From 96c7b856a735163bf55e15b5219a3c12636d8a98 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Fri, 28 Feb 2025 06:49:20 +0800 Subject: [PATCH] refactor: move networking config into its own file --- modules/networking.nix | 39 +++++++++++++++++++++++++++++++++++++ systems/nemesis/default.nix | 26 +++++-------------------- 2 files changed, 44 insertions(+), 21 deletions(-) create mode 100644 modules/networking.nix diff --git a/modules/networking.nix b/modules/networking.nix new file mode 100644 index 0000000..0340a3d --- /dev/null +++ b/modules/networking.nix @@ -0,0 +1,39 @@ +# +# Common networking settings for all machines. +# Anything system-specific should not be here. +# +{ + networking = { + # Enable networkManager + # TODO: Look into the networkManager options. + networkmanager.enable = true; + + # Configures a simple stateful firewall. + # By default, it doesn't allow any incoming connections. + firewall = { + enable = true; + allowedTCPPorts = [ + 22 # SSH + ]; + allowedUDPPorts = []; + }; + }; + + # Add binary caches to avoid having to compile them + nix.settings = { + substituters = [ + "https://hyprland.cachix.org" + "https://cuda-maintainers.cachix.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; + + # TODO: look into openssh and tailscale settings. + services.openssh.enable = true; + services.tailscale.enable = true; +} diff --git a/systems/nemesis/default.nix b/systems/nemesis/default.nix index e25182e..b20a9ad 100644 --- a/systems/nemesis/default.nix +++ b/systems/nemesis/default.nix @@ -2,16 +2,18 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ inputs, config, pkgs, ... }: let -in { +{ inputs, pkgs, ... }: + +{ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ../../scripts/hyprland-tty-launch.nix ../../modules/nvidia.nix # Graphics settings for Nvidia GPUs + ../../modules/networking.nix # Common networking config ]; - # Bootloader. + # Bootloahttps://jira.xtremax.com/browse/GCCFMALRT-15450der. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -24,18 +26,6 @@ in { # Add hyprland.cachix.org as a binary cache for Hyprland - nix.settings = { - substituters = [ - "https://hyprland.cachix.org" - "https://cuda-maintainers.cachix.org" - "https://nix-community.cachix.org" - ]; - trusted-public-keys = [ - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" - "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - }; # Scripts services.hyprland-tty-launch.enable = true; @@ -48,7 +38,6 @@ in { # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Enable networking - networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "Asia/Singapore"; @@ -102,9 +91,6 @@ in { # List services that you want to enable: # Enable the OpenSSH daemon. - services.openssh.enable = true; - services.tailscale.enable = true; - programs.uwsm = { enable = true; waylandCompositors.hyprland = { @@ -129,10 +115,8 @@ in { services.hypridle.enable = true; # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. - networking.firewall.enable = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions