1 files changed, 36 insertions, 12 deletions

diff --git a/modules/nixfiles/common/networking.nix b/modules/nixfiles/common/networking.nix
index 0ff7e3d..3085797 100644
--- a/modules/nixfiles/common/networking.nix
+++ b/modules/nixfiles/common/networking.nix
@@ -12,36 +12,60 @@ with lib; {
     +recurse
   '';
 
-  networking = {
+  # TODO Support multiple interfaces and IP addresses.
+  networking = let
+    interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false.
+  in {
+    domain = my.domain.shire;
+
     hostName = this.hostname;
     hostId = substring 0 8 (builtins.hashString "md5" this.hostname);
-    domain = my.domain.shire;
 
-    usePredictableInterfaceNames = false;
+    nameservers = mkDefault dns.const.quad9.default;
 
     useDHCP = false;
 
-    nameservers = dns.const.quad9.default;
+    # This could potentially break something.
+    usePredictableInterfaceNames = false;
+    interfaces.${interface} = {
+      ipv4.addresses = with this.ipv4;
+        optional (isString address && isInt prefixLength) {
+          inherit address prefixLength;
+        };
 
-    hosts = {
-      "127.0.0.2" = mkForce [];
-      "::1" = mkForce [];
+      ipv6.addresses = with this.ipv6;
+        optional (isString address && isInt prefixLength) {
+          inherit address prefixLength;
+        };
     };
+    defaultGateway = with this.ipv4;
+      mkIf (isString gatewayAddress) {
+        inherit interface;
+        address = gatewayAddress;
+      };
+    defaultGateway6 = with this.ipv6;
+      mkIf (isString gatewayAddress) {
+        inherit interface;
+        address = gatewayAddress;
+      };
 
     firewall = {
       enable = true;
 
-      logRefusedConnections = false;
-      logRefusedPackets = false;
-
       rejectPackets = false;
 
-      allowPing = config.nixfiles.modules.profiles.headless.enable;
+      allowPing = true;
+      pingLimit = "--limit 1/minute --limit-burst 5";
+
+      logRefusedConnections = false;
+      logRefusedPackets = false;
+      logRefusedUnicastsOnly = false;
+      logReversePathDrops = false;
     };
   };
 
   environment = {
-    systemPackages = with pkgs; [dnsutils ldns myip rsync];
+    systemPackages = with pkgs; [myip];
 
     shellAliases = listToAttrs (map
       ({