diff options
| author | Quentin Aristote <quentin@aristote.fr> | 2023-02-17 21:22:14 +0100 |
|---|---|---|
| committer | Quentin Aristote <quentin@aristote.fr> | 2023-02-17 21:24:35 +0100 |
| commit | 1fdbb44df1c3b8c0bab9e36cee3e8167e102efc3 (patch) | |
| tree | 210b87b2addd1cc16f06f5646276215841a30622 /modules/nixos/networking.nix | |
| parent | 262ad5ace2500d97ee3015aee7655f5893801153 (diff) | |
add filtron and rss-bridge modules
Diffstat (limited to 'modules/nixos/networking.nix')
| -rw-r--r-- | modules/nixos/networking.nix | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/modules/nixos/networking.nix b/modules/nixos/networking.nix deleted file mode 100644 index 2b853de..0000000 --- a/modules/nixos/networking.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.personal.networking; - mkFirewallEnableOption = name: - lib.mkOption { - type = lib.types.bool; - default = false; - description = "Whether to open ports for ${name}."; - }; -in { - options.personal.networking = { - enable = lib.mkEnableOption "networking"; - bluetooth.enable = lib.mkEnableOption "bluetooth"; - networkmanager.enable = lib.mkEnableOption "NetworkManager"; - ssh.enable = lib.mkEnableOption "SSH server"; - firewall = { - syncthing = mkFirewallEnableOption "Syncthing"; - kdeconnect = mkFirewallEnableOption "KDE Connect"; - http = mkFirewallEnableOption "HTTP and HTTPS (incoming)"; - }; - }; - - config = lib.mkIf cfg.enable { - environment.systemPackages = - lib.optional cfg.networkmanager.enable pkgs.networkmanager; - networking = { - networkmanager = lib.mkIf cfg.networkmanager.enable { - enable = true; - unmanaged = [ "interface-name:ve-*" ]; - }; - firewall = { - enable = true; - allowedTCPPorts = lib.optional cfg.firewall.syncthing 22000 - ++ lib.optionals cfg.firewall.http [ 80 443 ]; - allowedUDPPorts = lib.optionals cfg.firewall.syncthing [ 22000 21027 ]; - allowedTCPPortRanges = lib.optional cfg.firewall.kdeconnect { - from = 1714; - to = 1764; - }; - allowedUDPPortRanges = lib.optional cfg.firewall.kdeconnect { - from = 1714; - to = 1764; - }; - }; - }; - services = lib.mkIf cfg.ssh.enable { - openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - extraConfig = '' - AcceptEnv PS1 - ''; - }; - fail2ban.enable = true; - }; - hardware.bluetooth.enable = cfg.bluetooth.enable; - }; -} |