os/modules/core/networking.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

40 lines
1 KiB
Nix
Raw Permalink Normal View History

2021-05-30 19:10:28 +00:00
{
2024-01-06 09:46:10 +00:00
flake,
2022-11-22 11:30:54 +00:00
config,
pkgs,
lib,
...
2024-01-06 09:46:10 +00:00
}: {
# disable NetworkManager and systemd-networkd -wait-online by default
systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false;
systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;
2024-01-06 09:46:10 +00:00
networking.networkmanager = {
# Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff.
enable = lib.mkDefault true;
# not as stable as wpa_supplicant yet, also more trouble with 5 GHz networks
#wifi.backend = "iwd";
2021-05-30 19:10:28 +00:00
};
2024-01-06 09:46:10 +00:00
networking.firewall.enable = true;
2021-05-30 19:10:28 +00:00
2024-01-06 09:46:10 +00:00
# For rage encryption, all hosts need a ssh key pair
services.openssh = {
enable = true;
allowSFTP = lib.mkDefault false;
2024-01-06 09:46:10 +00:00
openFirewall = lib.mkDefault false;
2021-05-30 19:10:28 +00:00
2024-01-06 09:46:10 +00:00
settings.PasswordAuthentication = lib.mkDefault false;
settings.KbdInteractiveAuthentication = false;
2021-05-30 19:10:28 +00:00
2024-01-06 09:46:10 +00:00
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
2021-05-30 19:10:28 +00:00
};
}