ooks/ooknet
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(treewide): enable modules based on host.type

Browse source
This commit is contained in:
ooks-io 2024-04-29 22:50:12 +12:00
parent 779603c4cc
commit 25e02c034c
10 changed files with 39 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

8
system/modules/networking/default.nix
View file

@ -1,8 +1,8 @@
{ lib, config, ... }:
let
cfg = config.systemModules.networking;
inherit (lib) mkIf mkEnableOption;
inherit (lib) mkIf;
host = config.systemModules.host;
in
{
@ -15,9 +15,7 @@ in
./tailscale
];
options.systemModule.networking.enable = mkEnableOption "Enable networking system module";
config = mkIf cfg.enable {
config = mkIf (host.type != "phone") {
networking.networkmanager = {
enable = true;
dns = "systemd-resolved";

7
system/modules/networking/firewall/default.nix
View file

@ -1,13 +1,12 @@
{ lib, config, ... }:
let
cfg = config.systemModules.networking;
inherit (lib) mkIf mkEnableOption;
inherit (lib) mkIf;
host = config.systemModules.host;
in
{
options.systemModules.networking.firewall = mkEnableOption "Enable networking firewall system modules";
config = mkIf cfg.firewall {
config = mkIf (host.type != "phone") {
networking.firewall = {
enable = true;
allowedTCPPorts = [

8
system/modules/networking/resolved/default.nix
View file

@ -1,14 +1,12 @@
{ lib, config, ... }:
let
cfg = config.systemModules.networking;
inherit (lib) mkIf mkEnableOption;
inherit (lib) mkIf;
host = config.systemModules.host;
in
{
options.systemModules.networking.resolved = mkEnableOption "Enable systemd resolved daemon";
config = mkIf cfg.resolved {
config = mkIf (host.type != "phone") {
services.resolved = {
enable = true;
fallbackDns = ["9.9.9.9"];

10
system/modules/networking/ssh/default.nix
View file

@ -1,20 +1,16 @@
{ lib, config, ... }:
let
cfg = config.systemModules.networking;
inherit (lib) mkIf mkDefault;
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBn3ff3HaZHIyH4K13k8Mwqu/o7jIABJ8rANK+r2PfJk";
phoneKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINredx07UAk2l1wUPujYnmJci1+XEmcUuSX0DIYg6Vzz";
inherit (lib) mkIf mkDefault mkEnableOption;
host = config.systemModules.host;
in
{
options.systemModules.networking.ssh = mkEnableOption "Enable ssh networking module";
config = mkIf cfg.ssh {
config = mkIf (host.type != "phone") {
environment.sessionVariables.SSH_AUTH_SOCK = "~/.1password/agent.sock";
users.users.ooks.openssh.authorizedKeys.keys = [ key ];
services.openssh = {
enable = true;
settings = {

9
system/modules/networking/tcp/default.nix
View file

@ -1,14 +1,13 @@
{ lib, config, ... }:
let
cfg = config.systemModules.networking;
inherit (lib) mkIf mkEnableOption;
inherit (lib) mkIf;
host = config.systemModules.type;
in
{
options.systemModules.networking.hardenTcp = mkEnableOption "Harden TCP";
config = mkIf cfg.hardenTcp {
# nyx module
config = mkIf (host.type != "phone") {
boot = {
kernelModules = ["tls" "tcp_bbr"];
kernel.sysctl = {

21
system/modules/networking/tools/default.nix
View file

@ -1,18 +1,9 @@
{ lib, config, pkgs, ... }:
let
cfg = config.systemModules.networking;
inherit (lib) mkIf mkEnableOption;
in
{ pkgs, ... }:
{
options.systemModules.networking.tools = mkEnableOption "Enable networking tools";
config = mkIf cfg.tools {
environment.systemPackages = with pkgs; [
traceroute
mtr
tcpdump
];
};
environment.systemPackages = with pkgs; [
traceroute
mtr
tcpdump
];
}