2024-04-21

1 files changed, 131 insertions, 0 deletions

diff --git a/modules/common/networking.nix b/modules/common/networking.nix
new file mode 100644
index 0000000..727def4
--- /dev/null
+++ b/modules/common/networking.nix
@@ -0,0 +1,131 @@
+{
+  config,
+  lib,
+  pkgs,
+  this,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.common.networking;
+in
+{
+  options.nixfiles.modules.common.networking.onlyDefault = mkEnableOption "custom networking settings";
+
+  config = mkIf (!cfg.onlyDefault) {
+    ark.directories =
+      with config.networking;
+      optional networkmanager.enable "/etc/NetworkManager/system-connections"
+      ++ optional wireless.iwd.enable "/var/lib/iwd";
+
+    # TODO Switch to systemd-networkd.
+    networking = mkMerge [
+      {
+        domain = my.domain.shire;
+
+        hostName = this.hostname;
+        hostId = substring 0 8 (builtins.hashString "md5" this.hostname);
+
+        # Remove default hostname mappings. This is required at least by the
+        # current implementation of the monitoring module.
+        hosts = {
+          "127.0.0.2" = mkForce [ ];
+          "::1" = mkForce [ ];
+        };
+
+        nameservers = mkDefault dns.const.quad9.default;
+        resolvconf.enable = true;
+
+        useDHCP = false;
+
+        nftables.enable = true;
+
+        firewall = {
+          enable = true;
+
+          rejectPackets = false;
+
+          allowPing = true;
+          pingLimit = "1/minute burst 5 packets";
+
+          logRefusedConnections = false;
+          logRefusedPackets = false;
+          logRefusedUnicastsOnly = false;
+          logReversePathDrops = false;
+        };
+      }
+      (
+        let
+          interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false.
+        in
+        mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) {
+          usePredictableInterfaceNames = false; # NOTE This can break something!
+          interfaces.${interface} = {
+            ipv4.addresses =
+              with this.ipv4;
+              optional (isString address && isInt prefixLength) { inherit address prefixLength; };
+
+            ipv6.addresses =
+              with this.ipv6;
+              optional (isString address && isInt prefixLength) { inherit address prefixLength; };
+          };
+          defaultGateway =
+            with this.ipv4;
+            mkIf (isString gatewayAddress) {
+              inherit interface;
+              address = gatewayAddress;
+            };
+          defaultGateway6 =
+            with this.ipv6;
+            mkIf (isString gatewayAddress) {
+              inherit interface;
+              address = gatewayAddress;
+            };
+        }
+      )
+      (mkIf this.isHeadful {
+        interfaces = {
+          eth0.useDHCP = mkDefault true;
+          wlan0.useDHCP = mkDefault true;
+        };
+
+        networkmanager = {
+          enable = mkDefault true;
+          wifi.backend = "iwd";
+        };
+
+        wireless = {
+          enable = false;
+          iwd.enable = mkDefault true;
+          userControlled.enable = true;
+          allowAuxiliaryImperativeNetworks = true;
+        };
+      })
+    ];
+
+    environment = {
+      shellAliases = listToAttrs (
+        map ({ name, value }: nameValuePair name "${pkgs.iproute2}/bin/${value}") [
+          {
+            name = "bridge";
+            value = "bridge -color=always";
+          }
+          {
+            name = "ip";
+            value = "ip -color=always";
+          }
+          {
+            name = "tc";
+            value = "tc -color=always";
+          }
+        ]
+      );
+
+      systemPackages = with pkgs; [
+        ethtool
+        myip
+        nethogs
+      ];
+    };
+  };
+}