6 files changed, 87 insertions, 62 deletions

diff --git a/config/networking/default.nix b/config/networking/default.nix
index 330ba3b..aa6a829 100644
--- a/config/networking/default.nix
+++ b/config/networking/default.nix
@@ -3,24 +3,24 @@
 { config, lib, pkgs, secrets, ... }:
 
 let
-  ifaces = config.personal.networking.interfaces;
-  publicSubnet = "192.168.1";
-  privateSubnet = "192.168.2";
+  cfg = config.personal.networking;
 in {
-  imports = [ ./hostapd.nix ];
+  imports = [ ./nat.nix ./services ];
 
   options.personal.networking = {
-    interfaces = let
-      makeInterfaceOption = type:
-        lib.mkOption {
-          type = lib.types.str;
-          description = "Network device for the ${type} interface.";
-          example = "enp4s0";
-        };
-    in {
-      eth = makeInterfaceOption "ethernet";
-      wlp2ghz = makeInterfaceOption "2 GHz WiFi";
-      wlp5ghz = makeInterfaceOption "5 GHz WiFi";
+    interfaces = lib.mkOption {
+      type = with lib.types; attrsOf str;
+      description = "Reusable names for network devices.";
+      example = {
+        eth = "enp4s0";
+      };
+    };
+    subnets = lib.mkOption {
+      type = with lib.types; attrsOf str;
+      description = "Reusable names for subnets.";
+      example = {
+        private = "192.168.1";
+      };
     };
   };
 
@@ -33,6 +33,10 @@ in {
         wlp2ghz = "wlp5s0";
         wlp5ghz = "wlp1s0";
       };
+      subnets = {
+        public = "192.168.1";
+        private = "192.168.2";
+      };
     };
 
     networking = {
@@ -40,66 +44,25 @@ in {
       domain = "local";
 
       defaultGateway = {
-        address = "${publicSubnet}.1";
-        interface = ifaces.eth;
+        address = "${cfg.subnets.public}.1";
+        interface = cfg.interfaces.eth;
       };
 
       dhcpcd.enable = false;
       interfaces = {
-        "${ifaces.eth}" = {
+        "${cfg.interfaces.eth}" = {
           ipv4.addresses = [{
-            address = "${publicSubnet}.2";
+            address = "${cfg.subnets.public}.2";
             prefixLength = 24;
           }];
         };
-        "${ifaces.wlp5ghz}" = {
+        "${cfg.interfaces.wlp5ghz}" = {
           ipv4.addresses = [{
-            address = "${privateSubnet}.1";
+            address = "${cfg.subnets.private}.1";
             prefixLength = 24;
           }];
         };
       };
-
-      nat = {
-        enable = true;
-        externalInterface = ifaces.eth;
-        internalInterfaces = [
-          # ifaces.wlp2ghz
-          ifaces.wlp5ghz
-        ];
-      };
-
-      firewall.interfaces."${ifaces.wlp5ghz}" = {
-        allowedTCPPorts = [ 53 ];
-        allowedUDPPorts = [ 53 ];
-      };
-    };
-
-    services.dhcpd4 = {
-      enable = true;
-      extraConfig = ''
-        option subnet-mask 255.255.255.0;
-        option routers ${privateSubnet}.1;
-        option domain-name-servers ${privateSubnet}.1, 9.9.9.9;
-        subnet ${privateSubnet}.0 netmask 255.255.255.0 {
-            range ${privateSubnet}.10 ${privateSubnet}.99;
-        }
-      '';
-      interfaces = [ ifaces.wlp5ghz ];
-    };
-
-    services.unbound = {
-      enable = true;
-      settings = {
-        server = {
-          interface = [ "127.0.0.1" "${privateSubnet}.1" ];
-          access-control = [
-            "0.0.0.0/0 refuse"
-            "127.0.0.0/8 allow"
-            "${privateSubnet}.0/24 allow"
-          ];
-        };
-      };
     };
   };
 }
diff --git a/config/networking/nat.nix b/config/networking/nat.nix
new file mode 100644
index 0000000..33e8ca7
--- /dev/null
+++ b/config/networking/nat.nix
@@ -0,0 +1,21 @@
+{ config, ... }:
+
+let cfg = config.personal.networking;
+in {
+  boot.kernel.sysctl = {
+    "net.ipv4.conf.all.forwarding" = true;
+  };
+
+  networking = {
+    nat = {
+        enable = true;
+        externalInterface = cfg.interfaces.eth;
+        internalInterfaces = [
+          # cfg.interfaces.wlp2ghz
+          cfg.interfaces.wlp5ghz
+        ];
+    };
+
+    firewall.enable = false;
+  };
+}
diff --git a/config/networking/hostapd.nix b/config/networking/services/ap.nix
index f5f399b..f5f399b 100644
--- a/config/networking/hostapd.nix
+++ b/config/networking/services/ap.nix
diff --git a/config/networking/services/default.nix b/config/networking/services/default.nix
new file mode 100644
index 0000000..ffc56cf
--- /dev/null
+++ b/config/networking/services/default.nix
@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  imports = [ ./dhcp.nix ./dns.nix ./ap.nix ];
+}
diff --git a/config/networking/services/dhcp.nix b/config/networking/services/dhcp.nix
new file mode 100644
index 0000000..f4b1f61
--- /dev/null
+++ b/config/networking/services/dhcp.nix
@@ -0,0 +1,18 @@
+{ config, ... }:
+
+let cfg = config.personal.networking;
+in {
+  services.dhcpd4 = {
+    enable = true;
+    extraConfig = ''
+      option subnet-mask 255.255.255.0;
+      option routers ${cfg.subnets.private}.1;
+      option domain-name-servers ${cfg.subnets.public}.1, 9.9.9.9;
+      subnet ${cfg.subnets.private}.0 netmask 255.255.255.0 {
+          range ${cfg.subnets.private}.10 ${cfg.subnets.private}.99;
+      }
+    '';
+    interfaces = [ cfg.interfaces.wlp5ghz ];
+  };
+
+}
diff --git a/config/networking/services/dns.nix b/config/networking/services/dns.nix
new file mode 100644
index 0000000..beed1e7
--- /dev/null
+++ b/config/networking/services/dns.nix
@@ -0,0 +1,18 @@
+{ config, ... }:
+
+let cfg = config.personal.networking;
+in {
+  services.unbound = {
+    enable = true;
+    settings = {
+      server = {
+        interface = [ "127.0.0.1" "${cfg.subnets.private}.1" ];
+        access-control = [
+          "0.0.0.0/0 refuse"
+          "127.0.0.0/8 allow"
+          "${cfg.subnets.private}.0/24 allow"
+        ];
+      };
+    };
+  };
+}