old
  1{
  2  config,
  3  lib,
  4  ...
  5}: let
  6  hostName = config.modules.currentHost;
  7in
  8  lib.mkMerge [
  9    {
 10      # Use an NTP server located in the mainland of China to synchronize the system time
 11      networking.timeServers = [
 12        "ntp.aliyun.com" # Aliyun NTP Server
 13        "ntp.tencent.com" # Tencent NTP Server
 14      ];
 15    }
 16
 17    (let
 18      cfg = config.modules.my-hosts.${hostName}.network;
 19    in
 20      lib.mkIf cfg.useDHCP {
 21        assertions = map (x: {
 22          assertion = cfg.${x} == null;
 23          message = "my-host.network.useDHCP is confilt with my-host.network.${x}";
 24        }) ["ipv4" "ipv6"];
 25      })
 26
 27    (let
 28      cfg = config.modules.my-hosts.${hostName}.network;
 29    in
 30      lib.mkIf
 31      (cfg.enable == "networkmanager")
 32      {
 33        assertions = map (x: {
 34          assertion = !(cfg.${x} ? "secretName");
 35          message = "my-host.network.${x} should not be a secret when using networkmanager.";
 36        }) ["ipv4" "ipv6" "defaultGateway" "defaultGateway6"];
 37        networking = with cfg; {
 38          networkmanager.enable = true;
 39          useDHCP = lib.mkDefault useDHCP;
 40          inherit hostName search defaultGateway defaultGateway6 nameservers;
 41          interfaces.${cfg.iface} = lib.mkIf (!builtins.isNull cfg.ipv4 && !builtins.isNull cfg.ipv6) {
 42            ipv4.addresses = lib.optional (!builtins.isNull cfg.ipv4) {
 43              address = cfg.ipv4;
 44              prefixLength = cfg.prefixLength4;
 45            };
 46            ipv6.addresses = lib.optional (!builtins.isNull cfg.ipv6) {
 47              address = cfg.ipv6;
 48              prefixLength = cfg.prefixLength6;
 49            };
 50          };
 51        };
 52      })
 53    (let
 54      cfg = config.modules.my-hosts.${hostName}.network;
 55      isSecret = v: lib.isAttrs v && v ? "secretName";
 56      isInEval = x: (!builtins.isNull x && !isSecret x);
 57    in
 58      lib.mkIf
 59      (cfg.enable == "networkd")
 60      {
 61        networking.useNetworkd = true;
 62        networking.hostName = hostName;
 63        systemd.network.networks."10-${cfg.iface}" = {
 64          matchConfig.Name = [cfg.iface];
 65          networkConfig = {
 66            Address =
 67              (lib.optionals (isInEval cfg.ipv4)
 68                ["${cfg.ipv4}/${toString cfg.prefixLength4}"])
 69              ++ (lib.optionals (isInEval cfg.ipv6)
 70                ["${cfg.ipv6}/${toString cfg.prefixLength6}"]);
 71            DNS = cfg.nameservers;
 72          };
 73          routes =
 74            (lib.optional (isInEval cfg.defaultGateway)
 75              {
 76                Destination = "0.0.0.0/0";
 77                Gateway = cfg.defaultGateway;
 78              })
 79            ++ (lib.optional (isInEval cfg.defaultGateway6) {
 80              Destination = "::/0";
 81              Gateway = cfg.defaultGateway6;
 82            });
 83          linkConfig.RequiredForOnline = "routable";
 84        };
 85
 86        environment.etc."systemd/network/10-${cfg.iface}.network.d/99-address.conf" =
 87          lib.mkIf
 88          (isSecret cfg.ipv4 || isSecret cfg.ipv6)
 89          {
 90            source = config.sops.templates.networkd-address.path;
 91            user = "root";
 92            group = "systemd-network";
 93            mode = "0440";
 94          };
 95        environment.etc."systemd/network/10-${cfg.iface}.network.d/99-route.conf" =
 96          lib.mkIf
 97          (isSecret cfg.defaultGateway || isSecret cfg.defaultGateway6)
 98          {
 99            source = config.sops.templates.networkd-route.path;
100            user = "root";
101            group = "systemd-network";
102            mode = "0440";
103          };
104
105        sops.templates.networkd-address = {
106          content =
107            lib.mkIf
108            (isSecret cfg.ipv4 || isSecret cfg.ipv6)
109            ''
110              [Network]
111              ${
112                lib.optionalString (isSecret cfg.ipv4)
113                "Address=${config.sops.placeholder.${cfg.ipv4.secretName}}/${toString cfg.prefixLength4}"
114              }
115              ${
116                lib.optionalString (isSecret cfg.ipv6)
117                "Address=${config.sops.placeholder.${cfg.ipv6.secretName}}/${toString cfg.prefixLength6}"
118              }
119            '';
120          owner = "root";
121          group = "systemd-network";
122          mode = "0440";
123        };
124        sops.templates.networkd-route = {
125          content =
126            lib.mkIf
127            (isSecret cfg.defaultGateway || isSecret cfg.defaultGateway6)
128            "${
129              lib.optionalString (isSecret cfg.defaultGateway)
130              ''
131                [Route]
132                Gateway=${config.sops.placeholder.${cfg.defaultGateway.secretName}}
133                Destination=0.0.0.0/0
134              ''
135            }\n${
136              lib.optionalString (isSecret cfg.defaultGateway6)
137              ''
138                [Route]
139                Gateway=${config.sops.placeholder.${cfg.defaultGateway6.secretName}}
140                Destination=::/0
141              ''
142            }";
143          owner = "root";
144          group = "systemd-network";
145          mode = "0440";
146        };
147      })
148  ]