nix-config/hosts/hyp-01/modules/networking.nix

{
  config,
  lib,
  pkgs,
  ...
}:
{
  options = {
    networking.hyp-01.ipv4.address = lib.mkOption {
      type = lib.types.str;
      default = "88.99.145.10";
    };

    networking.hyp-01.ipv4.cidr = lib.mkOption {
      type = lib.types.str;
      default = "26";
    };

    networking.hyp-01.ipv4.gateway = lib.mkOption {
      type = lib.types.str;
      default = "88.99.145.1";
    };

    networking.hyp-01.ipv6.address = lib.mkOption {
      type = lib.types.str;
      default = "2a01:4f8:10a:2962::1";
    };

    networking.hyp-01.ipv6.cidr = lib.mkOption {
      type = lib.types.str;
      default = "64";
    };

    networking.hyp-01.ipv6.gateway = lib.mkOption {
      type = lib.types.str;
      default = "fe80::1";
    };
  };

  config = {
    networking = {
      dhcpcd.enable = false;
      nameservers = [ "9.9.9.9" ];
    };

    systemd.network.networks."10-uplink".networkConfig.Address = config.networking.hyp-01.ipv6.address;

    boot.kernelParams = [ "ip=dhcp" ];
    boot.initrd = {
      availableKernelModules = [ "e1000e" ];

      systemd =
        let
          askPass = pkgs.writeShellScriptBin "zfs-askpass" ''
            systemd-tty-ask-password-agent --watch
          '';
        in
        {
          enable = true;
          storePaths = [ "${askPass}/bin/zfs-askpass" ];
          users.root.shell = "${askPass}/bin/zfs-askpass";
        };

      network = {
        enable = true;

        ssh = {
          enable = true;
          port = 2222;
          authorizedKeys = [
            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026"
          ];
          hostKeys = [
            # FIXME: this has to be manually uploaded during installation...
            # scp /tmp/initrd-ssh-key root@95.217.199.121:/mnt/var/lib/initrd-ssh-key
            # nixos-enter
            # realpath /run/current-system
            # exit
            # nixos-install --no-root-passwd --no-channel-copy --root /mnt --system /nix/store/1j1cf7l6f2b3hfd2dxmkmrvg5kblhgkl-nixos-system-eve-23.11.20231014.da24e6f
            "/etc/secrets/initrd/ssh_host_ed25519_key"
          ];
        };
      };
    };
  };
}