diff --git a/flake.nix b/flake.nix index 874ec2c..61f08f9 100644 --- a/flake.nix +++ b/flake.nix @@ -99,7 +99,10 @@ systems = { # common modules modules.nixos = with inputs; [ + authentik-nix.nixosModules.default chaotic.nixosModules.default + crowdsec.nixosModules.crowdsec + crowdsec.nixosModules.crowdsec-firewall-bouncer disko.nixosModules.disko impermanence.nixosModules.impermanence lanzaboote.nixosModules.lanzaboote @@ -134,9 +137,6 @@ # ###################################################### nas = { modules = with inputs; [ - authentik-nix.nixosModules.default - crowdsec.nixosModules.crowdsec - crowdsec.nixosModules.crowdsec-firewall-bouncer nixos-hardware.nixosModules.common-pc nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd-pstate diff --git a/modules/nixos/network/default.nix b/modules/nixos/network/default.nix new file mode 100644 index 0000000..3011cd5 --- /dev/null +++ b/modules/nixos/network/default.nix @@ -0,0 +1,118 @@ +{ + config, + lib, + namespace, + ... +}: +with lib; +let + cfg = config.${namespace}.network; +in +{ + options.${namespace}.network = with types; { + hostName = lib.mkOption { + type = str; + default = "nixos"; + description = "The hostname of the system."; + }; + + ipv4 = { + method = mkOption { + type = types.str; + default = "auto"; + }; + address = lib.mkOption { + type = types.str; + default = "10.0.1.1"; + }; + gateway = lib.mkOption { + type = types.str; + default = "10.0.1.1"; + }; + dns = lib.mkOption { + type = types.str; + default = "10.0.1.1"; + }; + }; + }; + + config = { + networking = { + hostName = lib.mkForce cfg.hostName; + + # Enable Network Manager + networkmanager = { + enable = true; + ensureProfiles = { + environmentFiles = [ + config.sops.secrets.wifi.path + ]; + + profiles = { + "Joey's Jungle 6G" = { + connection = { + id = "Joey's Jungle 6G"; + type = "wifi"; + }; + ipv4 = if (cfg.ipv4.method == "auto") + then + { + method = "auto"; + } + else + { + address1 = cfg.ipv4.address; + dns = cfg.ipv4.dns; + gateway = cfg.ipv4.gateway; + method = "manual"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + wifi = { + mode = "infrastructure"; + ssid = "Joey's Jungle 6G"; + }; + wifi-security = { + key-mgmt = "sae"; + psk = "$PSK"; + }; + }; + + "Joey's Jungle 5G" = { + connection = { + id = "Joey's Jungle 5G"; + type = "wifi"; + }; + ipv4 = if (cfg.ipv4.method == "auto") + then + { + method = "auto"; + } + else + { + address1 = cfg.ipv4.address; + dns = cfg.ipv4.dns; + gateway = cfg.ipv4.gateway; + method = "manual"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + wifi = { + mode = "infrastructure"; + ssid = "Joey's Jungle 5G"; + }; + wifi-security = { + key-mgmt = "sae"; + psk = "$PSK"; + }; + }; + }; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/systems/aarch64-linux/pi5/default.nix b/systems/aarch64-linux/pi5/default.nix index 190c183..f475a2d 100644 --- a/systems/aarch64-linux/pi5/default.nix +++ b/systems/aarch64-linux/pi5/default.nix @@ -19,6 +19,9 @@ in ${namespace} = { hardware.disko.enable = true; desktop.hyprland.enable = false; + network = { + hostName = "pi5"; + }; }; # Enable nix flakes and nix-command tools diff --git a/systems/aarch64-linux/pi5/networking.nix b/systems/aarch64-linux/pi5/networking.nix index 2c3200b..a5418c4 100755 --- a/systems/aarch64-linux/pi5/networking.nix +++ b/systems/aarch64-linux/pi5/networking.nix @@ -14,41 +14,5 @@ in enable = true; allowPing = true; }; - - # Enable Network Manager - networkmanager = { - enable = lib.mkDefault true; - wifi.powersave = lib.mkDefault false; - settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt"; - ensureProfiles = { - environmentFiles = [ - config.sops.secrets.wifi.path - ]; - - profiles = { - "Joey's Jungle 5G" = { - connection = { - id = "Joey's Jungle 5G"; - type = "wifi"; - }; - ipv4 = { - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - wifi = { - mode = "infrastructure"; - ssid = "Joey's Jungle 5G"; - }; - wifi-security = { - key-mgmt = "sae"; - psk = "$PSK"; - }; - }; - }; - }; - }; }; } \ No newline at end of file diff --git a/systems/x86_64-linux/nas/apps.nix b/systems/x86_64-linux/nas/apps.nix index 4dba496..8d999fb 100755 --- a/systems/x86_64-linux/nas/apps.nix +++ b/systems/x86_64-linux/nas/apps.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, namespace, ... }: +{ namespace, ... }: { ${namespace} = { services = { diff --git a/systems/x86_64-linux/nas/default.nix b/systems/x86_64-linux/nas/default.nix index 3b916f3..f5a52de 100755 --- a/systems/x86_64-linux/nas/default.nix +++ b/systems/x86_64-linux/nas/default.nix @@ -6,7 +6,6 @@ config, pkgs, lib, - inputs, namespace, ... }: @@ -39,6 +38,13 @@ nvidiaSettings = true; enableNvidiaDocker = true; }; + network = { + hostName = "jallen-nas"; + ipv4 = { + address = "10.0.1.3/24"; + method = "manual"; + }; + }; user = { name = "admin"; }; diff --git a/systems/x86_64-linux/nas/networking.nix b/systems/x86_64-linux/nas/networking.nix index 3d81abb..286b84e 100755 --- a/systems/x86_64-linux/nas/networking.nix +++ b/systems/x86_64-linux/nas/networking.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ ... }: let ports = [ 8008 # restic @@ -28,49 +28,10 @@ in { # Networking configs networking = { - hostName = lib.mkForce "jallen-nas"; - useNetworkd = true; hostId = "4b501480"; - # Disable Network Manager - networkmanager = { - enable = true; - ensureProfiles = { - environmentFiles = [ - config.sops.secrets.wifi.path - ]; - - profiles = { - "Joey's Jungle 6G" = { - connection = { - id = "Joey's Jungle 6G"; - type = "wifi"; - }; - ipv4 = { - address1 = "10.0.1.3/24"; - dns = "10.0.1.1"; - gateway = "10.0.1.1"; - method = "manual"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - wifi = { - mode = "infrastructure"; - ssid = "Joey's Jungle 6G"; - }; - wifi-security = { - key-mgmt = "sae"; - psk = "$PSK"; - }; - }; - }; - }; - }; - nat = { enable = true; internalInterfaces = [ "ve-+" ];