Fix some bugs from new systemd-networkd module
This commit is contained in:
@ -12,13 +12,54 @@
|
|||||||
}:
|
}:
|
||||||
with mylib.networking; {
|
with mylib.networking; {
|
||||||
imports = [
|
imports = [
|
||||||
|
# Import my system modules
|
||||||
|
./modules
|
||||||
|
|
||||||
# Import the host-specific system config
|
# Import the host-specific system config
|
||||||
../modules
|
|
||||||
./${hostname}
|
./${hostname}
|
||||||
|
|
||||||
./cachix.nix
|
./cachix.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
modules = {
|
||||||
|
systemd-networkd = {
|
||||||
|
enable = true;
|
||||||
|
hostname = hostname;
|
||||||
|
|
||||||
|
networks = {
|
||||||
|
# Default wildcard ethernet network for all hosts
|
||||||
|
"50-ether" = mkSystemdNetwork "enp*";
|
||||||
|
};
|
||||||
|
|
||||||
|
wireguard-tunnels = {
|
||||||
|
wg0-de-115 = (mkWireguardService
|
||||||
|
"wg0-de-115"
|
||||||
|
"proton-de-115.key"
|
||||||
|
"9+CorlxrTsQR7qjIOVKsEkk8Z7UUS5WT3R1ccF7a0ic="
|
||||||
|
"194.126.177.14"
|
||||||
|
);
|
||||||
|
|
||||||
|
wg0-lu-16 = (mkWireguardService
|
||||||
|
"wg0-lu-16"
|
||||||
|
"proton-lu-16.key"
|
||||||
|
"asu9KtQoZ3iKwELsDTgjPEiFNcD1XtgGgy3O4CZFg2w="
|
||||||
|
"92.223.89.133"
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
|
allowedTCPPorts = [
|
||||||
|
22 # SSH
|
||||||
|
80 # HTTP
|
||||||
|
443 # HTTPS
|
||||||
|
];
|
||||||
|
allowedUDPPorts = [
|
||||||
|
9918 # Wireguard
|
||||||
|
18000 # Anno 1800
|
||||||
|
24727 # AusweisApp2
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Enable flakes
|
# Enable flakes
|
||||||
nix = {
|
nix = {
|
||||||
package = pkgs.nixVersions.stable;
|
package = pkgs.nixVersions.stable;
|
||||||
@ -142,43 +183,6 @@ with mylib.networking; {
|
|||||||
# https://github.com/NixOS/nixpkgs/issues/179486
|
# https://github.com/NixOS/nixpkgs/issues/179486
|
||||||
i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8"];
|
i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8"];
|
||||||
|
|
||||||
systemd-networkd = {
|
|
||||||
enable = true;
|
|
||||||
hostname = hostname;
|
|
||||||
|
|
||||||
networks = {
|
|
||||||
# Default wildcard ethernet network for all hosts
|
|
||||||
"50-ether" = mkSystemdNetwork "enp*";
|
|
||||||
};
|
|
||||||
|
|
||||||
wireguard-tunnels = {
|
|
||||||
wg0-de-115 = (mkWireguardService
|
|
||||||
"wg0-de-115"
|
|
||||||
"proton-de-115.key"
|
|
||||||
"9+CorlxrTsQR7qjIOVKsEkk8Z7UUS5WT3R1ccF7a0ic="
|
|
||||||
"194.126.177.14"
|
|
||||||
);
|
|
||||||
|
|
||||||
wg0-lu-16 = (mkWireguardService
|
|
||||||
"wg0-lu-16"
|
|
||||||
"proton-lu-16.key"
|
|
||||||
"asu9KtQoZ3iKwELsDTgjPEiFNcD1XtgGgy3O4CZFg2w="
|
|
||||||
"92.223.89.133"
|
|
||||||
);
|
|
||||||
};
|
|
||||||
|
|
||||||
allowedTCPPorts = [
|
|
||||||
22 # SSH
|
|
||||||
80 # HTTP
|
|
||||||
443 # HTTPS
|
|
||||||
];
|
|
||||||
allowedUDPPorts = [
|
|
||||||
9918 # Wireguard
|
|
||||||
18000 # Anno 1800
|
|
||||||
24727 # AusweisApp2
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
# Enable the X11 windowing system.
|
||||||
services.xserver = {
|
services.xserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|||||||
@ -9,10 +9,9 @@
|
|||||||
with lib;
|
with lib;
|
||||||
with mylib.networking;
|
with mylib.networking;
|
||||||
with mylib.modules; let
|
with mylib.modules; let
|
||||||
cfg = config.modules.network;
|
cfg = config.modules.systemd-networkd;
|
||||||
|
|
||||||
in {
|
in {
|
||||||
options.modules.network = import ./options.nix {inherit lib mylib;};
|
options.modules.systemd-networkd = import ./options.nix {inherit lib mylib;};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
services.resolved.enable = true;
|
services.resolved.enable = true;
|
||||||
@ -57,19 +56,9 @@ in {
|
|||||||
];
|
];
|
||||||
|
|
||||||
allowedTCPPorts = cfg.allowedTCPPorts;
|
allowedTCPPorts = cfg.allowedTCPPorts;
|
||||||
# allowedTCPPorts = [
|
|
||||||
# 22 # SSH
|
|
||||||
# 80 # HTTP
|
|
||||||
# 443 # HTTPS
|
|
||||||
# ];
|
|
||||||
# allowedTCPPortRanges = [];
|
# allowedTCPPortRanges = [];
|
||||||
|
|
||||||
allowedUDPPorts = cfg.allowedUDPPorts;
|
allowedUDPPorts = cfg.allowedUDPPorts;
|
||||||
# allowedUDPPorts = [
|
|
||||||
# 9918 # Wireguard
|
|
||||||
# 18000 # Anno 1800
|
|
||||||
# 24727 # AusweisApp2, alternative: programs.ausweisapp.openFirewall
|
|
||||||
# ];
|
|
||||||
# allowedUDPPortRanges = [];
|
# allowedUDPPortRanges = [];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@ -16,7 +16,7 @@ with mylib.modules; {
|
|||||||
};
|
};
|
||||||
|
|
||||||
networks = mkOption {
|
networks = mkOption {
|
||||||
type = types.attrSet;
|
type = types.attrs;
|
||||||
default = {};
|
default = {};
|
||||||
description = "Systemd-Networkd Networks";
|
description = "Systemd-Networkd Networks";
|
||||||
example = ''
|
example = ''
|
||||||
@ -29,7 +29,7 @@ with mylib.modules; {
|
|||||||
};
|
};
|
||||||
|
|
||||||
wireguard-tunnels = mkOption {
|
wireguard-tunnels = mkOption {
|
||||||
type = types.attrSet;
|
type = types.attrs;
|
||||||
default = {};
|
default = {};
|
||||||
description = "Wireguard VPN Tunnels";
|
description = "Wireguard VPN Tunnels";
|
||||||
example = ''
|
example = ''
|
||||||
@ -40,7 +40,7 @@ with mylib.modules; {
|
|||||||
};
|
};
|
||||||
|
|
||||||
allowedTCPPorts = mkOption {
|
allowedTCPPorts = mkOption {
|
||||||
type = types.list;
|
type = types.listOf types.int;
|
||||||
default = [];
|
default = [];
|
||||||
description = "Open TCP Ports in the Firewall";
|
description = "Open TCP Ports in the Firewall";
|
||||||
example = ''
|
example = ''
|
||||||
@ -49,7 +49,7 @@ with mylib.modules; {
|
|||||||
};
|
};
|
||||||
|
|
||||||
allowedUDPPorts = mkOption {
|
allowedUDPPorts = mkOption {
|
||||||
type = types.list;
|
type = types.listOf types.int;
|
||||||
default = [];
|
default = [];
|
||||||
description = "Open UDP Ports in the Firewall";
|
description = "Open UDP Ports in the Firewall";
|
||||||
example = ''
|
example = ''
|
||||||
|
|||||||
Reference in New Issue
Block a user