From f1ad024cd7bb9e3eeeba7387a679ae54129c2fd1 Mon Sep 17 00:00:00 2001
From: Lu Wang <rebmit@rebmit.moe>
Date: Sun, 8 Dec 2024 18:55:05 +0800
Subject: [PATCH] services/enthalpy: dedup enthalpy configuration

---
 nixos/hosts/flandre-m5p/networking.nix        | 11 +--------
 nixos/hosts/marisa-7d76/networking.nix        | 23 +++---------------
 nixos/hosts/marisa-a7s/networking.nix         | 23 +++---------------
 nixos/hosts/reisen-sin0/networking.nix        | 24 +++----------------
 nixos/modules/services/enthalpy/nat64.nix     |  2 +-
 .../enthalpy/{default.nix => common.nix}      | 10 ++++++++
 .../services/enthalpy/customer-dualstack.nix  |  8 +++++++
 nixos/profiles/services/enthalpy/customer.nix |  6 +++++
 nixos/profiles/services/enthalpy/fw-proxy.nix | 17 +++++++++++++
 .../services/enthalpy/transit-dualstack.nix   | 11 +++++++++
 nixos/profiles/services/enthalpy/transit.nix  | 20 ++++++++++++++++
 11 files changed, 83 insertions(+), 72 deletions(-)
 rename nixos/profiles/services/enthalpy/{default.nix => common.nix} (74%)
 create mode 100644 nixos/profiles/services/enthalpy/customer-dualstack.nix
 create mode 100644 nixos/profiles/services/enthalpy/customer.nix
 create mode 100644 nixos/profiles/services/enthalpy/fw-proxy.nix
 create mode 100644 nixos/profiles/services/enthalpy/transit-dualstack.nix
 create mode 100644 nixos/profiles/services/enthalpy/transit.nix

diff --git a/nixos/hosts/flandre-m5p/networking.nix b/nixos/hosts/flandre-m5p/networking.nix
index 42dfad9..6dbad8c 100644
--- a/nixos/hosts/flandre-m5p/networking.nix
+++ b/nixos/hosts/flandre-m5p/networking.nix
@@ -6,20 +6,11 @@
 }:
 {
   imports = with profiles; [
-    services.enthalpy
+    services.enthalpy.customer
   ];
 
   services.enthalpy.ipsec.interfaces = [ "enp2s0" ];
 
-  networking.netns.enthalpy.forwardPorts = [
-    {
-      protocol = "tcp";
-      netns = "default";
-      source = "[::]:${toString config.networking.ports.ssh}";
-      target = "[::]:${toString config.networking.ports.ssh}";
-    }
-  ];
-
   systemd.network = {
     enable = true;
     wait-online.anyInterface = true;
diff --git a/nixos/hosts/marisa-7d76/networking.nix b/nixos/hosts/marisa-7d76/networking.nix
index 7c136ac..9f221a1 100644
--- a/nixos/hosts/marisa-7d76/networking.nix
+++ b/nixos/hosts/marisa-7d76/networking.nix
@@ -1,34 +1,17 @@
 {
-  config,
   profiles,
   lib,
   ...
 }:
 {
   imports = with profiles; [
-    services.enthalpy
+    services.enthalpy.customer-dualstack
+    services.enthalpy.fw-proxy
   ];
 
   services.enthalpy = {
     ipsec.interfaces = [ "enp14s0" ];
-    clat = {
-      enable = true;
-      segment = lib.singleton "fde3:3be3:a244:2676::2";
-    };
-    gost.enable = true;
-  };
-
-  systemd.services.nix-daemon = {
-    serviceConfig = config.networking.netns.enthalpy.serviceConfig;
-    after = [ "netns-enthalpy.service" ];
-    requires = [ "netns-enthalpy.service" ];
-  };
-
-  systemd.services."user@${toString config.users.users.rebmit.uid}" = {
-    overrideStrategy = "asDropin";
-    serviceConfig = config.networking.netns.enthalpy.serviceConfig;
-    after = [ "netns-enthalpy.service" ];
-    requires = [ "netns-enthalpy.service" ];
+    clat.segment = lib.singleton "fde3:3be3:a244:2676::2";
   };
 
   systemd.network = {
diff --git a/nixos/hosts/marisa-a7s/networking.nix b/nixos/hosts/marisa-a7s/networking.nix
index 2402f88..d1fddea 100644
--- a/nixos/hosts/marisa-a7s/networking.nix
+++ b/nixos/hosts/marisa-a7s/networking.nix
@@ -1,12 +1,12 @@
 {
-  config,
   profiles,
   lib,
   ...
 }:
 {
   imports = with profiles; [
-    services.enthalpy
+    services.enthalpy.customer-dualstack
+    services.enthalpy.fw-proxy
   ];
 
   services.enthalpy = {
@@ -14,24 +14,7 @@
       interfaces = [ "wlan0" ];
       whitelist = [ "rebmit's edge network" ];
     };
-    clat = {
-      enable = true;
-      segment = lib.singleton "fde3:3be3:a244:2676::2";
-    };
-    gost.enable = true;
-  };
-
-  systemd.services.nix-daemon = {
-    serviceConfig = config.networking.netns.enthalpy.serviceConfig;
-    after = [ "netns-enthalpy.service" ];
-    requires = [ "netns-enthalpy.service" ];
-  };
-
-  systemd.services."user@${toString config.users.users.rebmit.uid}" = {
-    overrideStrategy = "asDropin";
-    serviceConfig = config.networking.netns.enthalpy.serviceConfig;
-    after = [ "netns-enthalpy.service" ];
-    requires = [ "netns-enthalpy.service" ];
+    clat.segment = lib.singleton "fde3:3be3:a244:2676::2";
   };
 
   systemd.network = {
diff --git a/nixos/hosts/reisen-sin0/networking.nix b/nixos/hosts/reisen-sin0/networking.nix
index c118286..dcd295c 100644
--- a/nixos/hosts/reisen-sin0/networking.nix
+++ b/nixos/hosts/reisen-sin0/networking.nix
@@ -1,28 +1,10 @@
-{
-  profiles,
-  data,
-  ...
-}:
+{ profiles, ... }:
 {
   imports = with profiles; [
-    services.enthalpy
+    services.enthalpy.transit-dualstack
   ];
 
-  services.enthalpy = {
-    ipsec.interfaces = [ "enp3s0" ];
-    exit = {
-      enable = true;
-      prefix = [
-        {
-          type = "bird";
-          destination = "::/0";
-          source = data.enthalpy_network_prefix;
-        }
-      ];
-    };
-    srv6.enable = true;
-    nat64.enable = true;
-  };
+  services.enthalpy.ipsec.interfaces = [ "enp3s0" ];
 
   networking.nftables.tables.nat = {
     family = "inet";
diff --git a/nixos/modules/services/enthalpy/nat64.nix b/nixos/modules/services/enthalpy/nat64.nix
index 8c52d39..67b82bb 100644
--- a/nixos/modules/services/enthalpy/nat64.nix
+++ b/nixos/modules/services/enthalpy/nat64.nix
@@ -73,7 +73,7 @@ in
 
     networking.nftables = {
       enable = true;
-      tables.enthalpy4 = {
+      tables.enthalpy-nat64 = {
         family = "ip";
         content = ''
           chain forward {
diff --git a/nixos/profiles/services/enthalpy/default.nix b/nixos/profiles/services/enthalpy/common.nix
similarity index 74%
rename from nixos/profiles/services/enthalpy/default.nix
rename to nixos/profiles/services/enthalpy/common.nix
index 1821f24..474b615 100644
--- a/nixos/profiles/services/enthalpy/default.nix
+++ b/nixos/profiles/services/enthalpy/common.nix
@@ -3,6 +3,7 @@
   data,
   hostData,
   self,
+  lib,
   ...
 }:
 {
@@ -37,4 +38,13 @@
       routerId = hostData.enthalpy_node_id;
     };
   };
+
+  networking.netns.enthalpy.forwardPorts = lib.optionals config.services.openssh.enable [
+    {
+      protocol = "tcp";
+      netns = "default";
+      source = "[::]:${toString config.networking.ports.ssh}";
+      target = "[::]:${toString config.networking.ports.ssh}";
+    }
+  ];
 }
diff --git a/nixos/profiles/services/enthalpy/customer-dualstack.nix b/nixos/profiles/services/enthalpy/customer-dualstack.nix
new file mode 100644
index 0000000..5d403ed
--- /dev/null
+++ b/nixos/profiles/services/enthalpy/customer-dualstack.nix
@@ -0,0 +1,8 @@
+{ profiles, ... }:
+{
+  imports = [
+    profiles.services.enthalpy.customer
+  ];
+
+  services.enthalpy.clat.enable = true;
+}
diff --git a/nixos/profiles/services/enthalpy/customer.nix b/nixos/profiles/services/enthalpy/customer.nix
new file mode 100644
index 0000000..5bc8401
--- /dev/null
+++ b/nixos/profiles/services/enthalpy/customer.nix
@@ -0,0 +1,6 @@
+{ profiles, ... }:
+{
+  imports = [
+    profiles.services.enthalpy.common
+  ];
+}
diff --git a/nixos/profiles/services/enthalpy/fw-proxy.nix b/nixos/profiles/services/enthalpy/fw-proxy.nix
new file mode 100644
index 0000000..5b80065
--- /dev/null
+++ b/nixos/profiles/services/enthalpy/fw-proxy.nix
@@ -0,0 +1,17 @@
+{ config, ... }:
+{
+  services.enthalpy.gost.enable = true;
+
+  systemd.services.nix-daemon = {
+    inherit (config.networking.netns.enthalpy) serviceConfig;
+    after = [ "netns-enthalpy.service" ];
+    requires = [ "netns-enthalpy.service" ];
+  };
+
+  systemd.services."user@${toString config.users.users.rebmit.uid}" = {
+    inherit (config.networking.netns.enthalpy) serviceConfig;
+    overrideStrategy = "asDropin";
+    after = [ "netns-enthalpy.service" ];
+    requires = [ "netns-enthalpy.service" ];
+  };
+}
diff --git a/nixos/profiles/services/enthalpy/transit-dualstack.nix b/nixos/profiles/services/enthalpy/transit-dualstack.nix
new file mode 100644
index 0000000..00614ae
--- /dev/null
+++ b/nixos/profiles/services/enthalpy/transit-dualstack.nix
@@ -0,0 +1,11 @@
+{ profiles, ... }:
+{
+  imports = [
+    profiles.services.enthalpy.transit
+  ];
+
+  services.enthalpy = {
+    srv6.enable = true;
+    nat64.enable = true;
+  };
+}
diff --git a/nixos/profiles/services/enthalpy/transit.nix b/nixos/profiles/services/enthalpy/transit.nix
new file mode 100644
index 0000000..3a57b8e
--- /dev/null
+++ b/nixos/profiles/services/enthalpy/transit.nix
@@ -0,0 +1,20 @@
+{
+  profiles,
+  lib,
+  data,
+  ...
+}:
+{
+  imports = [
+    profiles.services.enthalpy.common
+  ];
+
+  services.enthalpy.exit = {
+    enable = true;
+    prefix = lib.singleton {
+      type = "bird";
+      destination = "::/0";
+      source = data.enthalpy_network_prefix;
+    };
+  };
+}