From b55cc2deaf2923fac26871d522b7a1bc04db5a03 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Sun, 22 Sep 2024 11:26:36 +0200 Subject: [PATCH] shinobu/router: Allow adding static hosts This is required to have them available in nftables rules without too much headache. --- machines/shinobu/services/router/common.nix | 36 +++++++++++++++++++- machines/shinobu/services/router/dnsmasq.nix | 4 +++ machines/shinobu/services/router/nft.nix | 9 +++-- 3 files changed, 46 insertions(+), 3 deletions(-) diff --git a/machines/shinobu/services/router/common.nix b/machines/shinobu/services/router/common.nix index f2a214d..9b6570e 100644 --- a/machines/shinobu/services/router/common.nix +++ b/machines/shinobu/services/router/common.nix @@ -26,12 +26,35 @@ let cidr = v6; net = fst v6Split; suffix = snd v6Split; + withoutLocalComponent = lib.substring 0 ((lib.stringLength net) - 1) net; gateway = "${net}1"; gatewayCidr = "${gateway}/${suffix}"; }; }; + + macToIpv6InterfaceIdentifier = mac: + let + macList = lib.splitString ":" mac; + macListIpv6 = lib.flatten [ + (lib.toHexString (lib.bitXor (builtins.fromTOML "x = 0x${lib.elemAt macList 0}").x 2)) + (lib.sublist 1 2 macList) + [ "ff" "fe" ] + (lib.sublist 3 3 macList) + ]; + interfaceIdentifierNoColons = lib.strings.toLower (lib.concatStrings macListIpv6); + interfaceIdentifier = lib.concatStrings [ + (lib.substring 0 4 interfaceIdentifierNoColons) + ":" + (lib.substring 4 4 interfaceIdentifierNoColons) + ":" + (lib.substring 8 4 interfaceIdentifierNoColons) + ":" + (lib.substring 12 4 interfaceIdentifierNoColons) + ]; + in + interfaceIdentifier; in -{ +rec { vlan = { lan = { id = 10; @@ -123,4 +146,15 @@ in } ]; }; + staticHosts = lib.mapAttrs + (_: options: options // { + address6 = "${vlan.${options.vlan}.subnet.v6.withoutLocalComponent}${macToIpv6InterfaceIdentifier options.hwaddr}"; + }) + { + fuuko = { + hwaddr = "18:c0:4d:d2:93:f0"; + address4 = "10.80.1.98"; + vlan = "lan"; + }; + }; } diff --git a/machines/shinobu/services/router/dnsmasq.nix b/machines/shinobu/services/router/dnsmasq.nix index a447154..abe66b6 100644 --- a/machines/shinobu/services/router/dnsmasq.nix +++ b/machines/shinobu/services/router/dnsmasq.nix @@ -56,6 +56,10 @@ in ]) cfg.vlan); + dhcp-host = lib.mapAttrsToList + (name: { hwaddr, address4, vlan, ... }: "${hwaddr},tag:br-${vlan},${address4},${name}") + cfg.staticHosts; + nftset = [ "/${lib.concatStringsSep "/" bypassHe}/6#ip6#he-bypass#addresses" ]; diff --git a/machines/shinobu/services/router/nft.nix b/machines/shinobu/services/router/nft.nix index e82c48b..dfc13ac 100644 --- a/machines/shinobu/services/router/nft.nix +++ b/machines/shinobu/services/router/nft.nix @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2023 Simon Bruder +# SPDX-FileCopyrightText: 2023-2024 Simon Bruder # # SPDX-License-Identifier: AGPL-3.0-or-later @@ -17,7 +17,12 @@ let passthru = { VLANS = lib.attrNames cfg.vlan; VLAN_BRIDGES = map (name: "br-${name}") (lib.attrNames cfg.vlan); - }; + } // (lib.listToAttrs (lib.flatten (lib.mapAttrsToList + (name: staticHostConfig: + (map + (option: option // { name = "STATIC_HOST_${name}_${option.name}"; }) + (lib.attrsToList staticHostConfig))) + cfg.staticHosts))); defines = lib.concatStringsSep "\n"