Move vim packages to pkgs

Add system config

Split up modules into home and system sets

Update

Cleanup

Move home config

Add module attrs

Fix empty LUKS device UUID

Import local secrets
This commit is contained in:
Tim Schubert 2020-12-25 17:38:07 +01:00
parent 4724f264dd
commit e1c562191b
No known key found for this signature in database
GPG key ID: 99658A3EB5CD7C13
67 changed files with 1055 additions and 202 deletions

86
modules/networking.nix Normal file
View file

@ -0,0 +1,86 @@
{ config, pkgs, lib, ...}:
with lib;
let
cfg = config.dadada.networking;
in {
options.dadada.networking = {
useLocalResolver = mkEnableOption "Enable local caching name server";
domain = mkOption {
type = with types; nullOr str;
description = "Network domain name";
default = null;
};
wanInterfaces = mkOption {
type = with types; listOf str;
description = "WAN network interfaces";
default = [];
};
vpnExtension = mkOption {
type = with types; nullOr str;
description = "Last part of VPN address";
default = null;
};
enableBsShare = mkEnableOption "Enable network share at BS location";
};
config = {
networking.domain = cfg.domain;
networking.resolvconf.useLocalResolver = mkIf cfg.useLocalResolver true;
services.unbound = mkIf cfg.useLocalResolver {
enable = true;
allowedAccess = [
"127.0.0.1/8"
"::1"
];
extraConfig = ''
tls-upstream: yes
tls-cert-bundle: "/etc/ssl/certs/ca-bundle.crt"
forward-zone:
name: .
forward-tls-upstream: yes
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
'';
};
networking.useDHCP = false;
networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i: nameValuePair i {
useDHCP = true;
}));
networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) {
bs = {
ips = [ "fd42:dead:beef:1337::${cfg.vpnExtension}/64" ];
listenPort = 51234;
privateKeyFile = "/var/lib/wireguard/privkey";
peers = [
{
publicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
allowedIPs = [ "fd42:dead:beef::/48" ];
endpoint = "bs.vpn.dadada.li:51234";
persistentKeepalive = 25;
}
];
};
};
fileSystems."/mnt/media.dadada.li" = mkIf cfg.enableBsShare {
device = "media.dadada.li:/mnt/storage/share";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
};
networking.firewall = {
enable = true;
allowedUDPPorts = [
51234 # Wireguard
5353 # mDNS
];
};
};
}