hosts/ni/networking: add enable option

2025-02-07 12:19:07 +00:00 · 2023-12-13 10:04:18 +08:00 · 2023-12-13 10:04:18 +08:00 · 8e42fa92d0
commit 8e42fa92d0
parent b04a284489
2 changed files with 51 additions and 21 deletions
--- a/hosts/ni/default.nix
+++ b/hosts/ni/default.nix
@ -27,6 +27,7 @@

  hosts.ni = {
    hardware.qol.enable = true;
+    networking.enable = true;
    networking.setup = "networkmanager";
    networking.wireguard.enable = true;
  };
@ -105,7 +106,6 @@
      tools.enable = true;
      setups.personal-webstorage.enable = true;
    };
-    vpn.personal.enable = true;
  };

  # This is somewhat used for streaming games from it.
--- a/hosts/ni/modules/networking/setup.nix
+++ b/hosts/ni/modules/networking/setup.nix
@ -2,12 +2,13 @@

 let
  hostCfg = config.hosts.ni;
-  cfg = hostCfg.networking.setup;
+  cfg = hostCfg.networking;
 in
 {
-  options.hosts.ni.networking.setup = lib.mkOption {
+  options.hosts.ni.networking = {
+    enable = lib.mkEnableOption "networking setup";
+    setup = lib.mkOption {
      type = lib.types.enum [ "networkd" "networkmanager" ];
-    default = "networkmanager";
      description = ''
        Indicates the component of the network setup. In practice, you'll most
        likely just use NetworkManager since it is what is being supported by
@ -18,10 +19,39 @@ in
        risk.
        :::
      '';
+      default = "networkmanager";
      example = "networkd";
    };
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    {
+      # Put on your cloak, kid.
+      profiles.vpn.personal.enable = true;
+
+      # We'll go with a software firewall. We're mostly configuring it as if we're
+      # using a server even though the chances of that is pretty slim.
+      networking.nftables.enable = true;
+      networking.firewall.enable = true;
+
+      # Just supporting local systems, businesses, and business systems.
+      services.avahi = {
+        enable = true;
+        nssmdns = true;
+        publish = {
+          enable = true;
+          userServices = true;
+        };
+      };
+
+      # Your internal network.
+      services.resolved.domains = [
+        "~plover.foodogsquared.one"
+        "~0.27.172.in-addr.arpa"
+        "~0.28.172.in-addr.arpa"
+      ];
+    }

-  config = lib.mkMerge [
    (lib.mkIf (cfg.setup == "networkd") {
      networking = {
        usePredictableInterfaceNames = true;
@ -44,12 +74,12 @@ in
      systemd.network.enable = true;

      # Setting up the bond devices.
-      systemd.networks."40-bond1-dev1" = {
+      systemd.network.networks."40-bond1-dev1" = {
        matchConfig.Name = "enp1s0";
        networkConfig.Bond = "bond1";
      };

-      systemd.networks."40-bond1-dev2" = {
+      systemd.network.networks."40-bond1-dev2" = {
        matchConfig.Name = "wlp2s0";
        networkConfig = {
          Bond = "bond1";
@ -58,11 +88,11 @@ in
      };

      # Creating the ethernet-wireless-network bond.
-      systemd.netdevs."40-bond1".netdevConfig = {
+      systemd.network.netdevs."40-bond1".netdevConfig = {
        Name = "bond1";
        Kind = "bond";
      };
-      systemd.networks."40-bond1" = {
+      systemd.network.networks."40-bond1" = {
        matchConfig.Name = "bond1";
        networkConfig.DHCP = "yes";
      };
@ -93,5 +123,5 @@ in
        interfaces = [ "enp1s0" "wlp2s0" ];
      };
    })
-  ];
+  ]);
 }