diff options
Diffstat (limited to '')
-rw-r--r-- | modules/nixos/common/networking.nix | 186 |
1 files changed, 100 insertions, 86 deletions
diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix index 6109933..0c44159 100644 --- a/modules/nixos/common/networking.nix +++ b/modules/nixos/common/networking.nix @@ -5,104 +5,118 @@ this, ... }: -with lib; { - # TODO Support multiple interfaces and IP addresses. - networking = mkMerge [ - { - domain = my.domain.shire; +with lib; let + cfg = config.nixfiles.modules.common.networking; +in { + options.nixfiles.modules.common.networking.onlyDefault = + mkEnableOption "custom networking settings"; - hostName = this.hostname; - hostId = substring 0 8 (builtins.hashString "md5" this.hostname); + config = mkIf (!cfg.onlyDefault) { + # TODO Support multiple interfaces and IP addresses. + networking = mkMerge [ + { + domain = my.domain.shire; - # Remove default hostname mappings. This is required at least by the current - # implementation of the montoring module. - hosts = { - "127.0.0.2" = mkForce []; - "::1" = mkForce []; - }; + hostName = this.hostname; + hostId = substring 0 8 (builtins.hashString "md5" this.hostname); - nameservers = mkDefault dns.const.quad9.default; + # Remove default hostname mappings. This is required at least by the current + # implementation of the montoring module. + hosts = { + "127.0.0.2" = mkForce []; + "::1" = mkForce []; + }; - useDHCP = false; + nameservers = mkDefault dns.const.quad9.default; - firewall = { - enable = true; + useDHCP = false; - rejectPackets = false; + firewall = { + enable = true; - allowPing = true; - pingLimit = "--limit 1/minute --limit-burst 5"; + rejectPackets = false; - logRefusedConnections = false; - logRefusedPackets = false; - logRefusedUnicastsOnly = false; - logReversePathDrops = false; - }; - } - (let - interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. - in - mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { - usePredictableInterfaceNames = false; # NOTE This can break something! - interfaces.${interface} = { - ipv4.addresses = with this.ipv4; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; + allowPing = true; + pingLimit = "--limit 1/minute --limit-burst 5"; - ipv6.addresses = with this.ipv6; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; + logRefusedConnections = false; + logRefusedPackets = false; + logRefusedUnicastsOnly = false; + logReversePathDrops = false; }; - defaultGateway = with this.ipv4; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - defaultGateway6 = with this.ipv6; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; + } + (let + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. + in + mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { + usePredictableInterfaceNames = false; # NOTE This can break something! + interfaces.${interface} = { + ipv4.addresses = with this.ipv4; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; + + ipv6.addresses = with this.ipv6; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; }; - }) - (mkIf this.isHeadful { - interfaces = { - eth0.useDHCP = mkDefault true; - wlan0.useDHCP = mkDefault true; - }; + defaultGateway = with this.ipv4; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + defaultGateway6 = with this.ipv6; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + }) + (mkIf this.isHeadful { + interfaces = { + eth0.useDHCP = mkDefault true; + wlan0.useDHCP = mkDefault true; + }; - networkmanager = { - enable = mkDefault true; - wifi.backend = "iwd"; - }; + networkmanager = { + enable = mkDefault true; + wifi.backend = "iwd"; + }; - wireless = { - enable = false; - iwd.enable = mkDefault true; - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; - }; - }) - ]; + wireless = { + enable = false; + iwd.enable = mkDefault true; + userControlled.enable = true; + allowAuxiliaryImperativeNetworks = true; + }; + }) + ]; - environment.shellAliases = listToAttrs (map - ({ - name, - value, - }: - nameValuePair name "${pkgs.iproute2}/bin/${value}") [ - { - name = "bridge"; - value = "bridge -color=always"; - } - { - name = "ip"; - value = "ip -color=always"; - } - { - name = "tc"; - value = "tc -color=always"; - } - ]); + environment = { + shellAliases = listToAttrs (map + ({ + name, + value, + }: + nameValuePair name "${pkgs.iproute2}/bin/${value}") [ + { + name = "bridge"; + value = "bridge -color=always"; + } + { + name = "ip"; + value = "ip -color=always"; + } + { + name = "tc"; + value = "tc -color=always"; + } + ]); + + systemPackages = with pkgs; [ + ethtool + nethogs + ]; + }; + }; } |