os/modules/core/networking.nix

46 lines
1.2 KiB
Nix

{
flake,
config,
pkgs,
lib,
...
}: {
# disable NetworkManager and systemd-networkd -wait-online by default
systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false;
systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;
networking.hosts = (flake.self.lib.addLocalHostname ["caddy.local"]) // {
"128.140.109.213" = [ "vpn.b12f.io" ];
"2a01:4f8:c2c:b60::" = [ "vpn.b12f.io" ];
"2a02:908:5b1:e3c0:2::" = [ "pie-wg.b12f.io" ];
};
networking.networkmanager = {
# Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff.
enable = lib.mkDefault true;
wifi.backend = lib.mkDefault "iwd";
};
networking.firewall.enable = true;
networking.nftables.enable = true;
# For rage encryption, all hosts need a ssh key pair
services.openssh = {
enable = true;
allowSFTP = lib.mkDefault false;
openFirewall = lib.mkDefault false;
settings.PasswordAuthentication = lib.mkDefault false;
settings.KbdInteractiveAuthentication = false;
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
}