2940b85b60
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
- Move networking configs to modules/network/ directory - Create network-<machine-name>.nix files for each machine - Add common.nix for shared networking configuration - Update import paths in machine configurations - Reduce duplication by using common networking settings Network modules: - modules/network/common.nix: Shared settings (nftables, SSH, tailscale) - modules/network/network-congenital-optimist.nix: Workstation specific - modules/network/network-sleeper-service.nix: File server specific
33 lines
No EOL
729 B
Nix
33 lines
No EOL
729 B
Nix
# Common Network Configuration
|
|
# Shared networking settings across all machines
|
|
{ config, pkgs, ... }:
|
|
|
|
{
|
|
# Common networking settings
|
|
networking = {
|
|
# Enable nftables by default for all machines
|
|
nftables.enable = true;
|
|
|
|
# Common firewall settings
|
|
firewall = {
|
|
enable = true;
|
|
# SSH is allowed by default on all machines
|
|
allowedTCPPorts = [ 22 ];
|
|
};
|
|
};
|
|
|
|
# Common services available on all machines
|
|
services = {
|
|
# Tailscale VPN for secure remote access
|
|
tailscale.enable = true;
|
|
|
|
# SSH access with secure defaults
|
|
openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
};
|
|
} |