hosts/ni/networking: add enable option

hosts/ni/default.nix

@@ -27,6 +27,7 @@
 
   hosts.ni = {
     hardware.qol.enable = true;
+    networking.enable = true;
     networking.setup = "networkmanager";
     networking.wireguard.enable = true;
   };
@@ -105,7 +106,6 @@
       tools.enable = true;
       setups.personal-webstorage.enable = true;
     };
-    vpn.personal.enable = true;
   };
 
   # This is somewhat used for streaming games from it.

hosts/ni/modules/networking/setup.nix

@@ -2,26 +2,56 @@
 
 let
   hostCfg = config.hosts.ni;
-  cfg = hostCfg.networking.setup;
+  cfg = hostCfg.networking;
 in
 {
-  options.hosts.ni.networking.setup = lib.mkOption {
+  options.hosts.ni.networking = {
-    type = lib.types.enum [ "networkd" "networkmanager" ];
+    enable = lib.mkEnableOption "networking setup";
-    default = "networkmanager";
+    setup = lib.mkOption {
-    description = ''
+      type = lib.types.enum [ "networkd" "networkmanager" ];
-      Indicates the component of the network setup. In practice, you'll most
+      description = ''
-      likely just use NetworkManager since it is what is being supported by
+        Indicates the component of the network setup. In practice, you'll most
-      most desktop setups such as GNOME.
+        likely just use NetworkManager since it is what is being supported by
+        most desktop setups such as GNOME.
 
-      ::: {.warning}
+        ::: {.warning}
-      Using systemd-networkd setup is considered experimental. Use at your own
+        Using systemd-networkd setup is considered experimental. Use at your own
-      risk.
+        risk.
-      :::
+        :::
-    '';
+      '';
-    example = "networkd";
+      default = "networkmanager";
+      example = "networkd";
+    };
   };
 
-  config = lib.mkMerge [
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    {
+      # Put on your cloak, kid.
+      profiles.vpn.personal.enable = true;
+
+      # We'll go with a software firewall. We're mostly configuring it as if we're
+      # using a server even though the chances of that is pretty slim.
+      networking.nftables.enable = true;
+      networking.firewall.enable = true;
+
+      # Just supporting local systems, businesses, and business systems.
+      services.avahi = {
+        enable = true;
+        nssmdns = true;
+        publish = {
+          enable = true;
+          userServices = true;
+        };
+      };
+
+      # Your internal network.
+      services.resolved.domains = [
+        "~plover.foodogsquared.one"
+        "~0.27.172.in-addr.arpa"
+        "~0.28.172.in-addr.arpa"
+      ];
+    }
+
     (lib.mkIf (cfg.setup == "networkd") {
       networking = {
         usePredictableInterfaceNames = true;
@@ -44,12 +74,12 @@ in
       systemd.network.enable = true;
 
       # Setting up the bond devices.
-      systemd.networks."40-bond1-dev1" = {
+      systemd.network.networks."40-bond1-dev1" = {
         matchConfig.Name = "enp1s0";
         networkConfig.Bond = "bond1";
       };
 
-      systemd.networks."40-bond1-dev2" = {
+      systemd.network.networks."40-bond1-dev2" = {
         matchConfig.Name = "wlp2s0";
         networkConfig = {
           Bond = "bond1";
@@ -58,11 +88,11 @@ in
       };
 
       # Creating the ethernet-wireless-network bond.
-      systemd.netdevs."40-bond1".netdevConfig = {
+      systemd.network.netdevs."40-bond1".netdevConfig = {
         Name = "bond1";
         Kind = "bond";
       };
-      systemd.networks."40-bond1" = {
+      systemd.network.networks."40-bond1" = {
         matchConfig.Name = "bond1";
         networkConfig.DHCP = "yes";
       };
@@ -93,5 +123,5 @@ in
         interfaces = [ "enp1s0" "wlp2s0" ];
       };
     })
-  ];
+  ]);
 }