geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Restructure networking configuration to per-machine modules
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
Details
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
Details
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
Details

Browse source 
- Move networking configs to modules/network/ directory
- Create network-<machine-name>.nix files for each machine
- Add common.nix for shared networking configuration
- Update import paths in machine configurations
- Reduce duplication by using common networking settings

Network modules:
- modules/network/common.nix: Shared settings (nftables, SSH, tailscale)
- modules/network/network-congenital-optimist.nix: Workstation specific
- modules/network/network-sleeper-service.nix: File server specific
This commit is contained in:
Geir Okkenhaug Jerstad 2025-06-05 14:54:27 +02:00
parent a022b96189
commit 2940b85b60
7 changed files with 84 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

2
machines/congenital-optimist/configuration.nix
View file

@ -7,10 +7,10 @@
}: { }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/network/network-congenital-optimist.nix
# System modules # System modules
../../modules/system/fonts.nix ../../modules/system/fonts.nix
../../modules/system/network.nix
../../modules/system/applications.nix ../../modules/system/applications.nix
# Hardware modules # Hardware modules

16
machines/sleeper-service/configuration.nix
View file

@ -1,6 +1,7 @@
{ config, pkgs, inputs, unstable, ... }: { { config, pkgs, inputs, unstable, ... }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/network/network-sleeper-service.nix
]; ];
# Boot configuration # Boot configuration
@ -11,12 +12,6 @@
devices = [ "nodev" ]; devices = [ "nodev" ];
}; };
# Network configuration
networking.hostName = "sleeper-service";
networking.networkmanager.enable = true;
services.tailscale.enable = true;
networking.firewall.enable = true;
# Time and locale # Time and locale
time.timeZone = "Europe/Oslo"; time.timeZone = "Europe/Oslo";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@ -30,15 +25,6 @@
# Enable unfree packages # Enable unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
# SSH access (headless server)
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
# Basic system packages # Basic system packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget wget

33
modules/network/common.nix Normal file
View file

@ -0,0 +1,33 @@
# Common Network Configuration
# Shared networking settings across all machines
{ config, pkgs, ... }:
{
# Common networking settings
networking = {
# Enable nftables by default for all machines
nftables.enable = true;
# Common firewall settings
firewall = {
enable = true;
# SSH is allowed by default on all machines
allowedTCPPorts = [ 22 ];
};
};
# Common services available on all machines
services = {
# Tailscale VPN for secure remote access
tailscale.enable = true;
# SSH access with secure defaults
openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
};
}

27
modules/network/network-congenital-optimist.nix Normal file
View file

@ -0,0 +1,27 @@
# Networking Configuration - congenital-optimist
# AMD Threadripper workstation network setup
{ config, pkgs, ... }:
{
imports = [
./common.nix
];
# Machine-specific network configuration
networking = {
hostName = "congenital-optimist";
hostId = "8425e349";
networkmanager.enable = true;
# Additional firewall ports for workstation services
firewall.allowedTCPPorts = [
9091 # Transmission RPC
];
};
# ZFS services for this machine
services.zfs = {
autoScrub.enable = true;
trim.enable = true;
};
}

21
modules/network/network-sleeper-service.nix Normal file
View file

@ -0,0 +1,21 @@
# Networking Configuration - sleeper-service
# Xeon file server network setup
{ config, pkgs, ... }:
{
imports = [
./common.nix
];
# Machine-specific network configuration
networking = {
hostName = "sleeper-service";
networkmanager.enable = true;
# Additional firewall ports for file server services
# (Add specific ports as needed for file sharing services)
firewall.allowedTCPPorts = [
# Add additional ports here as needed
];
};
}

26
modules/system/network.nix
View file

@ -1,26 +0,0 @@
{ config, pkgs, ... }: {
# Network configuration
networking = {
hostName = "congenital-optimist";
hostId = "8425e349";
networkmanager.enable = true;
nftables.enable = true;
# Firewall configuration
firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
allowedUDPPorts = [ 22 ];
};
};
# VPN and remote access
services.tailscale.enable = true;
services.openssh.enable = true;
# ZFS services
services.zfs = {
autoScrub.enable = true;
trim.enable = true;
};
}

2
machines/sleeper-service/transmission.nix → modules/system/transmission.nix
View file

@ -14,7 +14,7 @@
download-dir = "/mnt/storage"; download-dir = "/mnt/storage";
#rpc-whitelist-enabled = true; #rpc-whitelist-enabled = true;
rpc-whitelist = "127.0.0.1,10.0.0.*,100.*.*.*"; rpc-whitelist = "127.0.0.1,10.0.0.*,100.*.*.*";
rpc-host-whitelist = "idea,files,nixos-work,server1"; rpc-host-whitelist = "congenital-optimist,localhost";
}; };
}; };
} }