From 3f291fe66556933508bc4b929337da3d3c7c4bac Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Mon, 6 Nov 2023 16:10:42 +0800 Subject: [PATCH] hosts/ni: modularize networking config --- hosts/ni/default.nix | 28 +---------------------- hosts/ni/modules/networking.nix | 40 +++++++++++++++++++++++++++++++++ modules/nixos/profiles/dev.nix | 3 ++- 3 files changed, 43 insertions(+), 28 deletions(-) create mode 100644 hosts/ni/modules/networking.nix diff --git a/hosts/ni/default.nix b/hosts/ni/default.nix index 9ac50b66..3f219320 100644 --- a/hosts/ni/default.nix +++ b/hosts/ni/default.nix @@ -5,6 +5,7 @@ # Include the results of the hardware scan. ./hardware-configuration.nix + ./modules/networking.nix ./modules/wireguard.nix (lib.mapHomeManagerUser "foo-dogsquared" { @@ -75,9 +76,6 @@ "riscv64-linux" ]; - # Wanna be a wannabe haxxor, kid? - programs.wireshark.package = pkgs.wireshark; - # We're using some better filesystems so we're using it. boot.initrd.supportedFilesystems = [ "btrfs" ]; boot.supportedFilesystems = [ "btrfs" ]; @@ -172,30 +170,6 @@ longitude = 121.0; }; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - programs.mtr.enable = true; - services.auto-cpufreq.enable = true; - services.avahi.enable = true; - - # We'll go with a software firewall. We're mostly configuring it as if we're - # using a server even though the chances of that is pretty slim. - networking = { - nftables.enable = true; - firewall = { - enable = true; - allowedTCPPorts = [ - 22 # Secure Shells. - ]; - }; - }; - - services.resolved.domains = [ - "~plover.foodogsquared.one" - "~0.27.172.in-addr.arpa" - "~0.28.172.in-addr.arpa" - ]; - system.stateVersion = "23.11"; # Yes! I read the comment! } diff --git a/hosts/ni/modules/networking.nix b/hosts/ni/modules/networking.nix new file mode 100644 index 00000000..8862115f --- /dev/null +++ b/hosts/ni/modules/networking.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +{ + # Be a networking doctor or something. + programs.mtr.enable = true; + + # Wanna be a wannabe haxxor, kid? + programs.wireshark.package = pkgs.wireshark; + + # Modern version of SSH. + programs.mosh.enable = true; + + # Just supporting local systems, businesses, and business systems. + services.avahi = { + enable = true; + nssmdns = true; + publish = { + enable = true; + userServices = true; + }; + }; + + # We'll go with a software firewall. We're mostly configuring it as if we're + # using a server even though the chances of that is pretty slim. + networking = { + nftables.enable = true; + firewall = { + enable = true; + allowedTCPPorts = [ + 22 # Secure Shells. + ]; + }; + }; + + services.resolved.domains = [ + "~plover.foodogsquared.one" + "~0.27.172.in-addr.arpa" + "~0.28.172.in-addr.arpa" + ]; +} diff --git a/modules/nixos/profiles/dev.nix b/modules/nixos/profiles/dev.nix index 0c397e8c..5dede4bc 100644 --- a/modules/nixos/profiles/dev.nix +++ b/modules/nixos/profiles/dev.nix @@ -86,7 +86,7 @@ in { cachix # Compile no more by using someone's binary cache! curl # Our favorite network client. cmake # The poster boy for the hated build system. - #diffoscope # Oversized caffeine grinder. + diffoscope # Oversized caffeine grinder. direnv # The power of local development environment. ipcalc # Calculate your IP without going to the web. gcc # The usual toolchain. @@ -188,6 +188,7 @@ in { # foreign environments. virtualisation.libvirtd = { enable = true; + qemu.package = pkgs.qemu_full; qemu.ovmf.enable = true; }; })