improve networking templating and configuration

2024-01-30 22:32:09 +01:00 · 2024-01-30 22:32:09 +01:00 · c58d6c89b3
commit c58d6c89b3
parent 63688f3068
8 changed files with 111 additions and 64 deletions
--- a/nixos/modules/networking/default.nix
+++ b/nixos/modules/networking/default.nix
@ -35,7 +35,14 @@ in {
      '';
    };

-    dockerSwarmInternalIPv4 = lib.mkOption {
+    publicRouterIPv6 = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        Publicly routable IPv6 address of the router.
+      '';
+    };
+
+    dockerSwarmIPv4 = lib.mkOption {
      type = lib.types.str;
      description = ''
        Internal IPv4 address of the Docker Swarm.
@ -56,6 +63,13 @@ in {
      '';
    };

+    dmzRouterIPv6 = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        The router's IPv6 address on the DMZ network.
+      '';
+    };
+
    dmzServicesIPv4 = lib.mkOption {
      type = lib.types.str;
      description = ''
@ -85,6 +99,20 @@ in {
        Pattern to match the name of this machine's main NIC.
      '';
    };
+
+    dmzIPv4PrefixLength = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        IPv4 prefix length of DMZ network.
+      '';
+    };
+
+    dmzIPv6PrefixLength = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        IPv6 prefix length of DMZ network.
+      '';
+    };
  };

  config = {
--- a/nixos/modules/networking/dmz/dnsmasq.nix
+++ b/nixos/modules/networking/dmz/dnsmasq.nix
@ -1,6 +1,6 @@
 { config, ... }:
 let
-  inherit (config.lab.networking) publicIPv4 dockerSwarmInternalIPv4 dmzServicesIPv4 dmzServicesIPv6 dmzRouterIPv4;
+  inherit (config.lab.networking) publicIPv4 dockerSwarmIPv4 dmzServicesIPv4 dmzServicesIPv6 dmzRouterIPv4;
 in
 {
  no-resolv = true;
@ -11,7 +11,7 @@ in
  domain = "dmz";
  dhcp-authoritative = true;
  ra-param = "*,0,0";
-  alias = "${publicIPv4},${dockerSwarmInternalIPv4}";
+  alias = "${publicIPv4},${dockerSwarmIPv4}";
  log-dhcp = true;
  log-queries = true;
  port = "5353";
@ -34,7 +34,7 @@ in

  dhcp-host = [
    "b8:27:eb:b9:ab:e2,esrom"
-    "ca:fe:c0:ff:ee:08,maestro,${dockerSwarmInternalIPv4}"
+    "ca:fe:c0:ff:ee:08,maestro,${dockerSwarmIPv4}"
  ];

  dhcp-option = [
--- a/nixos/modules/networking/dmz/zones/geokunis2.nl.nix
+++ b/nixos/modules/networking/dmz/zones/geokunis2.nl.nix
@ -1,7 +1,7 @@
 { config, dns, ... }:
 with dns.lib.combinators;
 let
-  inherit (config.lab.networking) publicIPv4 dmzServicesIPv6 dockerSwarmIPv6;
+  inherit (config.lab.networking) publicIPv4 dmzServicesIPv6 dockerSwarmIPv6 publicRouterIPv6;
 in
 {
  SOA = {
@ -52,7 +52,7 @@ in

    wg = {
      A = [ publicIPv4 ];
-      AAAA = [ "2a0d:6e00:1a77::1" ];
+      AAAA = [ publicRouterIPv6 ];
    };

    wg4 = {
@ -62,7 +62,7 @@ in

    wg6 = {
      A = [ ];
-      AAAA = [ "2a0d:6e00:1a77::1" ];
+      AAAA = [ publicRouterIPv6 ];
    };
  };
 }
--- a/nixos/modules/networking/dmz/zones/kun.is.nix
+++ b/nixos/modules/networking/dmz/zones/kun.is.nix
@ -1,7 +1,7 @@
 { config, dns, ... }:
 with dns.lib.combinators;
 let
-  inherit (config.lab.networking) publicIPv4 dmzServicesIPv6 dockerSwarmIPv6;
+  inherit (config.lab.networking) publicIPv4 dmzServicesIPv6 dockerSwarmIPv6 publicRouterIPv6;
 in
 {
  CAA = letsEncrypt "caa@kun.is";
@ -57,7 +57,7 @@ in
    # Override because wg is on opnsense so ipv6 differs from "dmzServicesIPv6"
    wg = {
      A = [ publicIPv4 ];
-      AAAA = [ "2a0d:6e00:1a77::1" ];
+      AAAA = [ publicRouterIPv6 ];
    };

  };