2024-12-19 00:02:50 +01:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
let
|
|
|
|
|
cfg = config.kropcloud.networking;
|
2025-01-15 23:51:23 +01:00
|
|
|
kc_cfg = config.kropcloud;
|
2024-12-20 10:03:05 +01:00
|
|
|
ipopts = version: {
|
|
|
|
|
address = lib.mkOption {
|
|
|
|
|
type = lib.types.nullOr lib.types.str;
|
|
|
|
|
description = "The server IPv${version} address";
|
|
|
|
|
example = if version == 4 then "192.168.1.155" else null;
|
|
|
|
|
default = null;
|
|
|
|
|
};
|
|
|
|
|
prefixLength = lib.mkOption {
|
|
|
|
|
type = lib.types.nullOr lib.types.int;
|
|
|
|
|
description = "The server IPv${version} address prefix length";
|
|
|
|
|
default = null;
|
|
|
|
|
example = if version == 4 then 24 else 64;
|
|
|
|
|
};
|
2024-12-22 15:21:15 +01:00
|
|
|
defaultGateway = lib.mkOption {
|
|
|
|
|
type = lib.types.nullOr lib.types.str;
|
|
|
|
|
description = "The defautl gateway IPv${version}";
|
|
|
|
|
default = null;
|
|
|
|
|
example = if version == 4 then "192.168.1.1" else null;
|
|
|
|
|
};
|
2024-12-20 10:03:05 +01:00
|
|
|
};
|
2024-12-19 00:02:50 +01:00
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options.kropcloud.networking = {
|
|
|
|
|
enable = lib.mkOption {
|
|
|
|
|
type = lib.types.bool;
|
|
|
|
|
description = "Whence to configure networking";
|
|
|
|
|
default = true;
|
|
|
|
|
example = false;
|
|
|
|
|
};
|
2024-12-20 10:03:05 +01:00
|
|
|
ipv4 = ipopts 4;
|
2024-12-19 00:02:50 +01:00
|
|
|
};
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
2024-12-20 00:06:32 +01:00
|
|
|
|
|
|
|
|
assertions = [
|
|
|
|
|
{
|
2024-12-22 15:21:15 +01:00
|
|
|
assertion =
|
|
|
|
|
!(cfg.ipv4.address == null || cfg.ipv4.prefixLength == null || cfg.ipv4.defaultGateway == null);
|
2024-12-20 00:06:32 +01:00
|
|
|
message = ''
|
2024-12-22 15:21:15 +01:00
|
|
|
You need to provide valid values for `address`, `prefixLength` and `defaultGateway` in `kropcloud.networking.ipv4`
|
2024-12-20 10:03:05 +01:00
|
|
|
when either is set.
|
2024-12-20 00:06:32 +01:00
|
|
|
'';
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
2025-01-10 23:11:21 +01:00
|
|
|
services.avahi = {
|
|
|
|
|
enable = true;
|
2025-01-16 19:16:30 +01:00
|
|
|
openFirewall = true;
|
2025-01-10 23:11:21 +01:00
|
|
|
};
|
|
|
|
|
|
2024-12-19 00:02:50 +01:00
|
|
|
networking = {
|
|
|
|
|
nftables.enable = true;
|
|
|
|
|
firewall = {
|
|
|
|
|
checkReversePath = "loose";
|
2025-01-16 19:16:30 +01:00
|
|
|
allowedUDPPorts =
|
|
|
|
|
[ ]
|
|
|
|
|
++ lib.optionals kc_cfg.services.k3s.enable [
|
2025-02-07 11:34:56 +01:00
|
|
|
7946
|
2025-01-16 19:16:30 +01:00
|
|
|
8472
|
|
|
|
|
]
|
|
|
|
|
++ lib.optionals kc_cfg.services.nfs.enable [
|
|
|
|
|
4000
|
|
|
|
|
4001
|
|
|
|
|
4002
|
|
|
|
|
2049
|
|
|
|
|
111
|
|
|
|
|
];
|
|
|
|
|
allowedTCPPorts =
|
|
|
|
|
[ ]
|
|
|
|
|
++ lib.optionals kc_cfg.services.k3s.enable [
|
|
|
|
|
2379
|
|
|
|
|
2380
|
|
|
|
|
6443
|
2025-02-07 11:34:56 +01:00
|
|
|
7946
|
2025-01-16 19:16:30 +01:00
|
|
|
10250
|
|
|
|
|
]
|
|
|
|
|
++ lib.optionals kc_cfg.services.nfs.enable [
|
|
|
|
|
4000
|
|
|
|
|
4001
|
|
|
|
|
4002
|
|
|
|
|
2049
|
|
|
|
|
111
|
|
|
|
|
];
|
2024-12-19 00:02:50 +01:00
|
|
|
};
|
2024-12-20 00:06:32 +01:00
|
|
|
interfaces = {
|
|
|
|
|
ens18 = {
|
2024-12-20 10:03:05 +01:00
|
|
|
ipv4.addresses = lib.mkIf (cfg.ipv4.address != null || cfg.ipv4.prefixLength != null) [
|
2024-12-20 00:06:32 +01:00
|
|
|
{
|
|
|
|
|
address = cfg.ipv4.address;
|
|
|
|
|
prefixLength = cfg.ipv4.prefixLength;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-12-22 15:21:15 +01:00
|
|
|
useDHCP = (
|
|
|
|
|
cfg.ipv4.address == null || cfg.ipv4.prefixLength == null || cfg.ipv4.defaultGateway == null
|
|
|
|
|
);
|
|
|
|
|
defaultGateway = lib.mkIf (cfg.ipv4.defaultGateway != null) { address = cfg.ipv4.defaultGateway; };
|
|
|
|
|
nameservers =
|
|
|
|
|
lib.mkIf
|
|
|
|
|
(cfg.ipv4.address != null || cfg.ipv4.prefixLength != null || cfg.ipv4.defaultGateway != null)
|
|
|
|
|
[
|
|
|
|
|
"8.8.8.8"
|
|
|
|
|
"1.1.1.1"
|
|
|
|
|
];
|
2024-12-19 00:02:50 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
