bridge and nat network options added

computer/pc-demo1/default.nix

@@ -5,9 +5,9 @@
 
   beancloud = {
     software = {
-      container = true;
       desktop = true;
       nextcloud.server.enable = true;
+      gitlab.enable = true;
     };
     disk.device.name = "vda";
     hardware.virtualmachine.type = "kvm";

computer/pc-demo2/default.nix

@@ -12,7 +12,6 @@
   };
 
   imports = [
-    ./network.nix
     ../../users/root/default.nix
     ../../users/demo/default.nix
   ];

computer/pc-demo2/network.nix

@@ -1,24 +0,0 @@
-{ lib, ... }:
-
-{
-  systemd.network.netdevs."br10".netdevConfig = {
-    Name = "br10";
-    Kind = "bridge";
-  };
-
-  systemd.network.networks = {
-    "10-lan" = {
-      enable = lib.mkForce true;
-      linkConfig.RequiredForOnline = lib.mkForce "enslaved";
-      networkConfig.Bridge = "br10";
-      networkConfig.DHCP = lib.mkForce "no";
-    };
-    "br10-lan" = {
-      enable = lib.mkForce true;
-      matchConfig.Name = [ "br10" ];
-      linkConfig.RequiredForOnline = "routable";
-      networkConfig.DHCP = "yes";
-      networkConfig.IPv6AcceptRA = false;
-    };
-  };
-}

options.nix

@@ -2,27 +2,41 @@
 
 {
   options = {
-    beancloud.network.address = lib.mkOption {
-      type = lib.types.str;
-      example = "192.168.1.10";
-      description = "beancloud.network.address to define the ip of the host/vm or a service";
-    };
-    beancloud.network.subnet = lib.mkOption {
-      type = lib.types.str;
-      example = "/24";
-      description = "beancloud.network.subnet to define the subnet of the host/vm or a service";
-    };
-    beancloud.network.interface.lan = lib.mkOption {
-      type = lib.types.str;
-      example = "enp1s0";
-      default = "eth0";
-      description = "beancloud.network.interface.lan to define the wired network interface";
-    };
-    beancloud.network.interface.wlan = lib.mkOption {
-      type = lib.types.str;
-      example = "enp1s0";
-      default = "wlan0";
-      description = "beancloud.network.interface.wlan to define the wireless network interface";
+    beancloud.network = {
+      address = lib.mkOption {
+        type = lib.types.str;
+        example = "192.168.1.10";
+        description = "beancloud.network.address to define the ip of the host/vm or a service";
+      };
+      subnet = lib.mkOption {
+        type = lib.types.str;
+        example = "/24";
+        description = "beancloud.network.subnet to define the subnet of the host/vm or a service";
+      };
+      interface = {
+        lan = lib.mkOption {
+          type = lib.types.str;
+          example = "enp1s0";
+          default = "eth0";
+          description = "beancloud.network.interface.lan to define the wired network interface";
+        };
+        wlan = lib.mkOption {
+          type = lib.types.str;
+          example = "enp1s0";
+          default = "wlan0";
+          description = "beancloud.network.interface.wlan to define the wireless network interface";
+        };
+      };
+      bridge = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "beancloud.network.bridge to enable a bridge network";
+      };
+      nat = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "beancloud.network.nat to enable a NAT network";
+      };
     };
     beancloud.bootloader.type = lib.mkOption {
       type = lib.types.str;
@@ -109,6 +123,11 @@
         description = "beancloud.software.games.stardewvalley to enable game related settings";
       };
     };
+    beancloud.software.gitlab = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "beancloud.software.gitlab to activate a Gitlab instance running in a nspawn container";
+    };
     beancloud.software.epson-scan = lib.mkOption {
       type = lib.types.bool;
       default = false;

os/default.nix

@@ -9,7 +9,7 @@
     ./hardware
     ./swap.nix
     ./locale.nix
-    ./network.nix
+    ./network
     ./update.nix
     ./virtualization.nix
   ];

os/network/bridge.nix

@@ -0,0 +1,26 @@
+{ config, lib, ... }:
+
+{
+  config = lib.mkIf (config.beancloud.network.bridge) {
+    systemd.network.netdevs."br10".netdevConfig = {
+      Name = "br10";
+      Kind = "bridge";
+    };
+
+    systemd.network.networks = {
+      "10-lan" = {
+        enable = lib.mkForce true;
+        linkConfig.RequiredForOnline = lib.mkForce "enslaved";
+        networkConfig.Bridge = "br10";
+        networkConfig.DHCP = lib.mkForce "no";
+      };
+      "br10-lan" = {
+        enable = lib.mkForce true;
+        matchConfig.Name = [ "br10" ];
+        linkConfig.RequiredForOnline = "routable";
+        networkConfig.DHCP = "yes";
+        networkConfig.IPv6AcceptRA = false;
+      };
+    };
+  };
+}

os/network/default.nix

@@ -0,0 +1,40 @@
+{ config, lib, ... }:
+
+{
+  imports = [
+    ./bridge.nix
+    ./nat.nix
+    ./dns.nix
+    ./firewall.nix
+  ];
+
+  networking = {
+    domain = "local";
+    enableIPv6 = false;
+    useDHCP = false;
+    wireless.enable = false;
+    usePredictableInterfaceNames = lib.mkIf (config.beancloud.network.interface.lan == "eth0") false;
+  };
+  networking.networkmanager = {
+    enable = true;
+    wifi.powersave = lib.mkIf config.beancloud.hardware.steamdeck true;
+  };
+  systemd.network = {
+    enable = true;
+    config.networkConfig = {
+      UseDomains = true;
+      SpeedMeter = true;
+    };
+    networks."10-lan" = {
+      enable = lib.mkDefault true;
+      matchConfig.Name = [ "${config.beancloud.network.interface.lan}" ];
+      linkConfig.RequiredForOnline = lib.mkDefault "routable";
+      networkConfig = {
+        DHCP = "yes";
+        IPv6AcceptRA = false;
+      };
+    };
+  };
+
+  beancloud.network.interface.lan = lib.mkIf config.beancloud.hardware.steamdeck "eth0";
+}

os/network/dns.nix

@@ -0,0 +1,17 @@
+{  ... }:
+
+{
+  networking.hosts = {
+  };
+
+  # (m)DNS
+  services.resolved = {
+    enable = true;
+    fallbackDns = [
+      "9.9.9.9" # https://www.quad9.net/service/service-addresses-and-features
+      "2620:fe::fe" # https://www.quad9.net/service/service-addresses-and-features
+    ];
+    dnssec = "false";
+    dnsovertls = "opportunistic";
+  };
+}

os/network/firewall.nix

@@ -1,48 +1,6 @@
-{ config, lib, ... }:
+{ ... }:
 
 {
-  networking = {
-    domain = "local";
-    enableIPv6 = false;
-    useDHCP = false;
-    wireless.enable = false;
-    usePredictableInterfaceNames = lib.mkIf (config.beancloud.network.interface.lan == "eth0") false;
-  };
-  networking.networkmanager = {
-    enable = true;
-    wifi.powersave = lib.mkIf config.beancloud.hardware.steamdeck true;
-  };
-  systemd.network = {
-    enable = true;
-    config.networkConfig = {
-      UseDomains = true;
-      SpeedMeter = true;
-    };
-    networks."10-lan" = {
-      enable = lib.mkDefault true;
-      matchConfig.Name = [ "${config.beancloud.network.interface.lan}" ];
-      linkConfig.RequiredForOnline = lib.mkDefault "routable";
-      networkConfig = {
-        DHCP = "yes";
-        IPv6AcceptRA = false;
-      };
-    };
-  };
-
-  networking.hosts = {
-  };
-
-  # (m)DNS
-  services.resolved = {
-    enable = true;
-    fallbackDns = [
-      "9.9.9.9" # https://www.quad9.net/service/service-addresses-and-features
-      "2620:fe::fe" # https://www.quad9.net/service/service-addresses-and-features
-    ];
-    dnssec = "false";
-    dnsovertls = "opportunistic";
-  };
-
   networking.firewall.enable = true;
   networking.firewall.allowPing = true;
   networking.nftables.enable = false;
@@ -87,6 +45,4 @@
       family = "inet";
     };
   };
-
-  beancloud.network.interface.lan = lib.mkIf config.beancloud.hardware.steamdeck "eth0";
 }

os/network/nat.nix

@@ -0,0 +1,12 @@
+{ config, lib, ... }:
+
+{
+  config = lib.mkIf (config.beancloud.network.nat) {
+    networking.nat = {
+      enable = config.beancloud.software.gitlab;
+      internalInterfaces = [ "ve-+" ];
+      externalInterface = "${config.beancloud.network.interface.lan}";
+      enableIPv6 = false;
+    };
+  };
+}