mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

refactor: properly modularize repo secret management

Browse source
This commit is contained in:
oddlama 2023-05-21 14:40:42 +02:00
parent 88f1ac54b8
commit d7f69c5baa
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
25 changed files with 143 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

9
hosts/ward/net.nix
View file

@ -1,7 +1,6 @@
{
config,
lib,
nodeSecrets,
...
}: let
inherit (config.lib.net) ip cidr;
@ -9,7 +8,7 @@
lanCidrv4 = "192.168.100.0/24";
lanCidrv6 = "fd00::/64";
in {
networking.hostId = nodeSecrets.networking.hostId;
networking.hostId = config.repo.secrets.local.networking.hostId;
boot.initrd.systemd.network = {
enable = true;
@ -31,7 +30,7 @@ in {
systemd.network.networks = {
"10-lan" = {
matchConfig.MACAddress = nodeSecrets.networking.interfaces.lan.mac;
matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan.mac;
# This interface should only be used from attached macvtaps.
# So don't acquire a link local address and only wait for
# this interface to gain a carrier.
@ -50,7 +49,7 @@ in {
#];
#gateway = [
#];
matchConfig.MACAddress = nodeSecrets.networking.interfaces.wan.mac;
matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.wan.mac;
networkConfig.IPv6PrivacyExtensions = "yes";
linkConfig.RequiredForOnline = "routable";
};
@ -183,7 +182,7 @@ in {
systemd.services.kea-dhcp4-server.after = ["sys-subsystem-net-devices-lan.device"];
extra.microvms.networking = {
baseMac = nodeSecrets.networking.interfaces.lan.mac;
baseMac = config.repo.secrets.local.networking.interfaces.lan.mac;
macvtapInterface = "lan";
static = {
baseCidrv4 = lanCidrv4;