foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 10:58:02 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

hosts/ni: modularize networking config

Browse Source
This commit is contained in:
Gabriel Arazas 2023-11-06 16:10:42 +08:00
parent 9929722fe2
commit 3f291fe665
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
3 changed files with 43 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
hosts/ni/default.nix
View File

@ -5,6 +5,7 @@
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./modules/networking.nix
./modules/wireguard.nix ./modules/wireguard.nix
(lib.mapHomeManagerUser "foo-dogsquared" { (lib.mapHomeManagerUser "foo-dogsquared" {
@ -75,9 +76,6 @@
"riscv64-linux" "riscv64-linux"
]; ];
# Wanna be a wannabe haxxor, kid?
programs.wireshark.package = pkgs.wireshark;
# We're using some better filesystems so we're using it. # We're using some better filesystems so we're using it.
boot.initrd.supportedFilesystems = [ "btrfs" ]; boot.initrd.supportedFilesystems = [ "btrfs" ];
boot.supportedFilesystems = [ "btrfs" ]; boot.supportedFilesystems = [ "btrfs" ];
@ -172,30 +170,6 @@
longitude = 121.0; longitude = 121.0;
}; };
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
services.auto-cpufreq.enable = true; services.auto-cpufreq.enable = true;
services.avahi.enable = true;
# We'll go with a software firewall. We're mostly configuring it as if we're
# using a server even though the chances of that is pretty slim.
networking = {
nftables.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [
22 # Secure Shells.
];
};
};
services.resolved.domains = [
"~plover.foodogsquared.one"
"~0.27.172.in-addr.arpa"
"~0.28.172.in-addr.arpa"
];
system.stateVersion = "23.11"; # Yes! I read the comment! system.stateVersion = "23.11"; # Yes! I read the comment!
} }

40
hosts/ni/modules/networking.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
{
# Be a networking doctor or something.
programs.mtr.enable = true;
# Wanna be a wannabe haxxor, kid?
programs.wireshark.package = pkgs.wireshark;
# Modern version of SSH.
programs.mosh.enable = true;
# Just supporting local systems, businesses, and business systems.
services.avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
userServices = true;
};
};
# We'll go with a software firewall. We're mostly configuring it as if we're
# using a server even though the chances of that is pretty slim.
networking = {
nftables.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [
22 # Secure Shells.
];
};
};
services.resolved.domains = [
"~plover.foodogsquared.one"
"~0.27.172.in-addr.arpa"
"~0.28.172.in-addr.arpa"
];
}

3
modules/nixos/profiles/dev.nix
View File

@ -86,7 +86,7 @@ in {
cachix # Compile no more by using someone's binary cache! cachix # Compile no more by using someone's binary cache!
curl # Our favorite network client. curl # Our favorite network client.
cmake # The poster boy for the hated build system. cmake # The poster boy for the hated build system.
#diffoscope # Oversized caffeine grinder. diffoscope # Oversized caffeine grinder.
direnv # The power of local development environment. direnv # The power of local development environment.
ipcalc # Calculate your IP without going to the web. ipcalc # Calculate your IP without going to the web.
gcc # The usual toolchain. gcc # The usual toolchain.
@ -188,6 +188,7 @@ in {
# foreign environments. # foreign environments.
virtualisation.libvirtd = { virtualisation.libvirtd = {
enable = true; enable = true;
qemu.package = pkgs.qemu_full;
qemu.ovmf.enable = true; qemu.ovmf.enable = true;
}; };
}) })