old
1{
2 config,
3 lib,
4 ...
5}: let
6 hostName = config.modules.currentHost;
7in
8 lib.mkMerge [
9 {
10 # Use an NTP server located in the mainland of China to synchronize the system time
11 networking.timeServers = [
12 "ntp.aliyun.com" # Aliyun NTP Server
13 "ntp.tencent.com" # Tencent NTP Server
14 ];
15 }
16
17 (let
18 cfg = config.modules.my-hosts.${hostName}.network;
19 in
20 lib.mkIf cfg.useDHCP {
21 assertions = map (x: {
22 assertion = cfg.${x} == null;
23 message = "my-host.network.useDHCP is confilt with my-host.network.${x}";
24 }) ["ipv4" "ipv6"];
25 })
26
27 (let
28 cfg = config.modules.my-hosts.${hostName}.network;
29 in
30 lib.mkIf
31 (cfg.enable == "networkmanager")
32 {
33 assertions = map (x: {
34 assertion = !(cfg.${x} ? "secretName");
35 message = "my-host.network.${x} should not be a secret when using networkmanager.";
36 }) ["ipv4" "ipv6" "defaultGateway" "defaultGateway6"];
37 networking = with cfg; {
38 networkmanager.enable = true;
39 useDHCP = lib.mkDefault useDHCP;
40 inherit hostName search defaultGateway defaultGateway6 nameservers;
41 interfaces.${cfg.iface} = lib.mkIf (!builtins.isNull cfg.ipv4 && !builtins.isNull cfg.ipv6) {
42 ipv4.addresses = lib.optional (!builtins.isNull cfg.ipv4) {
43 address = cfg.ipv4;
44 prefixLength = cfg.prefixLength4;
45 };
46 ipv6.addresses = lib.optional (!builtins.isNull cfg.ipv6) {
47 address = cfg.ipv6;
48 prefixLength = cfg.prefixLength6;
49 };
50 };
51 };
52 })
53 (let
54 cfg = config.modules.my-hosts.${hostName}.network;
55 isSecret = v: lib.isAttrs v && v ? "secretName";
56 isInEval = x: (!builtins.isNull x && !isSecret x);
57 in
58 lib.mkIf
59 (cfg.enable == "networkd")
60 {
61 networking.useNetworkd = true;
62 networking.hostName = hostName;
63 systemd.network.networks."10-${cfg.iface}" = {
64 matchConfig.Name = [cfg.iface];
65 networkConfig = {
66 Address =
67 (lib.optionals (isInEval cfg.ipv4)
68 ["${cfg.ipv4}/${toString cfg.prefixLength4}"])
69 ++ (lib.optionals (isInEval cfg.ipv6)
70 ["${cfg.ipv6}/${toString cfg.prefixLength6}"]);
71 DNS = cfg.nameservers;
72 };
73 routes =
74 (lib.optional (isInEval cfg.defaultGateway)
75 {
76 Destination = "0.0.0.0/0";
77 Gateway = cfg.defaultGateway;
78 })
79 ++ (lib.optional (isInEval cfg.defaultGateway6) {
80 Destination = "::/0";
81 Gateway = cfg.defaultGateway6;
82 });
83 linkConfig.RequiredForOnline = "routable";
84 };
85
86 environment.etc."systemd/network/10-${cfg.iface}.network.d/99-address.conf" =
87 lib.mkIf
88 (isSecret cfg.ipv4 || isSecret cfg.ipv6)
89 {
90 source = config.sops.templates.networkd-address.path;
91 user = "root";
92 group = "systemd-network";
93 mode = "0440";
94 };
95 environment.etc."systemd/network/10-${cfg.iface}.network.d/99-route.conf" =
96 lib.mkIf
97 (isSecret cfg.defaultGateway || isSecret cfg.defaultGateway6)
98 {
99 source = config.sops.templates.networkd-route.path;
100 user = "root";
101 group = "systemd-network";
102 mode = "0440";
103 };
104
105 sops.templates.networkd-address = {
106 content =
107 lib.mkIf
108 (isSecret cfg.ipv4 || isSecret cfg.ipv6)
109 ''
110 [Network]
111 ${
112 lib.optionalString (isSecret cfg.ipv4)
113 "Address=${config.sops.placeholder.${cfg.ipv4.secretName}}/${toString cfg.prefixLength4}"
114 }
115 ${
116 lib.optionalString (isSecret cfg.ipv6)
117 "Address=${config.sops.placeholder.${cfg.ipv6.secretName}}/${toString cfg.prefixLength6}"
118 }
119 '';
120 owner = "root";
121 group = "systemd-network";
122 mode = "0440";
123 };
124 sops.templates.networkd-route = {
125 content =
126 lib.mkIf
127 (isSecret cfg.defaultGateway || isSecret cfg.defaultGateway6)
128 "${
129 lib.optionalString (isSecret cfg.defaultGateway)
130 ''
131 [Route]
132 Gateway=${config.sops.placeholder.${cfg.defaultGateway.secretName}}
133 Destination=0.0.0.0/0
134 ''
135 }\n${
136 lib.optionalString (isSecret cfg.defaultGateway6)
137 ''
138 [Route]
139 Gateway=${config.sops.placeholder.${cfg.defaultGateway6.secretName}}
140 Destination=::/0
141 ''
142 }";
143 owner = "root";
144 group = "systemd-network";
145 mode = "0440";
146 };
147 })
148 ]