-{ pkgs, lib, config, hostName, hosts, ... }:
+{ lib, config, hostName, ... }:
with builtins;
let
- inherit (config) networking users;
- netIface = "enp1s0";
- netIPv4 = "80.67.180.129";
+ inherit (config) networking;
+ netIface = "enp1s0";
+ netIPv4 = "80.67.180.129";
netIPv4Gateway = "80.67.180.134";
#netIPv6 = "2001:912:400:104::35";
#netIPv6Gateway = "2001:912:400:104::1";
- lanIface = "enp2s0";
- lanIPv4 = "192.168.1.214";
- lanNet = "192.168.1.0/24";
+ lanIface = "enp2s0";
+ lanIPv4 = "192.168.1.214";
+ lanNet = "192.168.1.0/24";
lanIPv4Gateway = "192.168.1.1";
in
{
-imports = [
- networking/nftables.nix
- networking/ssh.nix
- networking/wireguard.nix
-];
+ imports = [
+ networking/nftables.nix
+ ];
-_module.args.ipv4 = netIPv4;
+ _module.args.ipv4 = netIPv4;
-/* WARNING: using ipconfig (the ip= kernel parameter) IS NOT RELIABLE:
- a 91.216.110.35/32 becomes a 91.216.110.35/8
-boot.kernelParams = map
- (ip: "ip=${ip.clientIP}:${ip.serverIP}:${ip.gatewayIP}:${ip.netmask}:${ip.hostname}:${ip.device}:${ip.autoconf}")
- [ { clientIP = netIPv4; serverIP = "";
+ /* WARNING: using ipconfig (the ip= kernel parameter) IS NOT RELIABLE:
+ a 91.216.110.35/32 becomes a 91.216.110.35/8
+ boot.kernelParams = map
+ (ip: "ip=${ip.clientIP}:${ip.serverIP}:${ip.gatewayIP}:${ip.netmask}:${ip.hostname}:${ip.device}:${ip.autoconf}")
+ [ { clientIP = netIPv4; serverIP = "";
gatewayIP = networking.defaultGateway.address;
netmask = "255.255.255.255";
hostname = ""; device = networking.defaultGateway.interface;
hostname = ""; device = "${lanIface}";
autoconf = "off";
}
- ];
-*/
-/* DIY network config, but a right one */
-boot.initrd.preLVMCommands = ''
- set -x
-
- # IPv4 net
- ip link set ${netIface} up
- ip address add ${netIPv4}/32 dev ${netIface}
- ip route add ${netIPv4Gateway} dev ${netIface}
- ip route add default via ${netIPv4Gateway} dev ${netIface}
+ ];
+ */
+ /* DIY network config, but a right one */
+ boot.initrd.preLVMCommands = ''
+ set -x
- # IPv4 lan
- ip link set ${lanIface} up
- ip address add ${lanIPv4}/32 dev ${lanIface}
- ip route add ${lanIPv4Gateway} dev ${lanIface}
- ip route add ${lanNet} dev ${lanIface} src ${lanIPv4} proto kernel
- # NOTE: ${lanIPv4}/24 would not work with initrd's ip, hence ${lanNet}
+ # IPv4 net
+ ip link set ${netIface} up
+ ip address add ${netIPv4}/32 dev ${netIface}
+ ip route add ${netIPv4Gateway} dev ${netIface}
+ ip route add default via ${netIPv4Gateway} dev ${netIface}
- # IPv6 net
- #ip -6 address add ''${netIPv6} dev ${netIface}
- #ip -6 route add ''${netIPv6Gateway} dev ${netIface}
- #ip -6 route add default via ''${netIPv6Gateway} dev ${netIface}
+ # IPv4 lan
+ ip link set ${lanIface} up
+ ip address add ${lanIPv4}/32 dev ${lanIface}
+ ip route add ${lanIPv4Gateway} dev ${lanIface}
+ ip route add ${lanNet} dev ${lanIface} src ${lanIPv4} proto kernel
+ # NOTE: ${lanIPv4}/24 would not work with initrd's ip, hence ${lanNet}
- ip -4 address
- ip -4 route
- #ip -6 address
- #ip -6 route
+ # IPv6 net
+ #ip -6 address add ''${netIPv6} dev ${netIface}
+ #ip -6 route add ''${netIPv6Gateway} dev ${netIface}
+ #ip -6 route add default via ''${netIPv6Gateway} dev ${netIface}
- set +x
+ ip -4 address
+ ip -4 route
+ #ip -6 address
+ #ip -6 route
- # Since boot.initrd.network's preLVMCommands won't set hasNetwork=1
- # we have to run the postCommands ourselves.
- ${config.boot.initrd.network.postCommands}
-'';
+ set +x
-# Workaround https://github.com/NixOS/nixpkgs/issues/56822
-# TODO: the issue is now closed
-#boot.initrd.kernelModules = [ "ipv6" ];
+ # Since boot.initrd.network's preLVMCommands won't set hasNetwork=1
+ # we have to run the postCommands ourselves.
+ ${config.boot.initrd.network.postCommands}
+ '';
-# Useless without an out-of-band access, and unsecure
-# (though / may still be encrypted at this point).
-# boot.kernelParams = [ "boot.shell_on_fail" ];
+ # Useless without an out-of-band access, and unsecure
+ # (though / may still be encrypted at this point).
+ # boot.kernelParams = [ "boot.shell_on_fail" ];
-# Disable IPv6 entirely until it's available
-boot.kernel.sysctl = {
- "net.ipv6.conf.${netIface}.disable_ipv6" = 1;
-};
+ # Disable IPv6 entirely until it's available
+ boot.kernel.sysctl = {
+ "net.ipv6.conf.${netIface}.disable_ipv6" = 1;
+ };
-services.knot.extraConfig = lib.mkBefore ''
- server:
- listen: ${netIPv4}@53
- #listen: ::@53
-'';
+ services.knot.settingsFreeform.server.listen = [
+ "${netIPv4}@53"
+ ];
-networking = {
- hostName = hostName;
- domain = "sourcephile.fr";
+ networking = {
+ hostName = hostName;
+ domain = "sourcephile.fr";
- useDHCP = false;
- defaultGateway = {
- address = netIPv4Gateway;
- interface = "${netIface}";
- };
- /*
- defaultGateway6 = {
- address = netIPv6Gateway;
- interface = "${netIface}";
- };
- */
- #nameservers = [ ];
- nftables.ruleset = lib.mkAfter ''
- table inet filter {
- chain input {
- iifname ${netIface} goto input-net
- iifname ${lanIface} goto input-lan
- }
- chain output {
- oifname ${netIface} jump output-net
- oifname ${netIface} log level warn prefix "output-net: " counter drop
- oifname ${lanIface} goto output-lan
- }
- }
- '';
- interfaces.${netIface} = {
useDHCP = false;
- ipv4.addresses = [ { address = netIPv4; prefixLength = 32; } ];
- ipv4.routes = [ { address = networking.defaultGateway.address; prefixLength = 32; } ];
-
+ defaultGateway = {
+ address = netIPv4Gateway;
+ interface = "${netIface}";
+ };
/*
- ipv6.addresses = [ { address = netIPv6; prefixLength = 64; }
+ defaultGateway6 = {
+ address = netIPv6Gateway;
+ interface = "${netIface}";
+ };
+ */
+ #nameservers = [ ];
+ nftables.ruleset = lib.mkAfter ''
+ table inet filter {
+ chain input {
+ iifname ${netIface} goto input-net
+ iifname ${lanIface} goto input-lan
+ }
+ chain output {
+ oifname ${netIface} jump output-net
+ oifname ${netIface} log level warn prefix "output-net: " counter drop
+ oifname ${lanIface} goto output-lan
+ }
+ }
+ '';
+ interfaces.${netIface} = {
+ useDHCP = false;
+ ipv4.addresses = [{ address = netIPv4; prefixLength = 32; }];
+ ipv4.routes = [{ address = networking.defaultGateway.address; prefixLength = 32; }];
+
+ /*
+ ipv6.addresses = [ { address = netIPv6; prefixLength = 64; }
{ address = "fe80::1"; prefixLength = 10; }
];
- ipv6.routes = [ { address = networking.defaultGateway6.address; prefixLength = 64; } ];
- */
- };
- interfaces.${lanIface} = {
- useDHCP = false;
- ipv4.addresses = [ { address = lanIPv4; prefixLength = 24; } ];
- /*
- # FIXME: remove this /1 hack when the host will be racked at PTT
- ipv4.routes = [ { address = "0.0.0.0"; prefixLength = 1; via = "192.168.1.1"; }
+ ipv6.routes = [ { address = networking.defaultGateway6.address; prefixLength = 64; } ];
+ */
+ };
+ interfaces.${lanIface} = {
+ useDHCP = false;
+ ipv4.addresses = [{ address = lanIPv4; prefixLength = 24; }];
+ /*
+ # FIXME: remove this /1 hack when the host will be racked at PTT
+ ipv4.routes = [ { address = "0.0.0.0"; prefixLength = 1; via = "192.168.1.1"; }
{ address = "128.0.0.0"; prefixLength = 1; via = "192.168.1.1"; }
];
- */
- /*
- ipv6.addresses = [ { address = "fe80::1"; prefixLength = 10; } ];
- ipv6.routes = [ ];
- */
+ */
+ /*
+ ipv6.addresses = [ { address = "fe80::1"; prefixLength = 10; } ];
+ ipv6.routes = [ ];
+ */
+ };
+ interfaces.enp3s0 = {
+ useDHCP = false;
+ };
};
- interfaces.enp3s0 = {
- useDHCP = false;
- };
-};
+
+ services.vnstat.enable = true;
}