share common config wrt port forwarding & networking

oven/configuration.nix

@@ -4,6 +4,9 @@
 
 { config, lib, pkgs, ... }:
 
+let
+  vars = import ../vars.nix;
+in
 {
   imports =
     [
@@ -18,20 +21,7 @@
   boot.kernelParams = [ "console=ttyS1" ];
 
   # network config
-  networking =
+  networking = {
-  let
-    # ports forwarded to pastila (on the same port)
-    portsPastila = [
-      80
-      22
-    ];
-    pastila = proto: portFrom: portTo: {
-      destination = "10.0.42.100:" + builtins.toString portTo;
-      proto = proto;
-      sourcePort = portFrom;
-    };
-  in
-  {
     hostName = "oven";
 
     useDHCP = false;
@@ -45,31 +35,33 @@
       address = "51.15.168.1";
       interface = "enp1s0";
     };
-    nameservers = [
+    nameservers = vars.onlineNetDNS;
-      "51.159.47.28"
-      "51.159.47.26"
-    ];
 
     bridges = {
       "br0" = { interfaces = []; };
     };
-    interfaces."br0".ipv4.addresses = [{
+    interfaces."br0".ipv4.addresses = [ vars.ovenNat.oven ];
-      address = "10.0.42.1";
-      prefixLength = 24;
-    }];
 
     nat = {
       enable = true;
       internalInterfaces = ["br0"];
       externalInterface = "enp1s0";
       forwardPorts =
-        builtins.map (port: pastila "tcp" port port) portsPastila ++
+        map (port: {
-	builtins.map (port: pastila "udp" port port) portsPastila;
+          destination =
+            toString vars.ovenNat.pastila.address ++ ":" ++ toString port.num;
+          proto = port.proto;
+          sourcePort = port.num;
+        }) vars.ovenNat.forwardPorts;
     };
 
     firewall = {
-      allowedTCPPorts = portsPastila ++ [ 2222 ];
+      allowedTCPPorts =
-      allowedUDPPorts = portsPastila;
+        map (port: port.num)
+          (filter (port: port.proto == "tcp") vars.ovenNat.forwardPorts);
+      allowedUDPPorts =
+        map (port: port.num)
+          (filter (port: port.proto == "udp") vars.ovenNat.forwardPorts);
     };
   };
 

pastila/configuration.nix

@@ -4,6 +4,9 @@
 
 { config, lib, pkgs, ... }:
 
+let
+  vars = import ../vars.nix;
+in
 {
   imports =
     [
@@ -19,18 +22,12 @@
   networking.hostId = "8425e349";
 
   networking.useDHCP = false;
-  networking.interfaces."enp1s0".ipv4.addresses = [{
+  networking.interfaces."enp1s0".ipv4.addresses = [ vars.ovenNat.pastila ];
-    address = "10.0.42.100";
-    prefixLength = 24;
-  }];
   networking.defaultGateway = {
-    address = "10.0.42.1";
+    address = vars.ovenNat.oven.address;
     interface = "enp1s0";
   };
-  networking.nameservers = [
+  networking.nameservers = vars.onlineNetDNS;
-    "51.159.47.28"
-    "51.159.47.26"
-  ];
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.armael = {
@@ -42,10 +39,12 @@
   };
 
   # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [
+  networking.firewall.allowedTCPPorts =
-    80
+    map (port: port.num)
-  ];
+      (filter (port: port.proto == "tcp") vars.ovenNat.forwardPorts);
-  # networking.firewall.allowedUDPPorts = [ ... ];
+  networking.firewall.allowedUDPPorts =
+    map (port: port.num)
+      (filter (port: port.proto == "udp") vars.ovenNat.forwardPorts);
 
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you

vars.nix

@@ -0,0 +1,16 @@
+{
+  ovenNat = {
+    oven = { address = "10.0.42.1"; prefixLength = 24; };
+    pastila = { address = "10.0.42.100"; prefixLength = 24; };
+
+    # ports to open on pastila and forward through the NAT in oven
+    forwardPorts = [
+      { num = 80; proto = "tcp"; }
+      { num = 22; proto = "tcp"; }
+    ];
+  };
+  onlineNetDNS = [
+    "51.159.47.28"
+    "51.159.47.26"
+  ];
+}