91 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
		
		
			
		
	
	
			91 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
|  | # Network and networking modules
 | ||
|  | 
 | ||
|  | This directory houses all network, firewall, DHCP, DNS, and all other related networking enablement. | ||
|  | 
 | ||
|  | ## `core.nix`
 | ||
|  | 
 | ||
|  | This is where the firewall and NetworkManager live. For the firewall, you have pre-defined options that will open ports for you by enabling some network service. | ||
|  | 
 | ||
|  | For example: | ||
|  | 
 | ||
|  | ```nix | ||
|  | tcpPorts.web.enable = true; | ||
|  | udpPorts.dns.enable = true; | ||
|  | ``` | ||
|  | 
 | ||
|  | Here's a more featureful example of how you would enable a firewall and set up NetworkManager: | ||
|  | 
 | ||
|  | ```nix | ||
|  |   customNetworking = { | ||
|  |     firewall = { | ||
|  |       enable = true; | ||
|  | 
 | ||
|  |       # Open web service ports | ||
|  |       tcpPorts.web.enable = true; | ||
|  | 
 | ||
|  |       # Custom TCP ports | ||
|  |       tcpPorts.allowedPorts = [ 8080 22 ]; | ||
|  | 
 | ||
|  |       # Custom UDP ports | ||
|  |       udpPorts.allowedPorts = [ 5000 ]; | ||
|  |     }; | ||
|  | 
 | ||
|  |     networkManager = { | ||
|  |       enable = true; | ||
|  |       extraPlugins = with pkgs; [ | ||
|  |         # Additional NetworkManager plugins | ||
|  |         networkmanager-openvpn | ||
|  |         networkmanager-openconnect | ||
|  |       ]; | ||
|  |     }; | ||
|  |   }; | ||
|  | ``` | ||
|  | 
 | ||
|  | As shown above, you'll have to open ports for services you would want to access remotely. | ||
|  | 
 | ||
|  | ## DNS
 | ||
|  | 
 | ||
|  | There are two options here: BIND9 (or simply Bind) or Technitium DNS server. Enabling both DNS servers will throw an error and your configuration will not build. | ||
|  | 
 | ||
|  | You'll have to import `./dns.nix` for the services to be enabled. | ||
|  | 
 | ||
|  | Here's an example of what configuration might look like: | ||
|  | 
 | ||
|  | ```nix | ||
|  |   dns.bind = { | ||
|  |     enable = true; | ||
|  |     settings = { | ||
|  |       interfaces = [ "127.0.0.1" "192.168.100.100" ]; | ||
|  |       zones = [ | ||
|  |         { | ||
|  |           name = "example.com"; | ||
|  |           type = "master"; | ||
|  |           file = "/etc/named/zones/example.com.zone"; | ||
|  |         } | ||
|  |       ]; | ||
|  |       extraConfig = '' | ||
|  |         // Additional BIND configuration | ||
|  |         options { | ||
|  |           directory "/var/named"; | ||
|  |           recursion yes; | ||
|  |         } | ||
|  |       ''; | ||
|  |     } | ||
|  |   }; | ||
|  | ``` | ||
|  | 
 | ||
|  | _or_ | ||
|  | 
 | ||
|  | ```nix | ||
|  |   dns.technitium = { | ||
|  |     enable = true; | ||
|  |     settings = { | ||
|  |       address = "192.168.100.0"; | ||
|  |       port = 5380; | ||
|  |       extraOptions = { | ||
|  |         LOG_LEVEL = "info"; | ||
|  |       }; | ||
|  |     } | ||
|  |   }; | ||
|  | ``` |