updated readme

machines/congenital-optimist/networking.nix

@@ -0,0 +1,33 @@
+# Networking Configuration - congenital-optimist
+# AMD Threadripper workstation network setup
+{ config, pkgs, ... }:
+
+{
+  # Network configuration
+  networking = {
+    hostName = "congenital-optimist";
+    hostId = "8425e349";
+    networkmanager.enable = true;
+    nftables.enable = true;
+    
+    # Firewall configuration for workstation
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 
+        22    # SSH
+        9091  # Transmission RPC
+      ];
+      allowedUDPPorts = [ 22 ];
+    };
+  };
+
+  # VPN and remote access
+  services.tailscale.enable = true;
+  services.openssh.enable = true;
+
+  # ZFS services for this machine
+  services.zfs = {
+    autoScrub.enable = true;
+    trim.enable = true;
+  };
+}

machines/sleeper-service/networking.nix

@@ -0,0 +1,34 @@
+# Networking Configuration - sleeper-service
+# Xeon file server network setup  
+{ config, pkgs, ... }:
+
+{
+  # Network configuration
+  networking = {
+    hostName = "sleeper-service";
+    networkmanager.enable = true;
+    nftables.enable = true;
+    
+    # Firewall configuration for file server
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 
+        22    # SSH
+        # Add other ports as needed for file sharing services
+      ];
+      allowedUDPPorts = [ ];
+    };
+  };
+
+  # VPN and remote access
+  services.tailscale.enable = true;
+  
+  # SSH configuration for headless server
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
+  };
+}

modules/network/README.md

@@ -0,0 +1,51 @@
+# Network Configuration Modules
+
+This directory contains networking configurations for all machines in the Home Lab.
+
+## Structure
+
+- **`common.nix`** - Shared networking settings used by all machines
+  - nftables firewall enabled
+  - SSH access with secure defaults
+  - Tailscale VPN for remote access
+  - Basic firewall rules (SSH port 22)
+
+- **`network-<machine-name>.nix`** - Machine-specific networking configurations
+  - Import `common.nix` for shared settings
+  - Override or extend with machine-specific requirements
+  - Define hostname, hostId, and additional firewall ports
+
+## Current Machines
+
+### network-congenital-optimist.nix
+- AMD Threadripper workstation
+- ZFS configuration (hostId: 8425e349)
+- Additional ports: 9091 (Transmission RPC)
+
+### network-sleeper-service.nix  
+- Xeon file server
+- Headless server configuration
+- Ready for additional file sharing service ports
+
+## Usage
+
+Each machine configuration imports its specific network module:
+
+```nix
+# In machines/<machine-name>/configuration.nix
+imports = [
+  ../../modules/network/network-<machine-name>.nix
+  # ... other imports
+];
+```
+
+## Adding New Machines
+
+1. Create `network-<new-machine>.nix` in this directory
+2. Import `./common.nix` for shared settings
+3. Add machine-specific configuration (hostname, hostId, ports)
+4. Import the new file in the machine's `configuration.nix`
+
+## Future Refactoring
+
+The `common.nix` file can be extended to include more shared networking patterns as they emerge across machines. Consider moving repeated patterns here to reduce duplication.