diff --git a/machines/congenital-optimist/networking.nix b/machines/congenital-optimist/networking.nix new file mode 100644 index 0000000..95c513d --- /dev/null +++ b/machines/congenital-optimist/networking.nix @@ -0,0 +1,33 @@ +# Networking Configuration - congenital-optimist +# AMD Threadripper workstation network setup +{ config, pkgs, ... }: + +{ + # Network configuration + networking = { + hostName = "congenital-optimist"; + hostId = "8425e349"; + networkmanager.enable = true; + nftables.enable = true; + + # Firewall configuration for workstation + firewall = { + enable = true; + allowedTCPPorts = [ + 22 # SSH + 9091 # Transmission RPC + ]; + allowedUDPPorts = [ 22 ]; + }; + }; + + # VPN and remote access + services.tailscale.enable = true; + services.openssh.enable = true; + + # ZFS services for this machine + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; +} diff --git a/machines/sleeper-service/networking.nix b/machines/sleeper-service/networking.nix new file mode 100644 index 0000000..a2edee7 --- /dev/null +++ b/machines/sleeper-service/networking.nix @@ -0,0 +1,34 @@ +# Networking Configuration - sleeper-service +# Xeon file server network setup +{ config, pkgs, ... }: + +{ + # Network configuration + networking = { + hostName = "sleeper-service"; + networkmanager.enable = true; + nftables.enable = true; + + # Firewall configuration for file server + firewall = { + enable = true; + allowedTCPPorts = [ + 22 # SSH + # Add other ports as needed for file sharing services + ]; + allowedUDPPorts = [ ]; + }; + }; + + # VPN and remote access + services.tailscale.enable = true; + + # SSH configuration for headless server + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; +} diff --git a/modules/network/README.md b/modules/network/README.md new file mode 100644 index 0000000..8bcd109 --- /dev/null +++ b/modules/network/README.md @@ -0,0 +1,51 @@ +# Network Configuration Modules + +This directory contains networking configurations for all machines in the Home Lab. + +## Structure + +- **`common.nix`** - Shared networking settings used by all machines + - nftables firewall enabled + - SSH access with secure defaults + - Tailscale VPN for remote access + - Basic firewall rules (SSH port 22) + +- **`network-.nix`** - Machine-specific networking configurations + - Import `common.nix` for shared settings + - Override or extend with machine-specific requirements + - Define hostname, hostId, and additional firewall ports + +## Current Machines + +### network-congenital-optimist.nix +- AMD Threadripper workstation +- ZFS configuration (hostId: 8425e349) +- Additional ports: 9091 (Transmission RPC) + +### network-sleeper-service.nix +- Xeon file server +- Headless server configuration +- Ready for additional file sharing service ports + +## Usage + +Each machine configuration imports its specific network module: + +```nix +# In machines//configuration.nix +imports = [ + ../../modules/network/network-.nix + # ... other imports +]; +``` + +## Adding New Machines + +1. Create `network-.nix` in this directory +2. Import `./common.nix` for shared settings +3. Add machine-specific configuration (hostname, hostId, ports) +4. Import the new file in the machine's `configuration.nix` + +## Future Refactoring + +The `common.nix` file can be extended to include more shared networking patterns as they emerge across machines. Consider moving repeated patterns here to reduce duplication.