71 lines
1.7 KiB
Nix
71 lines
1.7 KiB
Nix
{ config
|
|
, lib
|
|
, ...
|
|
}:
|
|
with lib; let
|
|
cfg = config.clan.networking;
|
|
in
|
|
{
|
|
options = {
|
|
clan.networking.ipv4.address = mkOption {
|
|
type = types.str;
|
|
};
|
|
|
|
clan.networking.ipv4.cidr = mkOption {
|
|
type = types.str;
|
|
default = "26";
|
|
};
|
|
|
|
clan.networking.ipv4.gateway = mkOption {
|
|
type = types.str;
|
|
};
|
|
|
|
clan.networking.ipv6.address = mkOption {
|
|
type = types.str;
|
|
};
|
|
|
|
clan.networking.ipv6.cidr = mkOption {
|
|
type = types.str;
|
|
default = "64";
|
|
};
|
|
};
|
|
|
|
config = {
|
|
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
|
|
boot.kernelParams = [ "ip=127.0.0.1:::::lo:none" ];
|
|
|
|
boot.initrd.network = {
|
|
enable = true;
|
|
ssh = {
|
|
enable = true;
|
|
port = 2222;
|
|
hostKeys = [
|
|
# not using sops here because we cannot reliable deploy this secret
|
|
#config.sops.secrets.initrd-ssh-key.path
|
|
"/var/lib/secrets/initrd_ssh_key"
|
|
];
|
|
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
|
};
|
|
postCommands = ''
|
|
ip link set dev eth0 up
|
|
|
|
ip addr add ${cfg.ipv4.address}/${cfg.ipv4.cidr} dev eth0
|
|
ip route add ${cfg.ipv4.gateway} dev eth0
|
|
ip route add default via ${cfg.ipv4.gateway} dev eth0
|
|
|
|
ip -6 addr add ${cfg.ipv6.address}/${cfg.ipv6.cidr} dev eth0
|
|
ip -6 route add default via fe80::1 dev eth0
|
|
'';
|
|
|
|
};
|
|
boot.initrd.kernelModules = [
|
|
"e1000e" # older hetzner machines, 1 GbE nics
|
|
"igc" # newer herzner machines, 2.5 GbE nics
|
|
"igb"
|
|
# for debugging installation in vms
|
|
"virtio_pci"
|
|
"virtio_net"
|
|
];
|
|
};
|
|
}
|