yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Files
ea5f2ecce99c192363af96472c11913bf6c1f6c9
clan-core/nixosModules/clanCore/networking.nix
Louis Opter c689c23d0c clan-cli: "fix" ssh option parsing 
Calling it fix in double quotes since that's still quite hand-crafted,
but at least you can now specify options with `@` inside them (e.g.
`ProxyJump`) and have it work properly.

Moreover this fixes the syntax for GET-like variables in the networking
clanCore module. Only the fixed syntax is supported since that's what
was tested, and actually parsed in the code.
2025-02-18 21:37:38 +00:00

114 lines
3.2 KiB
Nix
Raw Blame History

{ config, lib, ... }:
{
options.clan.core = {
networking = {
targetHost = lib.mkOption {
description = ''
The target SSH node for deployment.
By default, the node's attribute name will be used.
If set to null, only local deployment will be supported.
format: user@host:port?SSH_OPTION=SSH_VALUE[&SSH_OPTION_2=VALUE_2]
examples:
- machine.example.com
- user@machine2.example.com
- root@example.com:2222?IdentityFile=/path/to/private/key&StrictHostKeyChecking=yes
'';
default = null;
type = lib.types.nullOr lib.types.str;
};
buildHost = lib.mkOption {
description = ''
The build SSH node where nixos-rebuild will be executed.
If set to null, the targetHost will be used.
format: user@host:port?SSH_OPTION=SSH_VALUE&SSH_OPTION_2=VALUE_2
examples:
- machine.example.com
- user@machine2.example.com
- root@example.com:2222?IdentityFile=/path/to/private/key&StrictHostKeyChecking=yes
'';
type = lib.types.nullOr lib.types.str;
default = null;
};
};
deployment = {
requireExplicitUpdate = lib.mkOption {
description = ''
Do not update this machine when running `clan machines update` without any machines specified.
This is useful for machines that are not always online or are not part of the regular update cycle.
'';
type = lib.types.bool;
default = false;
};
};
};
imports = [
# TODO: use mkRenamedOptionModule once this is fixed: https://github.com/NixOS/nixpkgs/issues/324802
(lib.doRename rec {
from = [
"clan"
"networking"
];
to = [
"clan"
"core"
"networking"
];
visible = false;
warn = true;
use = lib.trace "Obsolete option `${lib.showOption from}' is used. It was renamed to `${lib.showOption to}'.";
withPriority = false;
})
(lib.mkRenamedOptionModule
[
"clan"
"deployment"
]
[
"clan"
"core"
"deployment"
]
)
(lib.mkRenamedOptionModule
[
"clan"
"core"
"networking"
"deploymentAddress"
]
[
"clan"
"core"
"networking"
"targetHost"
]
)
];
config = lib.mkIf config.clan.core.setDefaults {
# conflicts with systemd-resolved
networking.useHostResolvConf = false;
# Allow PMTU / DHCP
networking.firewall.allowPing = true;
# The notion of "online" is a broken concept
# https://github.com/systemd/systemd/blob/e1b45a756f71deac8c1aa9a008bd0dab47f64777/NEWS#L13
systemd.services.NetworkManager-wait-online.enable = false;
systemd.network.wait-online.enable = false;
systemd.network.networks."99-ethernet-default-dhcp".networkConfig.MulticastDNS = lib.mkDefault true;
systemd.network.networks."99-wireless-client-dhcp".networkConfig.MulticastDNS = lib.mkDefault true;
networking.firewall.allowedUDPPorts = [ 5353 ]; # Multicast DNS
# Use networkd instead of the pile of shell scripts
networking.useNetworkd = lib.mkDefault true;
};
}
Reference in New Issue View Git Blame Copy Permalink