main
 1{lib, ...} @ topArgs: {
 2  flake.modules.nixos."hosts/pardofelis" = {config, ...}: let
 3    iface = "eth0";
 4  in {
 5    networking = {
 6      useNetworkd = true;
 7      useDHCP = false;
 8      search = ["local"];
 9    };
10
11    systemd.network.networks."10-${iface}" = {
12      matchConfig.Name = iface;
13      dns = ["172.16.36.100"] ++ config.networking.nameservers;
14      linkConfig.RequiredForOnline = "routable";
15    };
16
17    environment.etc."systemd/network/10-${iface}.network.d/99-address.conf" = {
18      source = config.vaultix.templates.networkd-address.path;
19      user = "root";
20      group = "systemd-network";
21      mode = "0440";
22    };
23    environment.etc."systemd/network/10-${iface}.network.d/99-route.conf" = {
24      source = config.vaultix.templates.networkd-route.path;
25      user = "root";
26      group = "systemd-network";
27      mode = "0440";
28    };
29
30    vaultix.templates.networkd-address = {
31      content = ''
32        [Network]
33        Address=${config.vaultix.placeholder.hosts-pardofelis-ipv4}/24
34        Address=${config.vaultix.placeholder.hosts-pardofelis-ipv6}/64
35      '';
36      owner = "root";
37      group = "systemd-network";
38      mode = "0440";
39    };
40    vaultix.templates.networkd-route = {
41      content = ''
42        [Route]
43        Gateway=${config.vaultix.placeholder.hosts-pardofelis-gateway}
44        Destination=0.0.0.0/0
45        [Route]
46        Gateway=${config.vaultix.placeholder.hosts-pardofelis-gateway6}
47        Destination=::/0
48      '';
49      owner = "root";
50      group = "systemd-network";
51      mode = "0440";
52    };
53
54    vaultix.secrets.hosts-pardofelis-ipv4.file = ./ipv4.age;
55    vaultix.secrets.hosts-pardofelis-ipv6.file = ./ipv6.age;
56    vaultix.secrets.hosts-pardofelis-gateway.file = ./gateway.age;
57    vaultix.secrets.hosts-pardofelis-gateway6.file = ./gateway6.age;
58  };
59
60  flake.modules.nixos.ssh-host-pardofelis = {config, ...}: {
61    programs.ssh.extraConfig = ''
62      Host pardofelis
63        Port ${toString (lib.elemAt (topArgs.config.flake.meta.host.hosts.pardofelis.sshPorts) 0)}
64        Include ${config.vaultix.templates."ssh-host-pardofelis".path}
65    '';
66
67    users.groups.nix-secrets-ssh-hosts = {};
68
69    vaultix.templates.ssh-host-pardofelis = {
70      content = ''
71        HostName ${config.vaultix.placeholder.hosts-pardofelis-ipv4}
72      '';
73      owner = "root";
74      group = "nix-secrets-ssh-hosts";
75      mode = "0440";
76    };
77
78    vaultix.secrets.hosts-pardofelis-ipv4.file = ./ipv4.age;
79  };
80}