networking.nix at 61ba8a8c85365ac8effbb1690d9eddbce9d11d3b

ngp.computer / nixos

fork

Configuration for my NixOS based systems and Home Manager

fork

nixos / networking.nix

at 61ba8a8c85365ac8effbb1690d9eddbce9d11d3b 109 lines 2.4 kB view raw

wrap content

Noah Pederson Lots of small changes 1y ago

ac99cde0

  1{ config, ... }:
  2{
  3  # networking.hostName = "nixos"; # Define your hostname.
  4  # Pick only one of the below networking options.
  5  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  6  # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
  7  networking.hostName = "misaki";
  8  # I like systemd-networkd
  9  systemd.network.enable = true;
 10  systemd.network.networks."50-wlp2s0" = {
 11    matchConfig.name = "wlp2s0";
 12    networkConfig.DHCP = "yes";
 13    linkConfig.RequiredForOnline = "no";
 14  };
 15
 16  networking.tempAddresses = "disabled";
 17
 18  networking.interfaces = {
 19    enp4s0f1 = {
 20      ipv4.addresses = [{
 21        address = "192.168.1.3";
 22        prefixLength = 24;
 23      }];
 24    };
 25  };
 26  networking.defaultGateway = {
 27    address = "192.168.1.1";
 28    interface = "enp4s0f1";
 29  };
 30
 31  networking.defaultGateway6 = {
 32    address = "fe80::2870:4eff:fe84:d884";
 33    interface = "enp4s0f1";
 34  };
 35
 36  networking.nameservers = [
 37    "192.168.1.3"
 38    "45.90.28.93"
 39    "45.90.30.93"
 40  ];
 41
 42  # This is necessary for ZFS
 43  networking.hostId = "5beebabe";
 44
 45  networking.useNetworkd = true;
 46  # TODO: static IP @ 192.168.1.2
 47
 48  # Configure network proxy if necessary
 49  # networking.proxy.default = "http://user:password@proxy:port/";
 50  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
 51  # Open ports in the firewall.
 52  # networking.firewall.allowedTCPPorts = [ ... ];
 53  # networking.firewall.allowedUDPPorts = [ ... ];
 54  # Or disable the firewall altogether.
 55  # TODO: allow some ports
 56  networking.firewall = {
 57    enable = true;
 58    allowPing = true;
 59    trustedInterfaces = [
 60      "tailscale0"
 61    ];
 62    allowedUDPPorts = [
 63      # DNS
 64      53
 65      config.services.tailscale.port
 66    ];
 67    allowedTCPPorts = [
 68      # DNS over TCP
 69      53
 70      # NFSv4
 71      2049
 72      # HTTP(s)
 73      443
 74      80
 75      # iperf3
 76      5201
 77      5301
 78      5401
 79      # NATS
 80      4222
 81      # Prometheus
 82      9001
 83      # Minio
 84      9003
 85      # Minio web
 86      9004
 87      # AFP via Netatalk
 88      548
 89      #9p
 90      564
 91    ];
 92  };
 93
 94  services.avahi = {
 95    enable = true;
 96    nssmdns4 = true;
 97    nssmdns6 = true;
 98    ipv6 = true;
 99    openFirewall = true;
100    publish = {
101      enable = true;
102      addresses = true;
103      workstation = true;
104      userServices = true;
105      domain = true;
106    };
107  };
108
109}

Configure Feed

Configure Feed