rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: move networking into its own module

Browse source
This commit is contained in:
Mohammad Rafiq 2025-03-27 02:26:13 +08:00
parent e181c1c4f3
commit d5b4b54403
No known key found for this signature in database
4 changed files with 43 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

53
systems/default.nix
View file

@ -16,21 +16,10 @@
[ [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
./modules/bootloaders/systemd-boot.nix ./modules/bootloaders/systemd-boot.nix
./modules/programs/tailscale.nix
./modules/programs/zsh.nix ./modules/programs/zsh.nix
./modules/hardware/networking.nix
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = specialArgs;
users.${username}.imports = [
../users/rafiq.nix
];
};
}
] ]
# Options for desktops. # Options for desktops.
(lib.optionals (type == "desktop") [ (lib.optionals (type == "desktop") [
@ -50,6 +39,10 @@
]; ];
boot = { boot = {
loader = {
timeout = 5;
efi.canTouchEfiVariables = true;
};
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
initrd.availableKernelModules = [ initrd.availableKernelModules = [
"nvme" "nvme"
@ -60,36 +53,14 @@
"sd_mod" "sd_mod"
]; ];
}; };
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = specialArgs;
users.${username}.imports = [ ../users/rafiq.nix ];
};
system.stateVersion = "24.11"; system.stateVersion = "24.11";
networking = {
hostName = hostname;
useDHCP = lib.mkDefault true;
networkmanager.enable = true;
networkmanager.wifi.backend = "iwd";
# Configures a simple stateful firewall.
# By default, it doesn't allow any incoming connections.
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
allowedUDPPorts = [ ];
};
interfaces.enp12s0.wakeOnLan.policy = [
"phy"
"unicast"
"multicast"
"broadcast"
"arp"
"magic"
"secureon"
];
interfaces.enp12s0.wakeOnLan.enable = true;
};
users.mutableUsers = false; # Always reset users on system activation users.mutableUsers = false; # Always reset users on system activation
users.users.${username} = { users.users.${username} = {
@ -137,8 +108,6 @@
i18n.defaultLocale = "en_SG.UTF-8"; i18n.defaultLocale = "en_SG.UTF-8";
services.openssh.enable = true;
sops = { sops = {
defaultSopsFile = ../secrets/secrets.yaml; defaultSopsFile = ../secrets/secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

2
systems/modules/bootloaders/systemd-boot.nix
View file

@ -1,8 +1,6 @@
{ {
boot.loader = { boot.loader = {
timeout = 5;
systemd-boot.enable = true; systemd-boot.enable = true;
systemd-boot.configurationLimit = 5; systemd-boot.configurationLimit = 5;
efi.canTouchEfiVariables = true;
}; };
} }

32
systems/modules/hardware/networking.nix Normal file
View file

@ -0,0 +1,32 @@
{ hostname, lib, ... }:
{
networking = {
hostName = hostname;
useDHCP = lib.mkDefault true;
networkmanager.enable = true;
networkmanager.wifi.backend = "iwd";
# Configures a simple stateful firewall.
# By default, it doesn't allow any incoming connections.
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
allowedUDPPorts = [ ];
};
interfaces.enp12s0.wakeOnLan.policy = [
"phy"
"unicast"
"multicast"
"broadcast"
"arp"
"magic"
"secureon"
];
interfaces.enp12s0.wakeOnLan.enable = true;
};
services.openssh.enable = true;
services.tailscale.enable = true;
}

3
systems/modules/programs/tailscale.nix
View file

@ -1,3 +0,0 @@
{
services.tailscale.enable = true;
}