Commit 4d81961

HPCesia <me@hpcesia.com>
2025-07-13 14:53:19
refactor: network vars
1 parent 93ffa89
hosts/chaser-kevin/default.nix
@@ -23,13 +23,11 @@ in {
     ./boot.nix
   ];
 
-  networking = {
-    inherit hostName;
-    inherit (myvars.networking) nameservers;
-
-    # desktop need its cli for status bar
-    networkmanager.enable = true;
-  };
+  networking =
+    {
+      inherit hostName;
+    }
+    // myvars.networking.generateHostNetworking hostName;
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
hosts/chaser-kevin/hardware-configuration.nix
@@ -51,13 +51,6 @@
     {device = "/dev/disk/by-uuid/39640e68-8296-4cdb-ab16-b9dfcd4ae743";}
   ];
 
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
-
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
modules/base/system-packages.nix
@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}: {
   environment.variables.EDITOR = "hx";
   environment.systemPackages = with pkgs; [
     fastfetch
@@ -31,5 +35,12 @@
     findutils
   ];
 
-  services.aria2.enable = true;
+  services.aria2 = {
+    enable = true;
+    rpcSecretFile = config.sops.secrets.aria2-rpc-secret.path;
+    settings = {
+      enable-rpc = true;
+      rpc-listen-port = 6800;
+    };
+  };
 }
modules/base/users.nix
@@ -1,4 +1,6 @@
 {myvars, ...}: {
+  programs.ssh = myvars.networking.ssh;
+
   users.users.${myvars.username} = {
     description = myvars.userfullname;
     openssh.authorizedKeys.keys = myvars.sshAuthorizedKeys;
modules/nixos/desktop/misc.nix
@@ -22,12 +22,5 @@
   services = {
     gvfs.enable = true; # Mount, trash, and other functionalities
     tumbler.enable = true; # Thumbnail support for images
-    aria2 = {
-      rpcSecretFile = config.sops.secrets.aria2-rpc-secret.path;
-      settings = {
-        enable-rpc = true;
-        rpc-listen-port = 6800;
-      };
-    };
   };
 }
vars/networking.nix
@@ -1,6 +1,79 @@
-{lib}: rec {
-  nameservers = [
+{lib}: let
+  defaultNameservers = [
+    # IPv4
     "119.29.29.29" # DNSPod
     "223.5.5.5" # AliDNS
+    # IPv6
+    "2400:3200::1" # Alidns
+    "2606:4700:4700::1111" # Cloudflare
   ];
+in rec {
+  hosts = {
+    kevin = {
+      environment = {
+        nameservers = defaultNameservers;
+      };
+      useNetworkManager = true;
+      iface = "wlp0s20f3";
+    };
+  };
+
+  generateHostNetworking = hostName: let
+    hostData = hosts.${hostName};
+    env = hostData.environment;
+  in {
+    inherit (env) nameservers;
+    defaultGateway = lib.mkIf (env ? "defaultGateway6") env.defaultGateway;
+    defaultGateway6 = lib.mkIf (env ? "defaultGateway6") env.defaultGateway6;
+    search = lib.mkIf (env ? "search") env.search;
+
+    useNetworkd = lib.mkDefault (hostData.useNetworkd or false);
+    networkmanager.enable = lib.mkDefault (hostData.useNetworkManager or false);
+    useDHCP = lib.mkDefault (hostData.useNetworkManager or false);
+
+    interfaces."${hostData.iface}" = {
+      ipv4.addresses = lib.mkIf (hostData ? "ipv4" && hostData.useNetworkd or false) [
+        {
+          address = hostData.ipv4;
+          prefixLength = env.prefixLength or env.prefixLength4;
+        }
+      ];
+      ipv6.addresses = lib.mkIf (hostData ? "ipv6" && hostData.useNetworkd or false) [
+        {
+          address = hostData.ipv6;
+          prefixLength = env.prefixLength6;
+        }
+      ];
+    };
+  };
+
+  ssh = {
+    extraConfig = let
+      sshTargetHosts = lib.attrsets.filterAttrs (name: value: value ? "ipv4") hosts;
+    in
+      lib.attrsets.foldlAttrs
+      (acc: host: val:
+        acc
+        + ''
+          Host ${host}
+            HostName ${val.ipv4}
+            Port ${val.port or "22"}
+        '')
+      ""
+      sshTargetHosts;
+    knownHosts =
+      lib.attrsets.mapAttrs'
+      (
+        host: value:
+          lib.attrsets.nameValuePair
+          (value.ipv4)
+          {
+            inherit (value) publicKey;
+            hostNames = [host];
+          }
+      )
+      (
+        lib.attrsets.filterAttrs (n: v: v ? "publicKey") hosts
+      );
+  };
 }