refactor: move networking into its own module

2025-03-27 02:26:13 +08:00 · 2025-03-27 02:26:13 +08:00 · d5b4b54403
commit d5b4b54403
parent e181c1c4f3
4 changed files with 43 additions and 47 deletions
--- a/systems/default.nix
+++ b/systems/default.nix
@ -16,21 +16,10 @@
    [
      (modulesPath + "/installer/scan/not-detected.nix")
      ./modules/bootloaders/systemd-boot.nix
-      ./modules/programs/tailscale.nix
      ./modules/programs/zsh.nix
+      ./modules/hardware/networking.nix
      inputs.sops-nix.nixosModules.sops
-
      inputs.home-manager.nixosModules.home-manager
-      {
-        home-manager = {
-          useGlobalPkgs = true;
-          useUserPackages = true;
-          extraSpecialArgs = specialArgs;
-          users.${username}.imports = [
-            ../users/rafiq.nix
-          ];
-        };
-      }
    ]
    # Options for desktops.
    (lib.optionals (type == "desktop") [
@ -50,6 +39,10 @@
  ];

  boot = {
+    loader = {
+      timeout = 5;
+      efi.canTouchEfiVariables = true;
+    };
    kernelPackages = pkgs.linuxPackages_latest;
    initrd.availableKernelModules = [
      "nvme"
@ -60,36 +53,14 @@
      "sd_mod"
    ];
  };
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    extraSpecialArgs = specialArgs;
+    users.${username}.imports = [ ../users/rafiq.nix ];
+  };

  system.stateVersion = "24.11";
-  networking = {
-    hostName = hostname;
-    useDHCP = lib.mkDefault true;
-    networkmanager.enable = true;
-    networkmanager.wifi.backend = "iwd";
-
-    # Configures a simple stateful firewall.
-    # By default, it doesn't allow any incoming connections.
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [
-        22 # SSH
-      ];
-      allowedUDPPorts = [ ];
-    };
-
-    interfaces.enp12s0.wakeOnLan.policy = [
-      "phy"
-      "unicast"
-      "multicast"
-      "broadcast"
-      "arp"
-      "magic"
-      "secureon"
-    ];
-    interfaces.enp12s0.wakeOnLan.enable = true;
-
-  };

  users.mutableUsers = false; # Always reset users on system activation
  users.users.${username} = {
@ -137,8 +108,6 @@

  i18n.defaultLocale = "en_SG.UTF-8";

-  services.openssh.enable = true;
-
  sops = {
    defaultSopsFile = ../secrets/secrets.yaml;
    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
--- a/systems/modules/bootloaders/systemd-boot.nix
+++ b/systems/modules/bootloaders/systemd-boot.nix
@ -1,8 +1,6 @@
 {
  boot.loader = {
-    timeout = 5;
    systemd-boot.enable = true;
    systemd-boot.configurationLimit = 5;
-    efi.canTouchEfiVariables = true;
  };
 }
--- a/systems/modules/hardware/networking.nix
+++ b/systems/modules/hardware/networking.nix
@ -0,0 +1,32 @@
+{ hostname, lib, ... }:
+{
+  networking = {
+    hostName = hostname;
+    useDHCP = lib.mkDefault true;
+    networkmanager.enable = true;
+    networkmanager.wifi.backend = "iwd";
+
+    # Configures a simple stateful firewall.
+    # By default, it doesn't allow any incoming connections.
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22 # SSH
+      ];
+      allowedUDPPorts = [ ];
+    };
+
+    interfaces.enp12s0.wakeOnLan.policy = [
+      "phy"
+      "unicast"
+      "multicast"
+      "broadcast"
+      "arp"
+      "magic"
+      "secureon"
+    ];
+    interfaces.enp12s0.wakeOnLan.enable = true;
+  };
+  services.openssh.enable = true;
+  services.tailscale.enable = true;
+}
--- a/systems/modules/programs/tailscale.nix
+++ b/systems/modules/programs/tailscale.nix
@ -1,3 +0,0 @@
-{
-  services.tailscale.enable = true;
-}