geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: Move network configurations to machine directories

Browse source 
- Move network-congenital-optimist.nix to machines/congenital-optimist/
- Move network-sleeper-service.nix to machines/sleeper-service/
- Update import paths in machine configurations
- Clean up modules/network/common.nix to remove SSH duplication
- Consolidate SSH configuration in modules/security/ssh-keys.nix
- Remove machine-specific networking from shared common module

This improves dependency tracking by co-locating machine-specific
network configurations with their respective machines.
This commit is contained in:
Geir Okkenhaug Jerstad 2025-06-06 18:08:45 +02:00
parent fff47629f2
commit e976b14d19
6 changed files with 12 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/network/common.nix
View file

@ -1,5 +1,5 @@
# Common Network Configuration
# Shared networking settings across all machines
# Minimal shared networking settings across all machines
{ config, pkgs, ... }:
{
@ -8,11 +8,10 @@
# Enable nftables by default for all machines
nftables.enable = true;
# Common firewall settings
# Basic firewall settings (SSH handled by security/ssh-keys.nix)
firewall = {
enable = true;
# SSH is allowed by default on all machines
allowedTCPPorts = [ 22 ];
# SSH port is configured in modules/security/ssh-keys.nix
};
};
@ -21,13 +20,6 @@
# Tailscale VPN for secure remote access
tailscale.enable = true;
# SSH access with secure defaults
openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
# Note: SSH configuration is handled by modules/security/ssh-keys.nix
};
}

21
modules/network/network-congenital-optimist.nix
View file

@ -1,21 +0,0 @@
# Networking Configuration - congenital-optimist
# AMD Threadripper workstation network setup
{ config, pkgs, ... }:
{
imports = [
./common.nix
];
# Machine-specific network configuration
networking = {
hostName = "congenital-optimist";
hostId = "8425e349";
networkmanager.enable = true;
# Additional firewall ports for workstation services
firewall.allowedTCPPorts = [
];
};
}

61
modules/network/network-sleeper-service.nix
View file

@ -1,61 +0,0 @@
# Networking Configuration - sleeper-service
# Xeon file server network setup with systemd-networkd and static IPs
{ config, pkgs, ... }:
{
imports = [
./common.nix
];
# Machine-specific network configuration
networking = {
hostName = "sleeper-service";
hostId = "8425e349"; # Unique identifier for the machine - DO NOT CHANGE!!
# # Enable systemd-networkd for static networking
# useNetworkd = false;
# useDHCP = true;
# Disable NetworkManager in favor of systemd-networkd
networkmanager.enable = true;
# DNS configuration - use Pi-hole server
nameservers = [ "10.0.0.14" "8.8.8.8" ]; # Pi-hole server, Google DNS fallback
# Configure static IP for the main ethernet interface
# interfaces.enp0s25 = {
# useDHCP = false;
# ipv4.addresses = [
# {
# address = "10.0.0.8"; # Static IP for sleeper-service (existing files.home machine)
# prefixLength = 24;
# }
# ];
# };
# Network gateway and DNS (based on nmap discovery)
# defaultGateway = {
# address = "10.0.0.138"; # Discovered router at lan.home
# interface = "enp0s25"; # Main ethernet interface
# };
# nameservers = [ "10.0.0.14" "10.0.0.138" "8.8.8.8" ]; # Pi-hole, router, Google DNS fallback
# Additional firewall ports for file server services
firewall.allowedTCPPorts = [
22 # SSH
111 # NFS portmapper
2049 # NFS
445 # SMB/CIFS
139 # NetBIOS Session Service
# Add additional ports here as needed
];
firewall.allowedUDPPorts = [
22 # SSH
111 # NFS portmapper
2049 # NFS
137 # NetBIOS Name Service
138 # NetBIOS Datagram Service
];
};
}

3
modules/security/ssh-keys.nix
View file

@ -3,6 +3,9 @@
{ config, pkgs, lib, ... }:
{
# Firewall configuration for SSH
networking.firewall.allowedTCPPorts = [ 22 ];
# Global SSH daemon configuration
services.openssh = {
enable = true;