Rename modules directory system to nixos

2026-03-22 20:09:07 +01:00 · 2026-02-26 21:11:45 +01:00 · 2026-02-26 21:11:45 +01:00 · 1c1b9221fc
commit 1c1b9221fc
parent 653a6f310b
48 changed files with 1 additions and 1 deletions
--- a/modules/nixos/networking/default.nix
+++ b/modules/nixos/networking/default.nix
@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  allHosts,
+  ...
+}:
+let
+  cfg = config.custom.networking;
+in
+{
+  options.custom.networking = {
+    hostName = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      default = config.networking.hostName;
+      readOnly = true;
+    };
+
+    nodes = lib.mkOption {
+      type = lib.types.anything;
+      default =
+        allHosts
+        |> lib.attrValues
+        |> lib.map (host: host.config.custom.networking)
+        |> lib.map (
+          node:
+          lib.removeAttrs node [
+            "nodes"
+            "peers"
+          ]
+        );
+      readOnly = true;
+    };
+    peers = lib.mkOption {
+      type = lib.types.anything;
+      default = cfg.nodes |> lib.filter (node: node.hostName != cfg.hostName);
+      readOnly = true;
+    };
+  };
+}
--- a/modules/nixos/networking/overlay.nix
+++ b/modules/nixos/networking/overlay.nix
@ -0,0 +1,75 @@
+{
+  config,
+  lib,
+  allHosts,
+  ...
+}:
+let
+  cfg = config.custom.networking.overlay;
+in
+{
+  options.custom.networking.overlay = {
+    networkCidr = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      default = "10.254.250.0/24";
+    };
+    networkAddress = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      default = cfg.networkCidr |> lib.splitString "/" |> lib.head;
+      readOnly = true;
+    };
+    prefixLength = lib.mkOption {
+      type = lib.types.ints.between 0 32;
+      default = cfg.networkCidr |> lib.splitString "/" |> lib.last |> lib.toInt;
+      readOnly = true;
+    };
+    domain = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      default = "splitleaf.de";
+    };
+    fqdn = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      default = "${config.custom.networking.hostName}.${cfg.domain}";
+    };
+
+    address = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      default = "";
+    };
+    cidr = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      default = "${cfg.address}/${toString cfg.prefixLength}";
+      readOnly = true;
+    };
+    interface = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      default = "nebula";
+    };
+    systemdUnit = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      default = "nebula@mesh.service";
+    };
+
+    isLighthouse = lib.mkEnableOption "";
+    role = lib.mkOption {
+      type = lib.types.enum [
+        "client"
+        "server"
+      ];
+    };
+
+    dnsServers = lib.mkOption {
+      type = lib.types.anything;
+      default =
+        allHosts
+        |> lib.attrValues
+        |> lib.filter (host: host.config.custom.services.dns.enable)
+        |> lib.map (host: host.config.custom.networking.overlay.address);
+    };
+
+    implementation = lib.mkOption {
+      type = lib.types.enum [ "nebula" ];
+      default = "nebula";
+    };
+  };
+}
--- a/modules/nixos/networking/underlay.nix
+++ b/modules/nixos/networking/underlay.nix
@ -0,0 +1,92 @@
+{
+  config,
+  self,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  cfg = config.custom.networking.underlay;
+in
+{
+  options.custom.networking.underlay = {
+    interface = lib.mkOption {
+      type = lib.types.nonEmptyStr;
+      default = "";
+    };
+    useDhcp = lib.mkEnableOption "";
+    isPublic = lib.mkEnableOption "";
+    cidr = lib.mkOption {
+      type = lib.types.nullOr lib.types.nonEmptyStr;
+      default = null;
+    };
+    address = lib.mkOption {
+      type = lib.types.nullOr lib.types.nonEmptyStr;
+      default = if cfg.cidr != null then cfg.cidr |> lib.splitString "/" |> lib.head else null;
+      readOnly = true;
+    };
+    gateway = lib.mkOption {
+      type = lib.types.nullOr lib.types.nonEmptyStr;
+      default = null;
+    };
+    wireless = {
+      enable = lib.mkEnableOption "";
+      networks = lib.mkOption {
+        type = lib.types.listOf lib.types.nonEmptyStr;
+        default = config.custom.sops.secrets.iwd |> lib.attrNames;
+      };
+    };
+  };
+
+  config = lib.mkMerge [
+    {
+      networking = {
+        useNetworkd = true;
+        useDHCP = false;
+      };
+
+      systemd.network = {
+        enable = true;
+        networks."10-${cfg.interface}" = {
+          matchConfig.Name = cfg.interface;
+          linkConfig.RequiredForOnline = "routable";
+          networkConfig.DHCP = lib.mkIf cfg.useDhcp "yes";
+          address = lib.optional (cfg.cidr != null) cfg.cidr;
+          routes = lib.optional (cfg.gateway != null) {
+            Gateway = cfg.gateway;
+            GatewayOnLink = true;
+          };
+        };
+      };
+
+      services.resolved = {
+        enable = true;
+        dnssec = "allow-downgrade";
+        dnsovertls = "opportunistic";
+      };
+    }
+
+    (lib.mkIf cfg.wireless.enable {
+      environment.systemPackages = [ pkgs.iwgtk ];
+
+      networking.wireless.iwd = {
+        enable = true;
+        settings.Settings.AutoConnect = true;
+      };
+
+      systemd.network.networks."10-${cfg.interface}".networkConfig.IgnoreCarrierLoss = "3s";
+
+      sops.secrets =
+        cfg.wireless.networks
+        |> lib.map (name: "iwd/${name}")
+        |> self.lib.genAttrs (_: {
+          restartUnits = [ "iwd.service" ];
+        });
+
+      systemd.services.iwd = {
+        preStart = "install -m 600 /run/secrets/iwd/* /var/lib/iwd";
+        postStop = "rm --force /var/lib/iwd/*.{open,psk,8021x}";
+      };
+    })
+  ];
+}