system.networking: rewrite

2024-10-23 05:39:05 +08:00 · 2024-03-21 21:49:29 +08:00 · 2024-03-21 21:49:29 +08:00 · 1a5b81a317
commit 1a5b81a317
parent d97a5a4ada
4 changed files with 73 additions and 20 deletions
--- a/devices/nas/default.nix
+++ b/devices/nas/default.nix
@ -44,7 +44,7 @@ inputs:
        nixpkgs.march = "silvermont";
        nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
        kernel.patches = [ "cjktty" "lantian" ];
-        networking = { hostname = "nas"; networkd.dhcp = [ "enp3s0" ]; };
+        networking = { hostname = "nas"; networkd = {}; };
        gui.preferred = false;
      };
      hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
--- a/devices/vps6/default.nix
+++ b/devices/vps6/default.nix
@ -29,7 +29,7 @@ inputs:
        nixpkgs.march = "sandybridge";
        nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
        initrd.sshd.enable = true;
-        networking = { hostname = "vps6"; networkd.dhcp = [ "ens18" ]; };
+        networking = { hostname = "vps6"; networkd = {}; };
      };
      packages.packageSet = "server";
      services =
--- a/devices/vps7/default.nix
+++ b/devices/vps7/default.nix
@ -29,7 +29,7 @@ inputs:
        nixpkgs.march = "broadwell";
        nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
        initrd.sshd.enable = true;
-        networking = { hostname = "vps7"; networkd.dhcp = [ "ens18" ]; };
+        networking = { hostname = "vps7"; networkd = {}; };
        gui.preferred = false;
      };
      packages.packageSet = "desktop";
--- a/modules/system/networking.nix
+++ b/modules/system/networking.nix
@ -4,11 +4,27 @@ inputs:
  {
    hostname = mkOption { type = types.nonEmptyStr; };
    networkManager.enable = mkOption
-      { type = types.bool; default = inputs.config.nixos.system.networking.networkd.dhcp == []; };
-    networkd =
+      { type = types.bool; default = inputs.config.nixos.system.networking.networkd == null; };
+    networkd = mkOption
    {
-      dhcp = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
+      type = types.nullOr (types.submodule { options =
+      {
+        dhcp = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
+        static = mkOption
+        {
+          type = types.attrsOf (types.submodule { options =
+          {
+            ip = mkOption { type = types.nonEmptyStr; };
+            mask = mkOption { type = types.ints.unsigned; };
+            gateway = mkOption { type = types.nonEmptyStr; };
+            dns = mkOption { type = types.nonEmptyStr; default = null; };
+          };});
+          default = {};
+        };
+      };});
+      default = null;
    };
+    wireless = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
  };
  config = let inherit (inputs.config.nixos.system) networking; in inputs.lib.mkMerge
  [
@ -52,29 +68,66 @@ inputs:
      };
    })
    # networkd
-    (inputs.lib.mkIf (networking.networkd.dhcp != [])
+    (inputs.lib.mkIf networking.networkd != null
    {
      systemd.network =
+      {
+        enable = true;
+        networks = builtins.listToAttrs
+        (
+          (builtins.map
+            (network:
+            {
+              name = "10-${network.ssid}";
+              value =
+              {
+                matchConfig.Name = network.ssid;
+                networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; };
+                linkConfig.RequiredForOnline = "routable";
+              };
+            })
+            networking.networkd.dhcp)
+          ++ (builtins.map
+            (network:
+            {
+              name = "10-${network.name}";
+              value =
+              {
+                matchConfig.Name = network.name;
+                address = [ "${network.ip}/${builtins.toString network.mask}" ];
+                routes = [{ routeConfig.Gateway = network.gateway; }];
+                linkConfig.RequiredForOnline = "routable";
+              };
+            })
+            (inputs.localLib.attrsToList networking.networkd.static))
+        );
+      };
+      networking.networkmanager.unmanaged = with networking.networkd; dhcp ++ (builtins.attrNames static);
+    })
+    # wpa_supplicant
+    (inputs.lib.mkIf (networking.wireless != [])
+    {
+      services.wpa_supplicant =
      {
        enable = true;
        networks = builtins.listToAttrs (builtins.map
          (network:
          {
-            name = "10-${network}";
-            value =
-            {
-              matchConfig.Name = network;
-              networkConfig =
-              {
-                DHCP = "yes";
-                IPv6AcceptRA = true;
-              };
-              linkConfig.RequiredForOnline = "routable";
-            };
+            name = network;
+            value.psk = "@${builtins.hashString "md5" network}_PSK@";
          })
-          networking.networkd.dhcp);
+          networking.wireless);
+        environmentFile = inputs.config.sops.templates."wireless.env".path;
+      };
+      sops =
+      {
+        templates."wireless.env".content = builtins.concatStringsSep "\n" (builtins.map
+          (network: "${builtins.hashString "md5" network}_PSK=${inputs.config.sops.placeholder."wireless/${network}"}")
+          networking.wireless);
+        secrets = builtins.listToAttrs (builtins.map
+          (network: { name = "wireless/${network}"; value = {}; })
+          networking.wireless);
      };
-      networking = { useDHCP = false; networkmanager.unmanaged = networking.networkd.dhcp; };
    })
  ];
 }