84 lines
1.8 KiB
Nix
84 lines
1.8 KiB
Nix
{ lib, config, machine, ... }:
|
|
let cfg = config.lab.networking;
|
|
in {
|
|
options.lab.networking = {
|
|
dmz = {
|
|
allowConnectivity = lib.mkOption {
|
|
default = false;
|
|
type = lib.types.bool;
|
|
description = ''
|
|
Whether to allow networking on the DMZ bridge interface.
|
|
'';
|
|
};
|
|
|
|
bridgeName = lib.mkOption {
|
|
default = "bridgedmz";
|
|
type = lib.types.str;
|
|
description = ''
|
|
The name of the DMZ bridge.
|
|
'';
|
|
};
|
|
};
|
|
|
|
staticNetworking = lib.mkOption {
|
|
default = false;
|
|
type = lib.types.bool;
|
|
description = ''
|
|
Whether this machine has static networking configuration applied.
|
|
Routing is prepopulated, but IP addresses have to be set.
|
|
'';
|
|
};
|
|
|
|
staticIPv4 = lib.mkOption {
|
|
type = lib.types.str;
|
|
description = ''
|
|
Static IPv4 address for the machine.
|
|
'';
|
|
};
|
|
|
|
staticIPv6 = lib.mkOption {
|
|
type = lib.types.str;
|
|
description = ''
|
|
Static IPv6 address for the machine.
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = {
|
|
networking = {
|
|
domain = "dmz";
|
|
nftables.enable = true;
|
|
useDHCP = false;
|
|
|
|
firewall = {
|
|
enable = true;
|
|
checkReversePath = false;
|
|
};
|
|
};
|
|
|
|
systemd.network = {
|
|
enable = true;
|
|
|
|
networks = lib.attrsets.mergeAttrsList [
|
|
(lib.optionalAttrs machine.isHypervisor {
|
|
"30-main-nic" = {
|
|
matchConfig.Name = "en*";
|
|
|
|
networkConfig = {
|
|
DHCP = "yes";
|
|
};
|
|
};
|
|
})
|
|
(lib.optionalAttrs machine.isRaspberryPi {
|
|
"30-main-nic" = {
|
|
matchConfig.Name = "end*";
|
|
networkConfig = {
|
|
IPv6AcceptRA = true;
|
|
DHCP = "yes";
|
|
};
|
|
};
|
|
})
|
|
];
|
|
};
|
|
};
|
|
}
|