Hello world from inside a virtual machine!!" | ${pkgs.lolcat}/bin/lolcat
@ -86,11 +74,17 @@
  hermes = {
    type = "virtual";
    hypervisorName = "lewis";
-    nixosModule = {
+
+    nixosModule = { config, ... }: {
      lab = {
-        vmMacAddress = "BA:DB:EE:F0:00:07";
-        vmIsDHCPServer = true;
        networking.dmzServices.enable = true;
+
+        vm = {
+          macAddress = "BA:DB:EE:F0:00:07";
+          staticNetworking = true;
+          staticIPv4 = config.lab.networking.dmzServicesIPv4;
+          staticIPv6 = config.lab.networking.dmzServicesIPv6;
+        };
      };
    };
  };