diff --git a/.gitignore b/.gitignore index 2b6be23..8723679 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ vars.nix ssh hardware-configuration.nix tmp +result diff --git a/bond-network.nix b/bond-network.nix deleted file mode 100644 index b81c2b6..0000000 --- a/bond-network.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, ... }: { - boot.kernelModules = [ "bonding" ]; - - networking.bonds.bond0 = { - interfaces = [ "enp1s0" "enp2s0" ]; - driverOptions = { - mode = "802.3ad"; - miimon = "100"; - lacp_rate = "fast"; - xmit_hash_policy = "layer3+4"; - }; - }; - - networking.interfaces.enp1s0.useDHCP = false; - networking.interfaces.enp2s0.useDHCP = false; - networking.interfaces.bond0.useDHCP = true; -} - diff --git a/configuration.nix b/configuration.nix index 70474a9..4727636 100644 --- a/configuration.nix +++ b/configuration.nix @@ -47,40 +47,6 @@ }; }; - networking = { - hostName = config.vars.hostname; - hostId = config.vars.hostid; - - # Enable IPv6 Stack - enableIPv6 = true; - - interfaces = let - primaryInterface = lib.head config.vars.interfaces; - secondaryInterfaces = lib.tail config.vars.interfaces; - in - lib.foldr (name: acc: acc // { - # Secondary interfaces can keep using DHCP - ${name}.useDHCP = true; - }) ( - { ${primaryInterface} = { - # PRIMARY INTERFACE: STATIC IPV4 ONLY - ipv4.addresses = [{ - address = config.vars.local_ip; - prefixLength = 24; - }]; - - }; - } - ) secondaryInterfaces; - - defaultGateway = { - address = "192.168.178.1"; - interface = lib.head config.vars.interfaces; - }; - nameservers = [ "192.168.178.10" "9.9.9.9" ]; - }; - - # Set your time zone. time.timeZone = "Europe/Berlin"; diff --git a/gbs-network.nix b/gbs-network.nix deleted file mode 100644 index 012bcc7..0000000 --- a/gbs-network.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: { - systemd.services.force-gigabit-speed = { - description = "Force 1Gbps link speed on enp1s0"; - # This service should run before the network is considered "up" - wantedBy = [ "network-pre.target" ]; - before = [ "network-pre.target" ]; - - # The command to execute - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.ethtool}/bin/ethtool -s enp1s0 speed 1000 duplex full autoneg on"; - }; - }; -} diff --git a/network-base.nix b/network-base.nix new file mode 100644 index 0000000..f39e0eb --- /dev/null +++ b/network-base.nix @@ -0,0 +1,57 @@ +{ config, pkgs, lib, ... }: + +let + # Filter interfaces that have a specific speed set + speedInterfaces = lib.filter (i: i.speed != null) config.vars.interfaces; + + # Find the interface designated as the "primary" (first one with an IP) for the gateway + # If none have IPs, we just pick the first interface in the list + primaryInterface = lib.findFirst (i: i.ip != null) (lib.head config.vars.interfaces) config.vars.interfaces; + +in +{ + networking.hostName = config.vars.hostname; + networking.hostId = config.vars.hostid; + + # Global DNS settings + networking.nameservers = [ "192.168.178.10" "9.9.9.9" ]; + + # Default Gateway + networking.defaultGateway = { + address = "192.168.178.1"; + # interface = primaryInterface.name; + interface = "bond0"; + }; + + # 1. Generate Static IP Configurations + networking.interfaces = lib.listToAttrs (map (iface: { + name = iface.name; + value = { + # If an IP is provided, use it. Otherwise empty list. + ipv4.addresses = if iface.ip != null then [{ + address = iface.ip; + prefixLength = iface.prefixLength; + }] else []; + + # Logic: If we have a static IP, disable DHCP. If no IP, enable DHCP. + useDHCP = (iface.ip == null); + }; + }) config.vars.interfaces); + + + # 2. Systemd Service for Link Speed + systemd.services.force-interface-speeds = lib.mkIf (speedInterfaces != []) { + description = "Force link speed on configured interfaces"; + wantedBy = [ "network-pre.target" ]; + before = [ "network-pre.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = pkgs.writeShellScript "force-interface-speeds" ( + lib.concatMapStringsSep "\n" (iface: '' + ${pkgs.ethtool}/bin/ethtool -s ${iface.name} speed ${toString iface.speed} duplex full autoneg on + ${pkgs.ethtool}/bin/ethtool --set-eee ${iface.name} eee off || true + '') speedInterfaces + ); + }; + }; +} diff --git a/network-bond.nix b/network-bond.nix new file mode 100644 index 0000000..1b1655e --- /dev/null +++ b/network-bond.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +{ + boot.kernelModules = [ "bonding" ]; + + networking.bonds.bond0 = { + interfaces = map (i: i.name) config.vars.interfaces; + driverOptions = { + mode = "802.3ad"; + miimon = "100"; + lacp_rate = "fast"; + xmit_hash_policy = "layer2+3"; + }; + }; + + # 1. Generate the physical interfaces config (slaves) + # 2. Merge it with the bond0 config + networking.interfaces = lib.listToAttrs (map (iface: { + name = iface.name; + value = { + useDHCP = lib.mkForce false; + ipv4.addresses = lib.mkForce []; + }; + }) config.vars.interfaces) // { + + # Bond Interface Configuration + bond0 = { + useDHCP = false; + ipv4.addresses = [{ + address = "192.168.178.8"; + prefixLength = 24; + }]; + }; + }; +} diff --git a/var_reg.nix b/var_reg.nix index a0fe7c5..1711b4a 100644 --- a/var_reg.nix +++ b/var_reg.nix @@ -1,9 +1,40 @@ { lib, ... }: with lib; +let + interfaceSubmodule = types.submodule { + options = { + name = mkOption { + type = types.str; + description = "Name of the network interface (e.g., enp1s0)"; + }; + ip = mkOption { + type = types.nullOr types.str; + default = null; + description = "Static IP address (optional). If null, no static IP is assigned."; + }; + speed = mkOption { + type = types.nullOr types.int; + default = null; + description = "Link speed in Mbps (optional). If null, auto-negotiation is used."; + }; + prefixLength = mkOption { + type = types.int; + default = 24; + description = "Subnet prefix length (default 24)."; + }; + }; + }; +in { options.vars = { # WIREGUARD + wg_interface = mkOption { + type = types.str; + }; + wg_local_ip = mkOption { + type = types.str; + }; wg_adress = mkOption { type = types.str; }; @@ -46,9 +77,9 @@ with lib; type = types.str; }; interfaces = mkOption { - type = types.listOf types.str; - }; - + type = types.listOf interfaceSubmodule; + default = []; + }; # KEEPALIVED ka_addr_v4 = mkOption { type = types.str; diff --git a/wireguard.nix b/wireguard.nix index e7a90a9..1d2f0ce 100644 --- a/wireguard.nix +++ b/wireguard.nix @@ -1,8 +1,8 @@ { config, lib, pkgs, ... }: { networking.nat.enable = true; - networking.nat.externalInterface = lib.head config.vars.interfaces; - networking.nat.internalInterfaces = [ "wg0" ] ++ config.vars.interfaces; + networking.nat.externalInterface = (lib.head config.vars.interfaces).name; + networking.nat.internalInterfaces = [ "wg0" ] ++ (map (i: i.name) config.vars.interfaces); networking.wg-quick.interfaces = { wg0 = { @@ -11,10 +11,10 @@ autostart = true; postUp = '' ${pkgs.procps}/bin/sysctl -w net.ipv4.conf.wg0.rp_filter=2 - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wg0 -d ${config.vars.wg_range} -j SNAT --to-source ${config.vars.local_ip} + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wg0 -d ${config.vars.wg_range} -j SNAT --to-source ${config.vars.wg_local_ip} ''; postDown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o wg0 -d ${config.vars.wg_range} -j SNAT --to-source ${config.vars.local_ip} + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o wg0 -d ${config.vars.wg_range} -j SNAT --to-source ${config.vars.wg_local_ip} ''; privateKey = config.vars.wg_privateKey; peers = [{