update + improvements

packages/netali-default-config-ruby/config-template.txt

@@ -8,8 +8,7 @@
 
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
-
-  boot.tmp.useTmpfs = true;
+  boot.tmp.cleanOnBoot = true;
 
   networking.nftables.enable = true;
 
@@ -18,7 +17,7 @@
   users.users.netali = {
     isNormalUser = true;
     extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOV4f3/OcNQIHqomvH0nGLDmXDlrO/u7JKE9Fgq2Vuqs me@netali.de" ];
+    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqnMKa8BZmbRM2Oc4E8N9h9N26ABPLgPTketLNSK7l7 me@netali.de" ];
   };
 
   time.timeZone = "Europe/Berlin";
@@ -31,7 +30,7 @@
 
   services.qemuGuest.enable = true;
 
-  system.stateVersion = "24.11";
+  system.stateVersion = "$STATE_VERSION";
 
   networking.hostName = "$TARGET_HOSTNAME";
 
@@ -42,7 +41,7 @@
   networking.useDHCP = false;
   networking.dhcpcd.enable = false;
 
-  networking.nameservers = [ "2606:4700:4700::1111" "2606:4700:4700::1001" ];
+  networking.nameservers = [ "2a00:fe0:0:2::300" "2a00:fe0:0:3::300" ];
 
   nix = {
     settings = {
@@ -64,16 +63,16 @@
   systemd.network = {
     enable = true;
     networks = {
-      "40-ens18" = {
-        name = "ens18";
+      "40-$INTERFACE" = {
+        name = "$INTERFACE";
         networkConfig = {
           IPv6AcceptRA = false;
         };
         address = [
-          "2001:67c:a6c:a::$LAST_IP_BLOCK/64"
+          "$PREFIX$LAST_IP_BLOCK/64"
         ];
         gateway = [
-          "2001:67c:a6c:a::1"
+          "$GATEWAY"
         ];
       };
     };

packages/netali-default-config-ruby/default.nix

@@ -1,18 +1,34 @@
 { writeShellScriptBin, envsubst }:
 
 writeShellScriptBin "netali-default-config-ruby" ''
-  if [[ $# -ne 3 ]]; then
-    echo "Usage: netali-default-config-ruby [out-path] [hostname] [last-ip-block]"
+  if [[ $# -ne 6 ]]; then
+    echo "Usage: netali-default-config-ruby [out-path] [hostname] [interface] [last-ip-block] [mode] [state-version]"
     echo ""
     echo "out-path:        path to which the configuration will be written"
-    echo "hostname:        path to which the configuration will be written"
+    echo "hostname:        hostname of the new host"
+    echo "interface:       name of the network interface to configure"
     echo "last-ip-block:   last block of the IPv6 address of this host"
+    echo "mode:            'public' or 'internal' (affects IP subnet)"
+    echo "state-version:   NixOS State Version"
     exit 1
   fi
   
   OUT_PATH=$1
   export TARGET_HOSTNAME="$2"
-  export LAST_IP_BLOCK="$3"
+  export INTERFACE=$3
+  export LAST_IP_BLOCK=$4
+  MODE=$5
+  export STATE_VERSION=$6
 
-  ${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH
+  if [[ $MODE == "public" ]]; then
+    export PREFIX="2a00:fe0:1:21f::"
+    export GATEWAY="2a00:fe0:1:21f::1"
+  else
+    export PREFIX="2a00:fe0:3f5:1000::"
+    export GATEWAY="2a00:fe0:3f5:1000::1"
+  fi
+
+  cp ${./static.nix} $OUT_PATH/static.nix
+  chmod 644 $OUT_PATH/static.nix
+  ${envsubst}/bin/envsubst -i ${./config-template.txt} -o $OUT_PATH/configuration.nix
 ''

packages/netali-default-config-ruby/static.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Pin current nixpkgs channel and flake registry to the nixpkgs version
+  # the host got build with
+  nix.nixPath = lib.mkForce [ "nixpkgs=\\${lib.cleanSource pkgs.path}" ];
+  nix.registry = lib.mkForce {
+    "nixpkgs" = {
+      from = {
+        type = "indirect";
+        id = "nixpkgs";
+      };
+      to = {
+        type = "path";
+        path = lib.cleanSource pkgs.path;
+      };
+      exact = true;
+    };
+  };
+}