hosts/ni: modularize networking config

2025-01-31 04:58:01 +00:00 · 2023-11-06 16:10:42 +08:00 · 2023-11-06 16:10:42 +08:00 · 3f291fe665
commit 3f291fe665
parent 9929722fe2
3 changed files with 43 additions and 28 deletions
--- a/hosts/ni/default.nix
+++ b/hosts/ni/default.nix
@ -5,6 +5,7 @@
    # Include the results of the hardware scan.
    ./hardware-configuration.nix

+    ./modules/networking.nix
    ./modules/wireguard.nix

    (lib.mapHomeManagerUser "foo-dogsquared" {
@ -75,9 +76,6 @@
    "riscv64-linux"
  ];

-  # Wanna be a wannabe haxxor, kid?
-  programs.wireshark.package = pkgs.wireshark;
-
  # We're using some better filesystems so we're using it.
  boot.initrd.supportedFilesystems = [ "btrfs" ];
  boot.supportedFilesystems = [ "btrfs" ];
@ -172,30 +170,6 @@
    longitude = 121.0;
  };

-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  programs.mtr.enable = true;
-
  services.auto-cpufreq.enable = true;
-  services.avahi.enable = true;
-
-  # We'll go with a software firewall. We're mostly configuring it as if we're
-  # using a server even though the chances of that is pretty slim.
-  networking = {
-    nftables.enable = true;
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [
-        22 # Secure Shells.
-      ];
-    };
-  };
-
-  services.resolved.domains = [
-    "~plover.foodogsquared.one"
-    "~0.27.172.in-addr.arpa"
-    "~0.28.172.in-addr.arpa"
-  ];
-
  system.stateVersion = "23.11"; # Yes! I read the comment!
 }
--- a/hosts/ni/modules/networking.nix
+++ b/hosts/ni/modules/networking.nix
@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Be a networking doctor or something.
+  programs.mtr.enable = true;
+
+  # Wanna be a wannabe haxxor, kid?
+  programs.wireshark.package = pkgs.wireshark;
+
+  # Modern version of SSH.
+  programs.mosh.enable = true;
+
+  # Just supporting local systems, businesses, and business systems.
+  services.avahi = {
+    enable = true;
+    nssmdns = true;
+    publish = {
+      enable = true;
+      userServices = true;
+    };
+  };
+
+  # We'll go with a software firewall. We're mostly configuring it as if we're
+  # using a server even though the chances of that is pretty slim.
+  networking = {
+    nftables.enable = true;
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22 # Secure Shells.
+      ];
+    };
+  };
+
+  services.resolved.domains = [
+    "~plover.foodogsquared.one"
+    "~0.27.172.in-addr.arpa"
+    "~0.28.172.in-addr.arpa"
+  ];
+}
--- a/modules/nixos/profiles/dev.nix
+++ b/modules/nixos/profiles/dev.nix
@ -86,7 +86,7 @@ in {
        cachix # Compile no more by using someone's binary cache!
        curl # Our favorite network client.
        cmake # The poster boy for the hated build system.
-        #diffoscope # Oversized caffeine grinder.
+        diffoscope # Oversized caffeine grinder.
        direnv # The power of local development environment.
        ipcalc # Calculate your IP without going to the web.
        gcc # The usual toolchain.
@ -188,6 +188,7 @@ in {
      # foreign environments.
      virtualisation.libvirtd = {
        enable = true;
+        qemu.package = pkgs.qemu_full;
        qemu.ovmf.enable = true;
      };
    })