Centralize IPv6 GUA prefix configuration

2025-02-21 12:36:07 +02:00 · 2025-02-21 12:36:07 +02:00 · 89516c5477
commit 89516c5477
parent f95617dfa4
4 changed files with 181 additions and 172 deletions
--- a/base.nix
+++ b/base.nix
@ -1,5 +1,14 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 {
+  options.custom.gua_pref = lib.mkOption {
+    type = with lib.types; nullOr (strMatching "^[0-9a-zA-Z:]+$");
+    default = null;
+    description = "IPv6 GUA Prefix to use in other confs";
+  };
+
+  config = {
+    custom.gua_pref = "2001:14ba:a090:39";
+
    ######################################## Packages ###############################################
    environment.systemPackages = with pkgs; [
      tmux
@ -180,4 +189,5 @@
      efi.canTouchEfiVariables = pkgs.lib.mkDefault true;
      timeout = pkgs.lib.mkDefault 0;
    };
+  };
 }
--- a/machine-confs/helium.nix
+++ b/machine-confs/helium.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
  networking = {
    hostName = "helium";
@ -6,9 +6,9 @@
    wg-quick.interfaces = {
      wg0 = {
        autostart = true;
-        address = [ "2001:14ba:a090:39ff::2/64" ];
+        address = [ "${config.custom.gua_pref}ff::2/64" ];
        dns = [
-          "2001:14ba:a090:39ff::1"
+          "${config.custom.gua_pref}ff::1"
          "vsinerva.fi"
        ];
        privateKeyFile = "/root/wireguard-keys/privatekey-home";
@ -50,7 +50,7 @@
  };
  services.clatd = {
    enable = true;
-    settings.clat-v6-addr = "2001:14ba:a090:39ff::c2";
+    settings.clat-v6-addr = "${config.custom.gua_pref}ff::c2";
  };
  systemd.services.clatd.wants = [ "wg-quick-wg0.service" ];

--- a/machine-confs/lithium.nix
+++ b/machine-confs/lithium.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
  networking = {
    hostName = "lithium";
@ -6,9 +6,9 @@
    wg-quick.interfaces = {
      wg0 = {
        autostart = true;
-        address = [ "2001:14ba:a090:39ff::3/64" ];
+        address = [ "${config.custom.gua_pref}ff::3/64" ];
        dns = [
-          "2001:14ba:a090:39ff::1"
+          "${config.custom.gua_pref}ff::1"
          "vsinerva.fi"
        ];
        privateKeyFile = "/root/wireguard-keys/privatekey-home";
@ -32,7 +32,7 @@
  };
  services.clatd = {
    enable = true;
-    settings.clat-v6-addr = "2001:14ba:a090:39ff::c3";
+    settings.clat-v6-addr = "${config.custom.gua_pref}ff::c3";
  };
  systemd.services.clatd.wants = [ "wg-quick-wg0.service" ];

--- a/services/siit-dc.nix
+++ b/services/siit-dc.nix
@ -1,6 +1,5 @@
-{ ... }:
+{ config, ... }:
 let
-  gua_pref = "2001:14ba:a090:39";
  v4_pref = "192.168.251";
 in
 {
@ -8,12 +7,12 @@ in
    jool = {
      enable = true;
      siit.default = {
-        global.pool6 = "${gua_pref}46::/96";
+        global.pool6 = "${config.custom.gua_pref}46::/96";

        # Explicit address mappings
        eamt = [
          {
-            "ipv6 prefix" = "${gua_pref}d1:be24:11ff:fe42:dd76/128";
+            "ipv6 prefix" = "${config.custom.gua_pref}d1:be24:11ff:fe42:dd76/128";
            "ipv4 prefix" = "${v4_pref}.1/32";
          }
        ];