update + improvements

2025-06-19 03:27:05 +02:00
parent 0a331c214a
commit d750f5299f
6 changed files with 92 additions and 41 deletions
--- a/packages/netali-configure-net-ruby/default.nix
+++ b/packages/netali-configure-net-ruby/default.nix
@@ -1,20 +1,31 @@
 { writeShellScriptBin, iproute2 }:

 writeShellScriptBin "netali-configure-net-ruby" ''
-  if [[ $# -ne 2 ]]; then
-    echo "Usage: netali-configure-net-ruby [interface] [last-ip-block]"
+  if [[ $# -ne 3 ]]; then
+    echo "Usage: netali-configure-net-ruby [interface] [last-ip-block] [mode]"
    echo ""
    echo "interface:       name of the network interface to configure"
    echo "last-ip-block:   last block of the IPv6 address of this host"
+    echo "mode:            'public' or 'internal' (affects IP subnet)"
    exit 1
  fi

  INTERFACE=$1
  LAST_IP_BLOCK=$2
+  MODE=$3
+
+  if [[ $MODE == "public" ]]; then
+    PREFIX="2a00:fe0:1:21f::"
+    GATEWAY="2a00:fe0:1:21f::1"
+  else
+    PREFIX="2a00:fe0:3f5:1000::"
+    GATEWAY="2a00:fe0:3f5:1000::1"
+  fi

  ${iproute2}/bin/ip link set up $INTERFACE
-  ${iproute2}/bin/ip a a 2001:67c:a6c:a::$LAST_IP_BLOCK/64 dev $INTERFACE
-  ${iproute2}/bin/ip r a default via fe80::1 dev $INTERFACE
+  ${iproute2}/bin/ip a a $PREFIX$LAST_IP_BLOCK/64 dev $INTERFACE
+  ${iproute2}/bin/ip r a default via $GATEWAY dev $INTERFACE

-  echo "nameserver 2606:4700:4700::1111" > /etc/resolv.conf
+  echo "nameserver 2a00:fe0:0:2::300" > /etc/resolv.conf
+  echo "nameserver 2a00:fe0:0:3::300" >> /etc/resolv.conf
 ''
--- a/packages/netali-default-config-ruby/config-template.txt
+++ b/packages/netali-default-config-ruby/config-template.txt
@@ -8,8 +8,7 @@

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
-
-  boot.tmp.useTmpfs = true;
+  boot.tmp.cleanOnBoot = true;

  networking.nftables.enable = true;

@@ -18,7 +17,7 @@
  users.users.netali = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOV4f3/OcNQIHqomvH0nGLDmXDlrO/u7JKE9Fgq2Vuqs me@netali.de" ];
+    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqnMKa8BZmbRM2Oc4E8N9h9N26ABPLgPTketLNSK7l7 me@netali.de" ];
  };

  time.timeZone = "Europe/Berlin";
@@ -31,7 +30,7 @@

  services.qemuGuest.enable = true;

-  system.stateVersion = "24.11";
+  system.stateVersion = "$STATE_VERSION";

  networking.hostName = "$TARGET_HOSTNAME";

@@ -42,7 +41,7 @@
  networking.useDHCP = false;
  networking.dhcpcd.enable = false;

-  networking.nameservers = [ "2606:4700:4700::1111" "2606:4700:4700::1001" ];
+  networking.nameservers = [ "2a00:fe0:0:2::300" "2a00:fe0:0:3::300" ];

  nix = {
    settings = {
@@ -64,16 +63,16 @@
  systemd.network = {
    enable = true;
    networks = {
-      "40-ens18" = {
-        name = "ens18";
+      "40-$INTERFACE" = {
+        name = "$INTERFACE";
        networkConfig = {
          IPv6AcceptRA = false;
        };
        address = [
-          "2001:67c:a6c:a::$LAST_IP_BLOCK/64"
+          "$PREFIX$LAST_IP_BLOCK/64"
        ];
        gateway = [
-          "2001:67c:a6c:a::1"
+          "$GATEWAY"
        ];
      };
    };
--- a/packages/netali-default-config-ruby/default.nix
+++ b/packages/netali-default-config-ruby/default.nix
@@ -1,18 +1,34 @@
 { writeShellScriptBin, envsubst }:

 writeShellScriptBin "netali-default-config-ruby" ''
-  if [[ $# -ne 3 ]]; then
-    echo "Usage: netali-default-config-ruby [out-path] [hostname] [last-ip-block]"
+  if [[ $# -ne 6 ]]; then
+    echo "Usage: netali-default-config-ruby [out-path] [hostname] [interface] [last-ip-block] [mode] [state-version]"
    echo ""
    echo "out-path:        path to which the configuration will be written"
-    echo "hostname:        path to which the configuration will be written"
+    echo "hostname:        hostname of the new host"
+    echo "interface:       name of the network interface to configure"
    echo "last-ip-block:   last block of the IPv6 address of this host"
+    echo "mode:            'public' or 'internal' (affects IP subnet)"
+    echo "state-version:   NixOS State Version"
    exit 1
  fi
  
  OUT_PATH=$1
  export TARGET_HOSTNAME="$2"
-  export LAST_IP_BLOCK="$3"
+  export INTERFACE=$3
+  export LAST_IP_BLOCK=$4
+  MODE=$5
+  export STATE_VERSION=$6

-  ${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH
+  if [[ $MODE == "public" ]]; then
+    export PREFIX="2a00:fe0:1:21f::"
+    export GATEWAY="2a00:fe0:1:21f::1"
+  else
+    export PREFIX="2a00:fe0:3f5:1000::"
+    export GATEWAY="2a00:fe0:3f5:1000::1"
+  fi
+
+  cp ${./static.nix} $OUT_PATH/static.nix
+  chmod 644 $OUT_PATH/static.nix
+  ${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH/configuration.nix
 ''
--- a/packages/netali-default-config-ruby/static.nix
+++ b/packages/netali-default-config-ruby/static.nix
@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Pin current nixpkgs channel and flake registry to the nixpkgs version
+  # the host got build with
+  nix.nixPath = lib.mkForce [ "nixpkgs=\\${lib.cleanSource pkgs.path}" ];
+  nix.registry = lib.mkForce {
+    "nixpkgs" = {
+      from = {
+        type = "indirect";
+        id = "nixpkgs";
+      };
+      to = {
+        type = "path";
+        path = lib.cleanSource pkgs.path;
+      };
+      exact = true;
+    };
+  };
+}