System: Rename system/modules to system/systemmodules

2026-01-18 15:34:46 +01:00
parent d12b247368
commit 25ae0f4b85
27 changed files with 0 additions and 0 deletions
--- a/system/systemmodules/network/default.nix
+++ b/system/systemmodules/network/default.nix
@ -0,0 +1,120 @@
+# TODO: Setup Wireless (IWD/Networkd?)
+{
+  config,
+  lib,
+  mylib,
+  ...
+}:
+with lib;
+with mylib.networking;
+with mylib.modules; let
+  cfg = config.modules.network;
+in {
+  options.modules.network = import ./options.nix {inherit lib mylib;};
+
+  config = mkIf cfg.enable {
+    services.resolved = {
+      enable = true;
+
+      # llmnr = "false";
+      # extraConfig = ''
+      #   DNSStubListener=no
+      # '';
+
+      settings.Resolve = {
+        DNS = config.networking.nameservers;
+        DNSOverTLS = false;
+        DNSSEC = false;
+        Domains = config.networking.search;
+        LLMNR = false;
+        DNSStubListener = false;
+      };
+    };
+
+    # Use the programs.nm-applet instead
+    # environment.systemPackages = with pkgs;
+    #   builtins.concatLists [
+    #     []
+    #     (lib.optionals cfg.useNetworkManager [networkmanagerapplet]) # This is started by hyprland if enabled
+    #   ];
+
+    programs.nm-applet.enable = cfg.useNetworkManager;
+
+    # Main Networks
+    systemd.network = {
+      enable = !cfg.useNetworkManager;
+      wait-online.timeout = 10;
+
+      # Don't wait for all networks to be configured, as e.g. wg0 will only be upon manual activation
+      wait-online.anyInterface = true;
+
+      # TODO: Apparently anyInterface doesn't work?
+      # wait-online.ignoredInterfaces = [
+      #   "wg0"
+      #   "wlp7s0"
+      #   "enp5s0"
+      # ];
+
+      # networks = cfg.networks;
+      inherit (cfg) networks;
+    };
+
+    modules.polkit.allowedActions = mkIf cfg.useNetworkManager [
+      # List NM permissions by running "nmcli general permissions"
+      "org.freedesktop.NetworkManager.settings.modify.system"
+    ];
+
+    # General Networking Settings
+    networking = {
+      # Gets inherited from flake in nixos mylib and passed through the module option
+      hostName = cfg.hostname; # Define your hostname.
+      enableIPv6 = false;
+
+      # Disable a lot of stuff not needed for systemd-networkd
+      networkmanager = {
+        enable = cfg.useNetworkManager;
+        ensureProfiles.profiles = cfg.profiles;
+
+        insertNameservers = [
+          "192.168.86.26"
+          "8.8.8.8"
+        ];
+
+        wifi = {
+          backend = "iwd";
+        };
+      };
+
+      useDHCP = false; # Default: true, don't use with networkd
+      dhcpcd.enable = false; # Don't use with networkd
+      useNetworkd = false; # Only use this if the configuration can't be written in systemd.network completely. It translates some of the networking... options to systemd
+      # resolvconf.enable = true;
+
+      wireless = {
+        enable = false; # Enables wireless support via wpa_supplicant.
+        iwd.enable = true; # Use iwd instead of wpa_supplicant
+      };
+
+      # Open Ports
+      nftables.enable = true;
+      firewall = {
+        enable = true;
+        # networking.firewall.checkReversePath = "loose";
+
+        trustedInterfaces = [
+          "podman0"
+          "docker0"
+        ];
+
+        # allowedTCPPorts = cfg.allowedTCPPorts;
+        # allowedTCPPortRanges = [];
+        # allowedUDPPorts = cfg.allowedUDPPorts;
+        # allowedUDPPortRanges = [];
+        inherit (cfg) allowedTCPPorts allowedUDPPorts;
+      };
+    };
+
+    # We need this (sadly), otherwise the nfs mounts don't work
+    systemd.services.NetworkManager-wait-online.enable = true;
+  };
+}
--- a/system/systemmodules/network/options.nix
+++ b/system/systemmodules/network/options.nix
@ -0,0 +1,61 @@
+{
+  lib,
+  mylib,
+  ...
+}:
+with lib;
+with mylib.modules; {
+  enable = mkEnableOption "Systemd Network Configuration";
+
+  useNetworkManager = mkEnableOption "Use NetworkManager instead of systemd-networkd";
+
+  hostname = mkOption {
+    type = types.str;
+    description = "The System's Hostname";
+    example = ''
+      "Nixinator"
+    '';
+  };
+
+  networks = mkOption {
+    type = types.attrs;
+    default = {};
+    description = "Systemd-Networkd Networks";
+    example = ''
+      {
+        "50-ether" = {
+          [...]
+        };
+      }
+    '';
+  };
+
+  profiles = mkOption {
+    type = types.attrs;
+    default = {};
+    description = "NetworkManager Profiles";
+    example = ''
+      "50-ether" = {
+        [...]
+      };
+    '';
+  };
+
+  allowedTCPPorts = mkOption {
+    type = types.listOf types.int;
+    default = [];
+    description = "Open TCP Ports in the Firewall";
+    example = ''
+      [22 80 443]
+    '';
+  };
+
+  allowedUDPPorts = mkOption {
+    type = types.listOf types.int;
+    default = [];
+    description = "Open UDP Ports in the Firewall";
+    example = ''
+      [22 80 443]
+    '';
+  };
+}