services/enthalpy: dedup enthalpy configuration

nixos/hosts/flandre-m5p/networking.nix

@@ -6,20 +6,11 @@
 }:
 {
   imports = with profiles; [
-    services.enthalpy
+    services.enthalpy.customer
   ];
 
   services.enthalpy.ipsec.interfaces = [ "enp2s0" ];
 
-  networking.netns.enthalpy.forwardPorts = [
-    {
-      protocol = "tcp";
-      netns = "default";
-      source = "[::]:${toString config.networking.ports.ssh}";
-      target = "[::]:${toString config.networking.ports.ssh}";
-    }
-  ];
-
   systemd.network = {
     enable = true;
     wait-online.anyInterface = true;

nixos/hosts/marisa-7d76/networking.nix

@@ -1,34 +1,17 @@
 {
-  config,
   profiles,
   lib,
   ...
 }:
 {
   imports = with profiles; [
-    services.enthalpy
+    services.enthalpy.customer-dualstack
+    services.enthalpy.fw-proxy
   ];
 
   services.enthalpy = {
     ipsec.interfaces = [ "enp14s0" ];
-    clat = {
+    clat.segment = lib.singleton "fde3:3be3:a244:2676::2";
-      enable = true;
-      segment = lib.singleton "fde3:3be3:a244:2676::2";
-    };
-    gost.enable = true;
-  };
-
-  systemd.services.nix-daemon = {
-    serviceConfig = config.networking.netns.enthalpy.serviceConfig;
-    after = [ "netns-enthalpy.service" ];
-    requires = [ "netns-enthalpy.service" ];
-  };
-
-  systemd.services."user@${toString config.users.users.rebmit.uid}" = {
-    overrideStrategy = "asDropin";
-    serviceConfig = config.networking.netns.enthalpy.serviceConfig;
-    after = [ "netns-enthalpy.service" ];
-    requires = [ "netns-enthalpy.service" ];
   };
 
   systemd.network = {

nixos/hosts/marisa-a7s/networking.nix

@@ -1,12 +1,12 @@
 {
-  config,
   profiles,
   lib,
   ...
 }:
 {
   imports = with profiles; [
-    services.enthalpy
+    services.enthalpy.customer-dualstack
+    services.enthalpy.fw-proxy
   ];
 
   services.enthalpy = {
@@ -14,24 +14,7 @@
       interfaces = [ "wlan0" ];
       whitelist = [ "rebmit's edge network" ];
     };
-    clat = {
+    clat.segment = lib.singleton "fde3:3be3:a244:2676::2";
-      enable = true;
-      segment = lib.singleton "fde3:3be3:a244:2676::2";
-    };
-    gost.enable = true;
-  };
-
-  systemd.services.nix-daemon = {
-    serviceConfig = config.networking.netns.enthalpy.serviceConfig;
-    after = [ "netns-enthalpy.service" ];
-    requires = [ "netns-enthalpy.service" ];
-  };
-
-  systemd.services."user@${toString config.users.users.rebmit.uid}" = {
-    overrideStrategy = "asDropin";
-    serviceConfig = config.networking.netns.enthalpy.serviceConfig;
-    after = [ "netns-enthalpy.service" ];
-    requires = [ "netns-enthalpy.service" ];
   };
 
   systemd.network = {

nixos/hosts/reisen-sin0/networking.nix

@@ -1,28 +1,10 @@
-{
+{ profiles, ... }:
-  profiles,
-  data,
-  ...
-}:
 {
   imports = with profiles; [
-    services.enthalpy
+    services.enthalpy.transit-dualstack
   ];
 
-  services.enthalpy = {
+  services.enthalpy.ipsec.interfaces = [ "enp3s0" ];
-    ipsec.interfaces = [ "enp3s0" ];
-    exit = {
-      enable = true;
-      prefix = [
-        {
-          type = "bird";
-          destination = "::/0";
-          source = data.enthalpy_network_prefix;
-        }
-      ];
-    };
-    srv6.enable = true;
-    nat64.enable = true;
-  };
 
   networking.nftables.tables.nat = {
     family = "inet";

nixos/modules/services/enthalpy/nat64.nix

@@ -73,7 +73,7 @@ in
 
     networking.nftables = {
       enable = true;
-      tables.enthalpy4 = {
+      tables.enthalpy-nat64 = {
         family = "ip";
         content = ''
           chain forward {

nixos/profiles/services/enthalpy/common.nix

@@ -3,6 +3,7 @@
   data,
   hostData,
   self,
+  lib,
   ...
 }:
 {
@@ -37,4 +38,13 @@
       routerId = hostData.enthalpy_node_id;
     };
   };
+
+  networking.netns.enthalpy.forwardPorts = lib.optionals config.services.openssh.enable [
+    {
+      protocol = "tcp";
+      netns = "default";
+      source = "[::]:${toString config.networking.ports.ssh}";
+      target = "[::]:${toString config.networking.ports.ssh}";
+    }
+  ];
 }

nixos/profiles/services/enthalpy/customer-dualstack.nix

@@ -0,0 +1,8 @@
+{ profiles, ... }:
+{
+  imports = [
+    profiles.services.enthalpy.customer
+  ];
+
+  services.enthalpy.clat.enable = true;
+}

nixos/profiles/services/enthalpy/customer.nix

@@ -0,0 +1,6 @@
+{ profiles, ... }:
+{
+  imports = [
+    profiles.services.enthalpy.common
+  ];
+}

nixos/profiles/services/enthalpy/fw-proxy.nix

@@ -0,0 +1,17 @@
+{ config, ... }:
+{
+  services.enthalpy.gost.enable = true;
+
+  systemd.services.nix-daemon = {
+    inherit (config.networking.netns.enthalpy) serviceConfig;
+    after = [ "netns-enthalpy.service" ];
+    requires = [ "netns-enthalpy.service" ];
+  };
+
+  systemd.services."user@${toString config.users.users.rebmit.uid}" = {
+    inherit (config.networking.netns.enthalpy) serviceConfig;
+    overrideStrategy = "asDropin";
+    after = [ "netns-enthalpy.service" ];
+    requires = [ "netns-enthalpy.service" ];
+  };
+}

nixos/profiles/services/enthalpy/transit-dualstack.nix

@@ -0,0 +1,11 @@
+{ profiles, ... }:
+{
+  imports = [
+    profiles.services.enthalpy.transit
+  ];
+
+  services.enthalpy = {
+    srv6.enable = true;
+    nat64.enable = true;
+  };
+}

nixos/profiles/services/enthalpy/transit.nix

@@ -0,0 +1,20 @@
+{
+  profiles,
+  lib,
+  data,
+  ...
+}:
+{
+  imports = [
+    profiles.services.enthalpy.common
+  ];
+
+  services.enthalpy.exit = {
+    enable = true;
+    prefix = lib.singleton {
+      type = "bird";
+      destination = "::/0";
+      source = data.enthalpy_network_prefix;
+    };
+  };
+}