networking: modularize

1 files changed, 25 insertions, 62 deletions

diff --git a/config/networking/default.nix b/config/networking/default.nix
index 330ba3b..aa6a829 100644
--- a/config/networking/default.nix
+++ b/config/networking/default.nix
@@ -3,24 +3,24 @@
 { config, lib, pkgs, secrets, ... }:
 
 let
-  ifaces = config.personal.networking.interfaces;
-  publicSubnet = "192.168.1";
-  privateSubnet = "192.168.2";
+  cfg = config.personal.networking;
 in {
-  imports = [ ./hostapd.nix ];
+  imports = [ ./nat.nix ./services ];
 
   options.personal.networking = {
-    interfaces = let
-      makeInterfaceOption = type:
-        lib.mkOption {
-          type = lib.types.str;
-          description = "Network device for the ${type} interface.";
-          example = "enp4s0";
-        };
-    in {
-      eth = makeInterfaceOption "ethernet";
-      wlp2ghz = makeInterfaceOption "2 GHz WiFi";
-      wlp5ghz = makeInterfaceOption "5 GHz WiFi";
+    interfaces = lib.mkOption {
+      type = with lib.types; attrsOf str;
+      description = "Reusable names for network devices.";
+      example = {
+        eth = "enp4s0";
+      };
+    };
+    subnets = lib.mkOption {
+      type = with lib.types; attrsOf str;
+      description = "Reusable names for subnets.";
+      example = {
+        private = "192.168.1";
+      };
     };
   };
 
@@ -33,6 +33,10 @@ in {
         wlp2ghz = "wlp5s0";
         wlp5ghz = "wlp1s0";
       };
+      subnets = {
+        public = "192.168.1";
+        private = "192.168.2";
+      };
     };
 
     networking = {
@@ -40,66 +44,25 @@ in {
       domain = "local";
 
       defaultGateway = {
-        address = "${publicSubnet}.1";
-        interface = ifaces.eth;
+        address = "${cfg.subnets.public}.1";
+        interface = cfg.interfaces.eth;
       };
 
       dhcpcd.enable = false;
       interfaces = {
-        "${ifaces.eth}" = {
+        "${cfg.interfaces.eth}" = {
           ipv4.addresses = [{
-            address = "${publicSubnet}.2";
+            address = "${cfg.subnets.public}.2";
             prefixLength = 24;
           }];
         };
-        "${ifaces.wlp5ghz}" = {
+        "${cfg.interfaces.wlp5ghz}" = {
           ipv4.addresses = [{
-            address = "${privateSubnet}.1";
+            address = "${cfg.subnets.private}.1";
             prefixLength = 24;
           }];
         };
       };
-
-      nat = {
-        enable = true;
-        externalInterface = ifaces.eth;
-        internalInterfaces = [
-          # ifaces.wlp2ghz
-          ifaces.wlp5ghz
-        ];
-      };
-
-      firewall.interfaces."${ifaces.wlp5ghz}" = {
-        allowedTCPPorts = [ 53 ];
-        allowedUDPPorts = [ 53 ];
-      };
-    };
-
-    services.dhcpd4 = {
-      enable = true;
-      extraConfig = ''
-        option subnet-mask 255.255.255.0;
-        option routers ${privateSubnet}.1;
-        option domain-name-servers ${privateSubnet}.1, 9.9.9.9;
-        subnet ${privateSubnet}.0 netmask 255.255.255.0 {
-            range ${privateSubnet}.10 ${privateSubnet}.99;
-        }
-      '';
-      interfaces = [ ifaces.wlp5ghz ];
-    };
-
-    services.unbound = {
-      enable = true;
-      settings = {
-        server = {
-          interface = [ "127.0.0.1" "${privateSubnet}.1" ];
-          access-control = [
-            "0.0.0.0/0 refuse"
-            "127.0.0.0/8 allow"
-            "${privateSubnet}.0/24 allow"
-          ];
-        };
-      };
     };
   };
 }