From 2a751ee1d4a7dd94e1255df4b9488111c9cc4ab9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20SALVI?=
 <jeremie.salvi@unixyourbrain.org>
Date: Fri, 12 Dec 2025 07:50:43 +0100
Subject: [PATCH] configure remote wake on lan and ipv6

---
 flake.lock                               |  8 ++---
 modules/optionnals/hosts/home-nix.nix    | 42 ++++++++++++++++++------
 modules/optionnals/hosts/work-nix.nix    |  2 +-
 modules/optionnals/options.nix           | 18 +++++++++-
 modules/optionnals/sops-desktop.nix      | 10 ++++++
 modules/optionnals/{sshd.nix => ssh.nix} |  0
 modules/optionnals/wakeonlan.nix         | 41 +++++++++++++++--------
 7 files changed, 91 insertions(+), 30 deletions(-)
 rename modules/optionnals/{sshd.nix => ssh.nix} (100%)

diff --git a/flake.lock b/flake.lock
index 31378f0..05cd48f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -23,11 +23,11 @@
     "mysecrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1763731770,
-        "narHash": "sha256-ThIVf8jtBOKV7JzShnL/gzHEm7axiLshPie8BYkMYAI=",
+        "lastModified": 1765518969,
+        "narHash": "sha256-hKJGo0+i7xHDMhN8kicOLT0PA8x8zRzleQs2I2XWVLg=",
         "ref": "refs/heads/main",
-        "rev": "07b3f415bd89a6b571f154278c1d9b6b5ca9e473",
-        "revCount": 16,
+        "rev": "e1c2c590e4655cf887173478765663d20a7efffd",
+        "revCount": 19,
         "type": "git",
         "url": "file:///home/beastie/nixos/secrets"
       },
diff --git a/modules/optionnals/hosts/home-nix.nix b/modules/optionnals/hosts/home-nix.nix
index 6ae9293..6d5f844 100644
--- a/modules/optionnals/hosts/home-nix.nix
+++ b/modules/optionnals/hosts/home-nix.nix
@@ -3,9 +3,6 @@
   pkgs,
   ...
 }:
-let
-  lanIface = "enp5s0";
-in
 {
   imports = [
     #../ai.nix
@@ -16,7 +13,7 @@ in
     ../options.nix
     ../packages.nix
     ../sops-desktop.nix
-    ../sshd.nix
+    ../ssh.nix
     ../sudo-nopasswd.nix
     ../wakeonlan.nix
 
@@ -36,7 +33,10 @@ in
     ../desktop/nvidia.nix
   ];
 
-  my.lanInterface = "enp5s0";
+  my.laninterface = "enp5s0";
+  my.ipv4address = "192.168.0.2";
+  my.ipv4netmask = 24;
+  my.ipv4gateway = "192.168.0.254";
 
   sops = {
     secrets = {
@@ -51,17 +51,17 @@ in
   networking = {
     #useNetworkd = true;
     #useHostResolvConf = false;
-    interfaces.${config.my.lanInterface} = {
+    interfaces.${config.my.laninterface} = {
       ipv4.addresses = [
         {
-          address = "192.168.0.2";
-          prefixLength = 24;
+          address = config.my.ipv4address;
+          prefixLength = config.my.ipv4netmask;
         }
       ];
     };
     defaultGateway = {
-      address = "192.168.0.254";
-      interface = "${config.my.lanInterface}";
+      address = config.my.ipv4gateway;
+      interface = config.my.laninterface;
     };
     nameservers = [
       #"9.9.9.9"
@@ -105,5 +105,27 @@ in
       };
     };
   };
+
+  sops.secrets."home-nix/myipv6address" = { };
+
+  systemd.services.ipv6-setup = {
+    description = "Configure IPv6";
+    after = [
+      "network.target"
+      "sops-nix.service"
+    ];
+    wants = [ "sops-nix.service" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = pkgs.writeShellScript "setup-ipv6" ''
+        ${pkgs.iproute2}/bin/ip -6 addr add $(cat ${
+          config.sops.secrets."home-nix/myipv6address".path
+        })/64 dev ${config.my.laninterface} || true
+      '';
+    };
+  };
+
   environment.systemPackages = [ pkgs.tor-browser ];
 }
diff --git a/modules/optionnals/hosts/work-nix.nix b/modules/optionnals/hosts/work-nix.nix
index 8d4a860..fb5e4e4 100644
--- a/modules/optionnals/hosts/work-nix.nix
+++ b/modules/optionnals/hosts/work-nix.nix
@@ -10,7 +10,7 @@
     ../openfortivpn.nix
     ../packages.nix
     ../sops-desktop.nix
-    ../sshd.nix
+    ../ssh.nix
     ../sudo-nopasswd.nix
 
     ### Import GUI modules
diff --git a/modules/optionnals/options.nix b/modules/optionnals/options.nix
index f28ccc8..be0be6e 100644
--- a/modules/optionnals/options.nix
+++ b/modules/optionnals/options.nix
@@ -3,8 +3,24 @@
   ...
 }:
 {
-  options.my.lanInterface = lib.mkOption {
+  options.my.laninterface = lib.mkOption {
     type = lib.types.str;
     default = "enp5s0";
   };
+  options.my.ipv4address = lib.mkOption {
+    type = lib.types.str;
+    default = "127.0.0.1";
+  };
+  options.my.ipv4netmask = lib.mkOption {
+    type = lib.types.int;
+    default = 8;
+  };
+  options.my.ipv4gateway = lib.mkOption {
+    type = lib.types.str;
+    default = "127.0.0.254";
+  };
+  options.my.wolipv6address = lib.mkOption {
+    type = lib.types.str;
+    default = "fc::0";
+  };
 }
diff --git a/modules/optionnals/sops-desktop.nix b/modules/optionnals/sops-desktop.nix
index eaa1597..d08a718 100644
--- a/modules/optionnals/sops-desktop.nix
+++ b/modules/optionnals/sops-desktop.nix
@@ -61,6 +61,16 @@ in
         mode = "0600";
         path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
       };
+      "ssh_keys/wol_pub" = {
+        owner = "${username}";
+        mode = "0644";
+        path = "/home/${username}/.ssh/id_ed25519_wol";
+      };
+      "ssh_keys/wol_priv" = {
+        owner = "${username}";
+        mode = "0600";
+        path = "/home/${username}/.ssh/id_ed25519_wol.priv";
+      };
     };
   };
 }
diff --git a/modules/optionnals/sshd.nix b/modules/optionnals/ssh.nix
similarity index 100%
rename from modules/optionnals/sshd.nix
rename to modules/optionnals/ssh.nix
diff --git a/modules/optionnals/wakeonlan.nix b/modules/optionnals/wakeonlan.nix
index 9389393..ee185c4 100644
--- a/modules/optionnals/wakeonlan.nix
+++ b/modules/optionnals/wakeonlan.nix
@@ -5,30 +5,43 @@
   ...
 }:
 {
-  systemd.services."wol@$${config.my.lanInterface}" = {
-    description = "Wake-on-LAN for ${config.my.lanInterface}";
+  systemd.services."wol${config.my.laninterface}" = {
+    description = "Wake-on-LAN for ${config.my.laninterface}";
     after = [ "network.target" ];
     wantedBy = [ "multi-user.target" ];
     serviceConfig = {
       Type = "oneshot";
-      ExecStart = "${pkgs.ethtool}/bin/ethtool -s ${config.my.lanInterface} wol g";
+      ExecStart = "${pkgs.ethtool}/bin/ethtool -s ${config.my.laninterface} wol g";
       RandomizedDelaySec = "30s";
     };
   };
   environment.systemPackages = [ pkgs.ethtool ];
 
-  boot.initrd.network = {
-    enable = true;
-    ssh = {
+  my.wolipv6address = "2a01:e0a:9cc:99d0:8f3a:6b2c:41d7:e9f5";
+
+  boot.initrd = {
+    network = {
       enable = true;
-      port = 2222;
-      authorizedKeys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKMJ3TkEmRQcX7RQijNa2km6a2xXJk6M6FERh7C9nTJ"
-      ]; # ta clé publique
-      hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      ssh = {
+        enable = true;
+        port = 65234;
+        authorizedKeys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2+PXfG/37rsvcVr2RAHzXmGHMr8+8iBH//1YS+zWd3"
+        ]; # ta clé publique
+        hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      };
+      postCommands = ''
+        ip -6 addr add ${config.my.wolipv6address}/64 dev ${config.my.laninterface}
+        ip -6 route add default via fe80::224:d4ff:fea5:65bd dev ${config.my.laninterface}
+      '';
     };
+    availableKernelModules = [ "r8169" ];
+
+  };
+
+  boot = {
+    kernelParams = [
+      "ip=${config.my.ipv4address}::255.255.255.0:${config.my.ipv4gateway}:${hostname}:${config.my.laninterface}:off"
+    ];
   };
-  boot.kernelParams = [
-    "ip=192.168.0.2::192.168.0.254:255.255.255.0:${hostname}:${config.my.lanInterface}:off"
-  ];
 }