etorres/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
nixos/base/network.nix

178 lines
3.9 KiB
Nix
Raw Permalink Blame History

# Module: base/network
{
config,
lib,
pkgs,
options,
...
}:
with lib;
let
cfg = config.network;
routingTypes = [
"static"
"dynamic"
];
# ----- Static config options -----
defaultStaticRoutes = [
{
Gateway = "172.31.1.1";
GatewayOnLink = true;
}
{ Gateway = "fe80::1"; }
];
defaultDNSServers = [
"1.1.1.1#cloudflare-dns.com"
"1.0.0.1#cloudflare-dns.com"
"2606:4700:4700::1111#cloudflare-dns.com"
"2606:4700:4700::1001#cloudflare-dns.com"
];
defaultTimeServers = [ "time.cloudflare.com" ];
in
{
options.network = {
routingType = mkOption {
type = types.enum routingTypes;
default = "static";
description = "Type of routing to use i.e. static or dynamic";
example = "dynamic";
};
hardwareAddress = mkOption {
type = types.str;
default = "";
description = "MAC address of primary ethernet interface";
example = "11:22:33:44:55:66";
};
staticAddresses = mkOption {
type = types.listOf types.str;
default = [ ];
description = "Static addresses list in CIDR notation";
example = [ "192.168.1.2/24" ];
};
staticRoutes = mkOption {
type = types.listOf types.attrs;
default = defaultStaticRoutes;
description = "System DNS servers";
example = {
Gateway = "fe80::1";
};
};
dnsServers = mkOption {
type = types.listOf types.str;
default = defaultDNSServers;
description = "System DNS servers";
example = [ "1.1.1.1" ];
};
enableMDNS = mkOption {
type = types.str;
default = "false";
description = "Enable Multicast DNS (mDNS), or sets resolve-only mode";
example = "resolve";
};
enableStubListener = mkOption {
type = types.str;
default = "false";
description = "Enable DNS stub resolver";
example = "udp";
};
timeServers = mkOption {
type = types.listOf types.str;
default = defaultTimeServers;
description = "System time servers";
example = [ "time.cloudflare.com" ];
};
};
config = {
# Interface/Routing Configuration
networking.useNetworkd = true;
networking.usePredictableInterfaceNames = false;
environment.systemPackages = with pkgs; [
chrony
tailscale
];
systemd.network = {
enable = true;
links.eth0 = {
matchConfig = {
MACAddress = cfg.hardwareAddress;
};
linkConfig = {
Name = "eth0";
};
};
networks."05-eth" =
if config.network.routingType == "static" then
{
matchConfig.Name = "eth0";
linkConfig.RequiredForOnline = "routable";
address = cfg.staticAddresses;
routes = cfg.staticRoutes;
}
else if config.network.routingType == "dynamic" then
{
matchConfig.Name = "eth0";
linkConfig.RequiredForOnline = "routable";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
}
else
{ };
};
services.tailscale.enable = true;
# Firewall Configuration
networking.nftables.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
allowedUDPPorts = [ config.services.tailscale.port ];
# allow traffic from tailscale network
trustedInterfaces = [ "tailscale0" ];
};
# ===== DNS Configuration =====
networking.nameservers = cfg.dnsServers;
services.resolved = {
enable = true;
domains = [ "~." ];
extraConfig = ''
MulticastDNS=${cfg.enableMDNS}
DNSStubListener=${cfg.enableStubListener}
'';
dnsovertls = "false";
};
# ===== Time Server Configuration =====
networking.timeServers = cfg.timeServers;
services.chrony = {
enable = true;
enableNTS = true;
serverOption = "iburst";
};
};
}
Reference in New Issue View Git Blame Copy Permalink