From e6ed60548397627bf10f561f9438201dbba0a36e Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sun, 21 Apr 2024 02:15:42 +0300 Subject: 2024-04-21 --- modules/common/networking.nix | 131 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 modules/common/networking.nix (limited to 'modules/common/networking.nix') diff --git a/modules/common/networking.nix b/modules/common/networking.nix new file mode 100644 index 0000000..727def4 --- /dev/null +++ b/modules/common/networking.nix @@ -0,0 +1,131 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.common.networking; +in +{ + options.nixfiles.modules.common.networking.onlyDefault = mkEnableOption "custom networking settings"; + + config = mkIf (!cfg.onlyDefault) { + ark.directories = + with config.networking; + optional networkmanager.enable "/etc/NetworkManager/system-connections" + ++ optional wireless.iwd.enable "/var/lib/iwd"; + + # TODO Switch to systemd-networkd. + networking = mkMerge [ + { + domain = my.domain.shire; + + hostName = this.hostname; + hostId = substring 0 8 (builtins.hashString "md5" this.hostname); + + # Remove default hostname mappings. This is required at least by the + # current implementation of the monitoring module. + hosts = { + "127.0.0.2" = mkForce [ ]; + "::1" = mkForce [ ]; + }; + + nameservers = mkDefault dns.const.quad9.default; + resolvconf.enable = true; + + useDHCP = false; + + nftables.enable = true; + + firewall = { + enable = true; + + rejectPackets = false; + + allowPing = true; + pingLimit = "1/minute burst 5 packets"; + + logRefusedConnections = false; + logRefusedPackets = false; + logRefusedUnicastsOnly = false; + logReversePathDrops = false; + }; + } + ( + let + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. + in + mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { + usePredictableInterfaceNames = false; # NOTE This can break something! + interfaces.${interface} = { + ipv4.addresses = + with this.ipv4; + optional (isString address && isInt prefixLength) { inherit address prefixLength; }; + + ipv6.addresses = + with this.ipv6; + optional (isString address && isInt prefixLength) { inherit address prefixLength; }; + }; + defaultGateway = + with this.ipv4; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + defaultGateway6 = + with this.ipv6; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + } + ) + (mkIf this.isHeadful { + interfaces = { + eth0.useDHCP = mkDefault true; + wlan0.useDHCP = mkDefault true; + }; + + networkmanager = { + enable = mkDefault true; + wifi.backend = "iwd"; + }; + + wireless = { + enable = false; + iwd.enable = mkDefault true; + userControlled.enable = true; + allowAuxiliaryImperativeNetworks = true; + }; + }) + ]; + + environment = { + shellAliases = listToAttrs ( + map ({ name, value }: nameValuePair name "${pkgs.iproute2}/bin/${value}") [ + { + name = "bridge"; + value = "bridge -color=always"; + } + { + name = "ip"; + value = "ip -color=always"; + } + { + name = "tc"; + value = "tc -color=always"; + } + ] + ); + + systemPackages = with pkgs; [ + ethtool + myip + nethogs + ]; + }; + }; +} -- cgit v1.2.3